Explorer Issue

Discussion about trojans, worms, etc.

Moderator: 127.0.0.1

Explorer Issue

Postby pjserina » Mon Sep 06, 2004 5:26 pm

Hello, I've used this forum once before and got a great deal of help and unfortunatly have been forced to bother all you experts yet again :/
Recently my internet explorer has begun to shut down randomly, and over the passed week I have now been having issues with Explorer itself shuttung down so that I cannot get into My Computer or any other folder. The errors I have been getting for Explorer have been many, including Kernell32.DLL and SHDOCVW.DLL. I ran both adaware and spybot and had spybot clean things it caught but to no avail on the issue. In the fashion as was requested of me last time I have saved the log of adaware for those that can help me. I am running a HP Pavilion N5440 Laptop on ME, Pentium 3, Norton systemworks and firewall. Any help would be greatly appreciated.I have also attatched at the end of this post the log for hijackthis scan as well.

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, September 05, 2004 9:56:39 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R318 13.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan within archives


9-5-2004 9:56:39 PM - Scan started. (Smart mode)

Listing running processes
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279188649
Threads : 8
Priority : High
FileSize : 524 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1991-2000
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294933065
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294892101
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:4 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294894789
Threads : 2
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294841421
Threads : 3
Priority : Normal
FileSize : 124 KB
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
Copyright : Copyright (C) Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:6 [ssdpsrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294858697
Threads : 4
Priority : Normal
FileSize : 55 KB
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
OriginalFilename : ssdpsrv.exe
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 10/27/2003 1:33:11 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 12/13/2001 9:38:12 PM

#:7 [stimon.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294815629
Threads : 5
Priority : Normal
FileSize : 27 KB
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
OriginalFilename : STIMON.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:8 [ccevtmgr.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294821573
Threads : 19
Priority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 11/13/2002 8:44:02 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 11/13/2002 8:44:02 PM

#:9 [csinject.exe]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\
ProcessID : 4294773949
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 7.0.00.15
ProductVersion : 7.0
Copyright : Copyright (c) 1992-2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : csinject
InternalName : CSInject
OriginalFilename : CSInject.exe
ProductName : Norton CleanSweep
Created on : 6/16/2004 7:48:09 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/13/2002 9:00:00 PM

#:10 [nprotect.exe]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\
ProcessID : 4294786777
Threads : 3
Priority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 6/16/2004 7:49:34 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/14/2002 10:03:00 AM

#:11 [symtray.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294789337
Threads : 1
Priority : Normal
FileSize : 84 KB
FileVersion : 2003.6.57
ProductVersion : 2003.6.57
Copyright : Copyright (c) 1997-2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton SystemWorks SymTray
InternalName : SymTray.exe
OriginalFilename : SymTray.exe
ProductName : Norton SystemWorks
Created on : 6/16/2004 8:34:48 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/30/2002 1:46:14 AM

#:12 [nisum.exe]
FilePath : C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\
ProcessID : 4294793373
Threads : 3
Priority : Normal
FileSize : 137 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
OriginalFilename : NISUM.exe
ProductName : Norton Internet Security
Created on : 7/11/2003 11:52:44 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 3/3/2003 5:06:36 PM

#:13 [ccpxysvc.exe]
FilePath : C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\
ProcessID : 4294800613
Threads : 11
Priority : Normal
FileSize : 33 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
OriginalFilename : ccPxySvc.exe
ProductName : Norton Internet Security
Created on : 7/11/2003 11:52:44 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 3/3/2003 5:05:18 PM

