Author Topic: 2 very frustrating problems.. (Read 1322 times)

icewall · « **on:** August 22, 2005, 01:35:05 PM »

1) Yesterday, my cable net connection was cut off for a few hours. When it came back on I start to get error msgs telling my computer to restart. I was infected with W32.Esbot.B around the sametime, but i removed it. Then I scanned with fixblast, fixzotob, and fixesbot tool, online virus scans and none of them found anything. The error msg goes something like this, a little window popsup, says,

"This system is shutting down, please save all work. This shut down was intiated by NT Authority/SYSTEM. Time left xx seconds. The system process C:\winnt\system32\services.exe terminated unexpectly with status code 128"

I am using Win2k pro never had this happen before. I am thinking of doing a reformat but it might not help. I have norton antivirus/firewall on my pc right now..but it isn't doing anything to help.

What did help though is that if i connect through a router, that msg don't seem to come back. But i would really like to fix it with my direct connect. It just seems my direct connect ip is targeted or there is something wrong with it.

2) i tried to update my win2k pro from sp3 to sp4, it gives me an error msg saying that my C:\winnt\system32\drivers\atapi.sys is in use or used by other programs..and that i have to shut it down to update. I have no idea whats it used by nor how to shut it down..cause i don't see it in my tasklist.

Thanks for the time. Please help out

also here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:50:40 PM, on 8/22/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [Config Loader] syste.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CDLIB32P] C:\WINNT\system32\CDLIB32P.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [fUXaetf6r] C:\WINNT\cilohv.exe
O4 - HKLM\..\Run: [Microsoft DOS NTStats] ntstats.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\RunServices: [Config Loader] syste.exe
O4 - HKLM\..\RunServices: [Microsoft DOS NTStats] ntstats.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Shaw Help - {0B57B795-E31F-4E2A-9E9E-5D6F75526646} - http://support.shaw.home.com (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122691627031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O20 - AppInit_DLLs: ,
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

guestolo · « **Reply #1 on:** August 22, 2005, 08:36:42 PM »

Hi icewall, before you reformat, can we try some cleaning on your machine

Can you download the following please

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and Install Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
When installing, Ad-aware may prompt to update, allow it but don't run a scan yet
You are running through a proxy it appears
If you have trouble checking for updates after installation
Try clicking the Check for updates now link and then click the Configure button
Choose use Http Proxy and see if that helps

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/
Again, try checking the Use proxy button if no success

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
DECLINE to Log off or Restart when scan is done.

==Open Ewido Security Suite
Give it time to load
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

NOTE: Don't open any other windows while Ewido is running, please let it do it's job with no interference

Do another scan with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Config Loader] syste.exe

O4 - HKLM\..\Run: [CDLIB32P] C:\WINNT\system32\CDLIB32P.exe

O4 - HKLM\..\Run: [fUXaetf6r] C:\WINNT\cilohv.exe
O4 - HKLM\..\Run: [Microsoft DOS NTStats] ntstats.exe

O4 - HKLM\..\RunServices: [Config Loader] syste.exe
O4 - HKLM\..\RunServices: [Microsoft DOS NTStats] ntstats.exe

O20 - AppInit_DLLs: ,

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode
Run another scan with Hijackthis and post a fresh log
Also include the report from Ewidos

icewall · « **Reply #2 on:** August 23, 2005, 11:34:31 PM »

ok i did the above, here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 9:19:20 PM, on 8/23/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\internat.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Config Loader] syste.exe
O4 - HKLM\..\Run: [CDLIB32P] C:\WINNT\system32\CDLIB32P.exe
O4 - HKLM\..\Run: [fUXaetf6r] C:\WINNT\cilohv.exe
O4 - HKLM\..\Run: [Microsoft DOS NTStats] ntstats.exe
O4 - HKLM\..\RunServices: [Config Loader] syste.exe
O4 - HKLM\..\RunServices: [Microsoft DOS NTStats] ntstats.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Shaw Help - {0B57B795-E31F-4E2A-9E9E-5D6F75526646} - http://support.shaw.home.com (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122691627031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O20 - AppInit_DLLs: ,
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

and here is my ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         8:39:57 PM, 8/23/2005
+ Report-Checksum:      EDD05B9