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294784509
Threads : 22
Priority : Normal
FileSize : 220 KB
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:15 [stmgr.exe]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294699425
Threads : 5
Priority : Normal
FileSize : 60 KB
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
OriginalFilename : StateMgr.exe
ProductName : Microsoft (r) PCHealth
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:16 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294596881
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:17 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294587805
Threads : 2
Priority : Normal
FileSize : 36 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:18 [essd.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294565537
Threads : 1
Priority : Normal
FileSize : 252 KB
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
Copyright : Copyright (C) 2001
CompanyName : ESS Technology, Inc.
FileDescription : ESSDaemon MFC Application
InternalName : ESSDaemon
OriginalFilename : ESSDaemon.EXE
ProductName : ESSDaemon Application
Created on : 2/28/2001 3:08:59 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 2/14/2001 2:28:12 PM

#:19 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294509993
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:20 [cp32nbtn.exe]
FilePath : C:\PROGRAM FILES\ONE-TOUCH\
ProcessID : 4294766213
Threads : 1
Priority : Normal
FileSize : 48 KB
FileVersion : 1.00
ProductVersion : 2.14.2000 ( VC60 )
Copyright : Copyright
CompanyName : Dritek System Inc.
FileDescription : HP One-Touch Buttons ( Multi-Language )
InternalName : CP32NBtn
OriginalFilename : CP32NBtn.exe
ProductName : Dritek System Inc. CP32NBtn
Created on : 2/28/2001 3:21:05 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 11/21/2000 2:21:54 PM

#:21 [prpcui.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294529469
Threads : 1
Priority : Normal
FileSize : 32 KB
FileVersion : 1.1.0.0
ProductVersion : 1.1.0.0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : Intel(R) SpeedStep(TM) technology User Interface
InternalName : prpcui.exe
OriginalFilename : prpcui.exe
ProductName : Intel(R) SpeedStep(TM) technology applet
Created on : 2/28/2001 3:45:49 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 1/6/2000 12:00:00 PM

#:22 [irmon.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294478513
Threads : 6
Priority : Normal
FileSize : 54 KB
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Infrared Monitor
InternalName : irmon.dll
OriginalFilename : irmon.dll
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 10/24/2003 2:23:44 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:23 [winpppoverethernet.exe]
FilePath : C:\PROGRAM FILES\IVASION\WINPOET\
ProcessID : 4294612153
Threads : 5
Priority : Normal
FileSize : 232 KB
FileVersion : 2.1
ProductVersion : 2.1
Copyright : Copyright
CompanyName : Wind River Systems, Inc.
FileDescription : WinPPPoverEthernet Application for Win 95/98, Win NT 4.0, and Win 2000
InternalName : WinPPPoverEthernet
OriginalFilename : WinPPPoverEthernet.EXE
ProductName : WinPPPoverEthernet Application
Created on : 10/24/2003 2:02:10 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 3/20/2001 4:58:52 PM

#:24 [exshow95.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294506833
Threads : 1
Priority : Normal
FileSize : 44 KB
FileVersion : 5.6r2
ProductVersion : 5.6r2
Copyright : Copyright
CompanyName : Kensington Technology Group
FileDescription : Kensington MouseWorks Win32 Support
InternalName : KMOUSE
OriginalFilename : EXSHOW95.EXE
ProductName : Kensington MouseWorks Driver
Created on : 10/27/2003 1:50:34 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 2/16/2001 6:37:04 PM

#:25 [exshow.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294451405
Threads : 1
Priority : Normal
FileSize : 360 KB
FileVersion : 5.6r2
ProductVersion : 5.6r2
Copyright : Copyright
CompanyName : Kensington Technology Group
FileDescription : Kensington MouseWorks Win32 Support
InternalName : KMOUSE
OriginalFilename : EXSHOW.EXE
ProductName : Kensington MouseWorks Driver
Created on : 10/27/2003 1:50:34 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 2/16/2001 7:44:14 PM

#:26 [hidserv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294427533
Threads : 1
Priority : Normal
FileSize : 25 KB
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
OriginalFilename : HIDSERV.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/6/2004 11:04:35 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:27 [ccapp.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294427905
Threads : 31
Priority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 6/16/2004 8:34:32 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 12/2/2003 8:11:04 PM