+ Scan result:

   HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-1343024091-1767777339-839522115-1000\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.62:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.182:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.184:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.186:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.191:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.192:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.255:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.256:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.284:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.285:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.298:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.304:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.305:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.332:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.333:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.334:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.335:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.336:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.337:C:\Documents and Settings\Fan\Application Data\Mozilla\Firefox\Profiles\y114mgmp.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
   :mozilla.6:C:\RECYCLER\NPROTECT\00001595.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\RECYCLER\NPROTECT\00001595.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.9:C:\RECYCLER\NPROTECT\00001596.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001596.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\RECYCLER\NPROTECT\00001597.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\RECYCLER\NPROTECT\00001597.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.9:C:\RECYCLER\NPROTECT\00001598.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001598.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.9:C:\RECYCLER\NPROTECT\00001599.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001599.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.9:C:\RECYCLER\NPROTECT\00001600.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001600.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001601.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001601.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\RECYCLER\NPROTECT\00001603.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\RECYCLER\NPROTECT\00001603.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\RECYCLER\NPROTECT\00001604.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\RECYCLER\NPROTECT\00001604.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.9:C:\RECYCLER\NPROTECT\00001605.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001605.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001606.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001606.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.10:C:\RECYCLER\NPROTECT\00001609.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001609.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.6:C:\RECYCLER\NPROTECT\00001788.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.7:C:\RECYCLER\NPROTECT\00001788.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001790.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001790.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001792.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001792.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001793.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001793.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001794.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001794.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001795.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001795.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001796.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001796.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001799.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001799.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001828.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001828.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001829.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001829.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001830.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001830.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001832.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001832.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001833.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001833.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001834.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001834.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001835.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001835.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001836.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001836.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001844.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001844.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001845.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001845.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001846.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001846.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001847.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001847.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001848.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001848.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.11:C:\RECYCLER\NPROTECT\00001999.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.12:C:\RECYCLER\NPROTECT\00001999.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.17:C:\RECYCLER\NPROTECT\00002000.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.18:C:\RECYCLER\NPROTECT\00002000.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.18:C:\RECYCLER\NPROTECT\00002001.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002001.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002002.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002002.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002004.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002004.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002005.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002005.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002006.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002006.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002007.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002007.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002008.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002008.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002009.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002009.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002010.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002010.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002011.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002011.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002012.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002012.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002019.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002019.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002049.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002049.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002050.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002050.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002051.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002051.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002052.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002052.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002053.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002053.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002054.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002054.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002055.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002055.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002056.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002056.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002057.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002057.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:C:\RECYCLER\NPROTECT\00002058.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.20:C:\RECYCLER\NPROTECT\00002058.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\WINNT\system32\rundll33.exe/nttest.exe -> Backdoor.Iroffer.1213.a : Error during cleaning

::Report End

the last thing i didn't know what to do... Ewido says it cannot delete it, unless it get rid of the archive. so just wondering if its ok to delete the archive.

Also..i just notice below my MSN chat window there is a mini text advertising bar now ..

Thanks for the help.

guestolo · « **Reply #3 on:** August 23, 2005, 11:55:50 PM »

I see you now have SpySweeper and SpywareDoctor installed
Can you disable there realtime protections please until we can get you clean
They can get in the way of any fixes we try

SpySweeper
Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

SpywareDoctor>>If you didn't pay for this I would uninstall it
If you paid for it
Open SpywareDoctor>>Deactiviate Onguard protection

After that is done

Do another scan with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Config Loader] syste.exe
O4 - HKLM\..\Run: [CDLIB32P] C:\WINNT\system32\CDLIB32P.exe
O4 - HKLM\..\Run: [fUXaetf6r] C:\WINNT\cilohv.exe
O4 - HKLM\..\Run: [Microsoft DOS NTStats] ntstats.exe
O4 - HKLM\..\RunServices: [Config Loader] syste.exe
O4 - HKLM\..\RunServices: [Microsoft DOS NTStats] ntstats.exe
O20 - AppInit_DLLs: ,

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Make sure all other windows are closed before you click Fix checked in Hijackthis or it won't work!!!