#:28 [realsched.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294363641
Threads : 2
Priority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 12/21/2003 5:34:43 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 12/21/2003 5:34:44 PM

#:29 [spool32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294442065
Threads : 4
Priority : Normal
FileSize : 44 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1994 - 1998
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
OriginalFilename : spool32.exe
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:30 [lexbces.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294643225
Threads : 6
Priority : Normal
FileSize : 278 KB
FileVersion : 5,12,00,00
ProductVersion : 5,12,00,00
Copyright : (C) 1993 - 2000 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 10/24/2003 2:13:25 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/7/2000 4:38:06 PM

#:31 [rpcss.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294307221
Threads : 5
Priority : Normal
FileSize : 20 KB
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
OriginalFilename : rpcss.exe
ProductName : Microsoft(R) Windows NT(TM) Operating System
Created on : 1/1/1601
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:32 [teatimer.exe]
FilePath : C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\
ProcessID : 4294290065
Threads : 3
Priority : Idle
FileSize : 1014 KB
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
OriginalFilename : TeaTimer.exe
ProductName : Spybot - Search & Destroy
Created on : 5/12/2004 5:03:00 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 5/12/2004 5:03:00 AM

#:33 [csinsm32.exe]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\
ProcessID : 4294269165
Threads : 6
Priority : Normal
FileSize : 208 KB
FileVersion : 7.0.00.15
ProductVersion : 7.0
Copyright : Copyright (c) 1992-2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton CleanSweep Install Monitor
InternalName : CSINSM
OriginalFilename : CSINSM*.EXE
ProductName : Norton CleanSweep
Created on : 6/16/2004 7:48:10 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/13/2002 9:00:00 PM

#:34 [acrotray.exe]
FilePath : C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\
ProcessID : 4294233417
Threads : 1
Priority : Normal
FileSize : 48 KB
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
Copyright : Copyright
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
OriginalFilename : AcroTray.exe
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
Created on : 6/27/2004 5:46:39 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 3/15/2001 9:18:18 AM

#:35 [monwow.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton CleanSweep\
ProcessID : 4294181629
Threads : 1
Priority : Normal
FileSize : 4 KB
FileVersion : 7.00.0004
ProductVersion : 7.00
Copyright : Copyright
CompanyName : Symantec Corporation
FileDescription : Norton SmartSweep for NT WOW monitor
InternalName : MONWOW
OriginalFilename : MonWOW.EXE
ProductName : Norton CleanSweep
Created on : 6/16/2004 7:48:07 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/13/2002 9:00:00 PM

#:36 [odhost.exe]
FilePath : C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\
ProcessID : 4294148149
Threads : 9
Priority : Normal
FileSize : 24 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2003
FileDescription : Odyssey COM Host
InternalName : OdHost
OriginalFilename : Odhost.exe
Created on : 8/17/2004 10:25:16 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 11/22/2003 6:26:22 PM

#:37 [wpc54cfg.exe]
FilePath : C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\
ProcessID : 4294178197
Threads : 5
Priority : Normal
FileSize : 5204 KB
FileVersion : 2.0.0.18
ProductVersion : 1.3.0.1
Copyright : Copyright (C) 2003, Linksys
CompanyName : The Linksys Group, Inc.
FileDescription : Linksys Instant WLAN Monitor
InternalName : WLANMonitor.EXE
OriginalFilename : WLANMonitor.EXE
ProductName : Linksys Instant WLAN Monitor
Created on : 8/17/2004 10:25:18 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 1/15/2004 3:11:00 AM

#:38 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4250401773
Threads : 2
Priority : Realtime
FileSize : 32 KB
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 10/27/2003 1:29:49 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 12/12/2002 4:14:32 AM

#:39 [wuauboot.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294554653
Threads : 5
Priority : Idle
FileSize : 104 KB
FileVersion : 5.4.5681.0
ProductVersion : 5.4.5681.0
CompanyName : Microsoft Corporation
FileDescription : Microsoft AutoUpdate
InternalName : WUAUBOOT.EXE
OriginalFilename : WUAUBOOT.EXE
ProductName : Windows Update - AutoUpdate feature
Created on : 10/27/2003 1:37:20 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/16/2002 1:37:14 PM

#:40 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4250295693
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/14/2004 10:04:18 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ
New objects : 0
Objects found so far: 0


Started registry scan
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ

NavExcel Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NavHelper


NavExcel Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\NavExcel


Registry scan result :
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ
New objects : 2
Objects found so far: 2


Started deep registry scan
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ

Deep registry scan result :
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ
New objects : 0
Objects found so far: 2


ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ

Tracking Cookie Object recognized!
Type : File
Data : default@overture[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/26/2004 5:45:29 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/26/2004 5:45:30 AM



Tracking Cookie Object recognized!
Type : File
Data : default@z1.adserver[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/3/2004 12:36:02 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 12:36:04 AM



Tracking Cookie Object recognized!
Type : File
Data : default@ad-logics[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/30/2004 8:51:12 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/30/2004 8:51:14 PM



Tracking Cookie Object recognized!
Type : File
Data : default@bravenet[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/22/2004 2:17:56 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/22/2004 2:17:58 AM



Tracking Cookie Object recognized!
Type : File
Data : default@euniverseads[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/2/2004 5:17:11 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/2/2004 5:17:12 PM



Tracking Cookie Object recognized!
Type : File
Data : default@gator[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/5/2004 11:03:56 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/5/2004 11:03:58 PM



Tracking Cookie Object recognized!
Type : File
Data : default@casalemedia[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/27/2004 8:36:03 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/27/2004 8:36:04 PM



Tracking Cookie Object recognized!
Type : File
Data : default@cgi-bin[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/25/2004 5:05:55 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/25/2004 5:05:56 PM



Tracking Cookie Object recognized!
Type : File
Data : default@centrport[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/12/2004 11:34:40 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/12/2004 11:34:42 PM



Tracking Cookie Object recognized!
Type : File
Data : default@as-us.falkag[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/23/2004 9:24:37 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/23/2004 9:24:38 PM



Tracking Cookie Object recognized!
Type : File
Data : default@citi.bridgetrack[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/18/2004 12:55:28 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/18/2004 12:55:30 AM



Tracking Cookie Object recognized!
Type : File
Data : default@questionmarket[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/26/2004 4:28:35 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/26/2004 4:28:36 AM



Tracking Cookie Object recognized!
Type : File
Data : default@goclick[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/18/2004 1:06:24 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/18/2004 1:06:26 AM



Tracking Cookie Object recognized!
Type : File
Data : default@qksrv[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/30/2004 8:44:22 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/30/2004 8:44:24 PM



Tracking Cookie Object recognized!
Type : File
Data : default@adrevolver[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/22/2004 2:14:15 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/22/2004 2:14:16 AM



Tracking Cookie Object recognized!
Type : File
Data : default@kliks[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/18/2004 10:10:47 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/18/2004 10:10:48 PM



Tracking Cookie Object recognized!
Type : File
Data : default@zedo[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/27/2004 8:37:39 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/27/2004 8:37:40 PM



Tracking Cookie Object recognized!
Type : File
Data : default@ads.tripod.lycos.co[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/19/2004 12:42:45 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/19/2004 12:42:46 AM



Tracking Cookie Object recognized!
Type : File
Data : default@statcounter[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/22/2004 3:10:45 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/22/2004 3:10:46 AM



Tracking Cookie Object recognized!
Type : File
Data : default@revenue[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/21/2004 8:48:46 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/21/2004 8:48:48 PM



Tracking Cookie Object recognized!
Type : File
Data : default@landing.domainsponsor[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/21/2004 8:48:45 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/21/2004 8:48:46 PM