Reboot into safe mode after

Find and delete the following files if they exist
C:\WINNT\system32\CDLIB32P.exe <-file
C:\WINNT\cilohv.exe <-file
Search for the next ones
ntstats.exe
syste.exe

And the one Ewido couldn't clean
C:\WINNT\system32\rundll33.exe/nttest.exe

Reboot back to Normal mode
Run another scan with hijackthis and post a fresh log

icewall · « **Reply #4 on:** August 24, 2005, 03:47:50 AM »

ok i did exactly as you said, except when i went to safe mode and tried searching for the files.. none of them were there except for that rundll33.exe(deleted), i am assuming they really got deleted this time. Here is my new log.

Logfile of HijackThis v1.99.1
Scan saved at 1:39:55 AM, on 8/24/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\WINNT\htpatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Shaw Help - {0B57B795-E31F-4E2A-9E9E-5D6F75526646} - http://support.shaw.home.com (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122691627031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

guestolo · « **Reply #5 on:** August 28, 2005, 11:04:17 AM »

Very sorry for the delay icewall, the last log looked good
But could I see a fresh one to ensure your still clean
Then we should do some final cleanup procedures

icewall · « **Reply #6 on:** August 28, 2005, 07:28:36 PM »

Its no problem man, thanks for the help. here is my fresh log

Logfile of HijackThis v1.99.1
Scan saved at 5:24:23 PM, on 8/28/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Shaw Help - {0B57B795-E31F-4E2A-9E9E-5D6F75526646} - http://support.shaw.home.com (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122691627031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

guestolo · « **Reply #7 on:** August 28, 2005, 07:41:47 PM »

One final entry in your log for some final cleanup
With all other windows closed, run another scan with hijackthis and fix checked this entry
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Are you able to access Windows Updates?
Can you download and install Service pack 4?
http://www.microsoft.com/windows2000/downl...sp4/default.asp

It may be related to GetRight interfering
If you go directly to Windows updates try disabling GetRight first and see if that helps

icewall · « **Reply #8 on:** August 28, 2005, 08:27:20 PM »

ok i got rid of that file.

but when i try to install sp4, i get this error msg.

inspecting your current config

C:\winnt\system32\drivers\atapi.sys is open or in use by another application.

close all other applications and then click retry.

i closed getright and daemon tools..but i still got the same message.

I have no idea whats using it.

guestolo · « **Reply #9 on:** August 28, 2005, 08:37:30 PM »

Try uninstalling Daemon tools altogether
Restart your computer and try again

icewall · « **Reply #10 on:** August 28, 2005, 09:15:17 PM »

ok i got sp4 installed. here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 7:11:25 PM, on 8/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\spupdsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\Mixer.exe
C:\WINNT\htpatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Shaw Help - {0B57B795-E31F-4E2A-9E9E-5D6F75526646} - http://support.shaw.home.com (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122691627031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

guestolo · « **Reply #11 on:** August 28, 2005, 09:25:00 PM »

Looks good, how's everything?
Seems as if Daemon was the problem with that error
I don't use it but you may want to try the latest version and see if there was a fix

You should install these 2 free utilities for added protection
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

icewall · « **Reply #12 on:** August 28, 2005, 10:11:43 PM »

K Thanks for everything.

regarding the windows shutdown in 60 sec problem, i can't check right now..cause other people are using the net, can't do my direct connect test.

but my msn still got these text advertising thing on the bottom of each chat window..not a big problem..just don't know how it got there and its still there. ( it got there the sameday when my computer decides to shut itself down randomly after startup).