Tracking Cookie Object recognized!
Type : File
Data : default@domainsponsor[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/21/2004 8:48:45 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/21/2004 8:48:46 PM



Tracking Cookie Object recognized!
Type : File
Data : default@pro-market[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/30/2004 7:13:11 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/30/2004 7:13:12 PM



Tracking Cookie Object recognized!
Type : File
Data : default@hc2.humanclick[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/22/2004 3:13:51 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/22/2004 3:13:52 AM



Tracking Cookie Object recognized!
Type : File
Data : default@2o7[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/2/2004 9:57:50 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/2/2004 9:57:52 PM



Tracking Cookie Object recognized!
Type : File
Data : default@toteme[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/25/2004 5:27:51 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/25/2004 5:27:52 PM



Tracking Cookie Object recognized!
Type : File
Data : default@tripod[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/3/2004 2:55:16 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 2:55:18 AM



Tracking Cookie Object recognized!
Type : File
Data : default@hotlog[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/6/2004 1:20:49 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/6/2004 1:20:50 AM



Tracking Cookie Object recognized!
Type : File
Data : default@bluestreak[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/3/2004 12:09:28 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 12:09:30 AM



Tracking Cookie Object recognized!
Type : File
Data : default@tmpad[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/30/2004 6:33:18 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/30/2004 6:33:20 PM



Tracking Cookie Object recognized!
Type : File
Data : default@trafficmp[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/30/2004 6:33:18 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/30/2004 6:33:20 PM



Tracking Cookie Object recognized!
Type : File
Data : default@realmedia[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/3/2004 2:55:15 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 2:55:16 AM



Tracking Cookie Object recognized!
Type : File
Data : default@csavings.adbureau[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 8/30/2004 8:45:22 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 8/30/2004 8:45:24 PM



Tracking Cookie Object recognized!
Type : File
Data : default@a.as-us.falkag[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/2/2004 8:49:00 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/2/2004 8:49:02 PM



Tracking Cookie Object recognized!
Type : File
Data : default@tribalfusion[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/3/2004 7:47:42 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 7:47:44 PM



Tracking Cookie Object recognized!
Type : File
Data : default@maxserving[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/3/2004 7:47:50 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 7:47:52 PM



Tracking Cookie Object recognized!
Type : File
Data : default@edge.ru4[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\
FileSize : 1 KB
Created on : 9/3/2004 12:39:37 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 12:39:38 AM



Tracking Cookie Object recognized!
Type : File
Data : default@www8.paypopup[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/3/2004 2:53:34 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/3/2004 2:53:36 AM



Tracking Cookie Object recognized!
Type : File
Data : default@fastclick[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/5/2004 11:04:00 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/5/2004 11:04:02 PM



Tracking Cookie Object recognized!
Type : File
Data : default@cgi-bin[3].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/5/2004 10:36:35 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/5/2004 10:36:36 PM



Tracking Cookie Object recognized!
Type : File
Data : default@247realmedia[1].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/5/2004 10:36:40 PM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/5/2004 10:36:42 PM



Tracking Cookie Object recognized!
Type : File
Data : default@spylog[2].txt
Object : C:\WINDOWS\Application Data\Earthlink\6.0\pjserina3@earthlink.net\Cookies\

Created on : 9/6/2004 1:21:25 AM
Last accessed : 9/5/2004 4:00:00 AM
Last modified : 9/6/2004 1:21:26 AM


ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ


Deep scanning and examining files (C:)
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ


Performing conditional scans..
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ

NavExcel Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : APPID\nhelper.dll


NavExcel Object recognized!
Type : Folder
Object : c:\program files\NavExcel


NavExcel Object recognized!
Type : Folder
Object : c:\program files\navexcel\NavHelper


NavExcel Object recognized!
Type : File
Data : v2.0.4c
Object : c:\program files\navexcel\navhelper\

Created on : 7/30/2004 4:56:00 AM
Last accessed : 7/30/2004 4:00:00 AM
Last modified : 7/30/2004 4:56:02 AM



Conditional scan result:
ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ
New objects : 4
Objects found so far: 48





HIJACKTHIS SCAN
Logfile of HijackThis v1.97.7
Scan saved at 6:18:57 PM, on 9/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\ESSD.EXE
C:\PROGRAM FILES\ONE-TOUCH\CP32NBTN.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\IVASION\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\EXSHOW95.EXE
C:\WINDOWS\SYSTEM\EXSHOW.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\ODHOST.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\WPC54CFG.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\CCHELPER.DLL
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)
O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINDOWS\SYSTEM\PDF1707.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\POPUPUS.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ESS Daemon] C:\WINDOWS\ESSD.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\SYSTEM\PDF1707.DLL
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~1\CCPXYSVC.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRAM FILES\SPYWARE-COP\SPYWARE-COP.EXE" /s
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .mp4: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpv: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/go/business-notebook
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 7494328704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/sh ... tor/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://www.platoweb01.com/pathways/pway ... lninst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
Last edited by pjserina on Mon Sep 06, 2004 6:20 pm, edited 1 time in total.
pjserina
n00b
n00b
 
Posts: 6
Joined: Sun Sep 05, 2004 10:51 pm

Postby kindred » Mon Sep 06, 2004 5:54 pm

Hello and welcome back can you download the program hijack this form the link. and post it backinthesamethreadThanks .. http://www.tomcoyote.org/hjt/
User avatar
kindred
HiJack This Team Leader
 
Posts: 68
Joined: Sat Sep 04, 2004 8:36 pm
Location: Wisconsin

Postby pjserina » Mon Sep 06, 2004 8:15 pm

hello, I already have hijackthis and have placed the log in the original post.
pjserina
n00b
n00b
 
Posts: 6
Joined: Sun Sep 05, 2004 10:51 pm

Postby kindred » Mon Sep 06, 2004 8:24 pm

ok didnt see the edit!! Will look it over
User avatar
kindred
HiJack This Team Leader
 
Posts: 68
Joined: Sat Sep 04, 2004 8:36 pm
Location: Wisconsin

Postby kindred » Mon Sep 06, 2004 8:40 pm

First you have a virus MASTERLOCK... PLease go here and have it clean that file up..

http://www.pandasoftware.com/activescan/com/activescan_principal.htm


Then rerun hijack this and have it fix these items
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
If you have the paid version of weatherbug its ok but if it is the freeware it has tons of spywear in it. Go to add remove programs and remove weatherbug then have hjthis fix it.
O9 - Extra button: WeatherBug (HKCU)

Windows ME and XP have a feature known as System Restore, which creates backups of certain files in the _Restore folder.

The System Restore feature usually backs up files with EXE or COM extensions, which may include infected files and malware programs. Files in the _Restore folder are protected and can only be accessed using System Restore.

This feature must be disabled before cleaning any found virii, trojans or other malware whether using an anti-virus program or removing manually.

For Windows ME

Right-click the My Computer icon on the Desktop and click Properties.
Click the Performance tab.
Click the File System button.
Click the Troubleshooting tab.
Select Disable System Restore.
Click Apply > Close > Close.
When prompted to restart, click Yes.
Press F8 while the system restarts.
Choose Safe Mode then hit the Enter key.
After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Disable System Restore and restarting your system normally.

Firstly,

Post back here files that can't be deleted.

Secondly,
The first thing I want you to do If you haven't already is please download SpybotS&D here http://www.majorgeeks.com/download2471.html After install click start>program files>Spybot Search & Destroy>SpybotS&D(easy mode). Check for and install ALL updates listed. Click the 'immunize' on the left and protect against all. Click the "search and destroy" button in the left hand pane, then over to "check for problems". After the scan, any finds will be listed in RED. Let it fix and remove all items.

Reboot

There is a new and improved version of AdAware that you need to have installed on your computer. The new version is AdAware SE
If you have AdAware already installed on your system and it's NOT SE go to your Control Panel and click on Add/Remove Programs. Click on AdAware and then REMOVE and then just complete the removal process.

Once it's un-installed go to http://www.lavasoft.de/ and download the FREE version of AdAware SE. Once it's downloaded double click on the new file to start the install process.
Click Next>I accept>Next>Next> then be sure and put a dot in the bullet for Anyone Who uses this computer and then click Next>Next>

In the next dialog box remove the dot in the bullets "Start Scan" and also "Launch Help Files" and click Finish

Now if the program doesn't launch double click on the icon that should now be on your desktop to start AdAware SE

Now click on the button for Check for Updates
If updates are found click on the OK button and after it downloads to 100% click on the Finish button.

Click the Start Button
Click on the link for Customize
in the Main Window under Scan Settings
click on the red X in front of Scan within archives to change it to a green check

Then click on the button on the left labeled Advanced
click on the red X in front of Move deleted files to Recycle Bin to change it to a green check
click on the red X in front of Include Environment Information to change it to a green check

Then click on the button on the left labeled Defaults
click on the Read current settings from system

Then click on the button on the left labeled Tweak
Click on the (+) in front of Scanning Engine to expand the group
click on the red X in front of Obtain Command line of scanned processes to change it to a green check
click on the red X in front of Run scan as background process to change it to a green check
click on the red X in front of Use permanent archive caching to change it to a green check

Click on the (+) in front of Cleaning Engine to expand the group
click on the red X in front of Disable manual quarantine if auto-quarantine is selected to change it to a green check

Click on the (+) in front of Safety Settings to expand the group
click on the red X in front of Reanalyze results after scanning . . . to change it to a green check
click on the red X in front of Write protect system files after repair to change it to a green check

Click on the (+) in front of Log File to expand the group
click on the red X Create Log File for removal operations to change it to a green check

Click on the (+) in front of User Interface to expand the group
click on the red X Remember window positions to change it to a green check
click on the red X Snap windows to desktop borders to change it to a green check
click on the red X Use gridlines in results list to change it to a green check

Click on the (+) in front of Web Update Settings to expand the group
click on the red X Create and save WebUpdate log file to change it to a green check

Click on the (+) in front of Misc settings to expand the group
click on the red X Dump details about unhandled exceptions to disk to change it to a green check


Then click on the button at the bottom right labeled Proceed then click the Next button to start scanning.

Once the scan is complete you'll have a flashing Bug and a brief sound to indicate scanning is complete and Adware is found. Click on the Next and then click on each of the empty boxes to the left of the found items under SCAN SUMMARY. Then hit the Next button. Then OK. This should clean your system of all the found nasties. When it's complete simply close the program until your next scan session. Always ALWAYS check for updates before every scan.

Reboot

Post us a fresh HijackThis log afterwards
Thanks
User avatar
kindred
HiJack This Team Leader
 
Posts: 68
Joined: Sat Sep 04, 2004 8:36 pm
Location: Wisconsin

Postby pjserina » Tue Sep 07, 2004 9:28 am

First, of all let me just thank you so very much for all of the help! It is greatly appreciated.

I have gone through your list of instructions and perfromed them all. The newhijackthis log follows. However, opening My Computer or any other folder still does not work as I get the numerous error messages, including SHDOCVW.DLL. I have been following your instructions by using the Run feature as the original problems appears to still exist :/

Logfile of HijackThis v1.97.7
Scan saved at 9:27:58 AM, on 9/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ESSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ONE-TOUCH\CP32NBTN.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\IVASION\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\EXSHOW95.EXE
C:\WINDOWS\SYSTEM\EXSHOW.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\ODHOST.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\WPC54CFG.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\CCHELPER.DLL
O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINDOWS\SYSTEM\PDF1707.DLL
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\POPUPUS.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ESS Daemon] C:\WINDOWS\ESSD.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\SYSTEM\PDF1707.DLL
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~1\CCPXYSVC.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRAM FILES\SPYWARE-COP\SPYWARE-COP.EXE" /s
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .mp4: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpv: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/go/business-notebook
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 7494328704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/sh ... tor/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://www.platoweb01.com/pathways/pway ... lninst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
pjserina
n00b
n00b
 
Posts: 6
Joined: Sun Sep 05, 2004 10:51 pm

Postby kindred » Tue Sep 07, 2004 9:38 am

OK downlaod this program and run it and let it delete what it wants to. You registry is corrupt from all the Kernal.dll error. I would try reinstalling Internet explorer as well. Dont seem much wrong with your log. Nothing that would do that at leasat

http://www.321download.com/LastFreeware/
User avatar
kindred
HiJack This Team Leader
 
Posts: 68
Joined: Sat Sep 04, 2004 8:36 pm
Location: Wisconsin

Postby pjserina » Tue Sep 07, 2004 11:21 am

I'm guessing you want me to choose the regcleaner program from that link. Doing that now. Am I able to install just explorer (not internet) without losing a bunch of information or is one of those have to do a full reformat to get it to reinstall kinda thing?
pjserina
n00b
n00b
 
Posts: 6
Joined: Sun Sep 05, 2004 10:51 pm

Postby kindred » Tue Sep 07, 2004 11:34 am

no you just want to reisntall Internet explorer. from here

http://support.microsoft.com/?kbid=258893
And dont downlaod regclenaer!! Download jv16powertools. Regcleaner is a little biut different. powertools wont mess up your pc!
User avatar
kindred
HiJack This Team Leader
 
Posts: 68
Joined: Sat Sep 04, 2004 8:36 pm
Location: Wisconsin

Postby pjserina » Tue Sep 07, 2004 11:45 am

Ok I have gotten powertools though, I know its silly, I'm having trouble working it. i've gotten into the reg cleaner part, checked everything off then tried to clean but didn't get any response other than a quick flash window that I couldn't catch what it said. It appears that my internet explorer has been doing as of late but i may be lucky. I will reinstall IE, but is there anythign else i can do to fix my Explorer as that is the main problem I'm having?
pjserina
n00b
n00b
 
Posts: 6
Joined: Sun Sep 05, 2004 10:51 pm

Postby kindred » Tue Sep 07, 2004 11:48 am

fixing explorer mean doing a repair install(if you dont want to lose anything) or a reformat(if you dont mind losing everything) No easy way to fix it. But repiar is a much easier process and does not mess with your files!
User avatar
kindred
HiJack This Team Leader
 
Posts: 68
Joined: Sat Sep 04, 2004 8:36 pm
Location: Wisconsin

Postby pjserina » Tue Sep 07, 2004 1:08 pm

Again I know, daft, but, to do the repair (as there is no WAY I want to lose stuff), do I need to use the restore disc that came with my laptop or can i simply use a repair function somewhere within my accessories?


Heh, getting better all the time it seems. I am now getting C++ Runtime errors on occasion when I attempt to reboot. I attempted to use my recovery disk to "repair" Explorer and my cd drive is not recognizing presence of the disk. My external burner drive does see the cd and I can browse it but I have no idea which of these exe's I should be using. When I reformated previously I simply rebooted the machine with the recovery disk inserted. Since my cd drive is not seeing the disk, that has not worked :/
pjserina
n00b
n00b
 
Posts: 6
Joined: Sun Sep 05, 2004 10:51 pm

Postby kostyanj » Tue Sep 07, 2004 3:53 pm

USE THE EDIT BUTTON, DON'T DOUBLE POST!!!!
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am


Return to Virii/Spyware/Trojans/Worms

Who is online

Users browsing this forum: No registered users and 1 guest

cron