Also if i have spysweeper.. do i still need these 2 other softwares? or should i get rid of sweeper and get these 2 instead?

but still, Thanks very much for all the help.

guestolo · « **Reply #13 on:** August 28, 2005, 10:52:46 PM »

SpywareBlaster and IE-Spyad work a little different than the other protections
Both don't run in the background
Give them a read and install them both
There great utilities

Concerning SpySweeper
It's a legit program, but if you didn't pay for it and are using a Trial Version
Use SpySweeper and check for updates and run a scan

Restart afterwards
Back in Windows
Go ahead and uninstall Spysweeper

Afterwards
Here's another free tool for you to hang onto

Download and Install Spybot 1.4 from
HERE
or HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer

Come back here
I want to check on something

Could I also see a startup list from Hijackthis
*Open HijackThis.
*Click on "Open Misc Tools Section"
*Make sure that both boxes beside "Generate StartupList Log" are checked:

List all minor sections(Full)
and
List Empty Sections(Complete)

Click "Generate StartupList Log".
Click "Yes" at the prompt

A text file will open, copy and paste back here the Whole contents please

P.S. As mentioned, SpySweeper is legit and works well
But if you didn't pay for it
Here's the free tools I recommend for Anti-Spyware tools

Ad-Aware 1.06
Spybot 1.4
Microsoft's Anti-Spyware
You can take a look at the link if you decide to try MAS also
But make sure to run Spybot 1.4

icewall · « **Reply #14 on:** August 29, 2005, 12:07:03 AM »

ok i installed the 2 softwares.. also installed spybot and scanned and fixed red ones. here is my startuplist

StartupList report, 8/28/2005, 10:00:39 PM
StartupList version: 1.52.2
Started from : C:\hijack\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\hijack\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Fan\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
C-Media Mixer = Mixer.exe /startup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

internat.exe = internat.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINNT\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINNT\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\GetRight\xx2gr.dll - {31FF080D-12A3-439A-A2EF-4BA95A3148E8}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

[{3334504D-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab

[{33363249-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/i263_32.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

[Office Update Installation Engine]
InProcServer32 = C:\WINNT\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

[WUWebControl Class]
InProcServer32 = C:\WINNT\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/...b?1122691627031

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

[{8AD9C840-044E-11D1-B3E9-00805F499D93}]

[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7862.8010069444

[ZoneIntro Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

[{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\services.exe (manual start)
ALi PCI to USB Enhanced Host Controller: System32\Drivers\ALIEHCI.sys (autostart)
USB 2.0 Root Hub: system32\DRIVERS\AliRtHub.sys (manual start)
AK driver: \??\C:\WINNT\System32\antiak.sys (autostart)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (autostart)
Computer Browser: %SystemRoot%\System32\services.exe (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Proxy Service: "C:\Program Files\Norton Internet Security\ccPxySvc.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
C-Media PCI Audio Driver (WDM): system32\drivers\cmaudio.sys (manual start)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
3Com EtherLink XL B/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
FAH: "C:\Program Files\FAH\srvany.exe" (disabled)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FsVga: System32\DRIVERS\fsvga.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\Kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (autostart)
Workstation: %SystemRoot%\System32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
Messenger: %SystemRoot%\System32\services.exe (manual start)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050826.018\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050826.018\NavEx15.Sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Internet Security Accounts Manager: "C:\Program Files\Norton Internet Security\NISUM.EXE" (autostart)
NPPTNT2: \??\C:\WINNT\system32\npptNT2.sys (system)
NTACCESS: \??\D:\NTACCESS.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft USB Open Host Controller Driver: System32\DRIVERS\openhci.sys (manual start)
OrangeWare USB 2.0 Root Hub Support: system32\DRIVERS\ousb2hub.sys (manual start)
OrangeWare USB Enhanced Host Controller Service: System32\Drivers\ousbehci.sys (autostart)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\WINNT\system32\Drivers\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\WINNT\system32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
SecDrv: \??\C:\WINNT\System32\drivers\SECDRV.SYS (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGPx.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050816.022\symidsco.sys (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 32,062 bytes
Report generated in 0.188 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

guestolo · « **Reply #15 on:** August 29, 2005, 10:32:56 PM »

Curious about this file on your system
C:\WINNT\System32\antiak.sys
Do you have an Anti-Keylogger installed on your system?

What version of MSN Messenger do you have installed?
Open Messenger>>Click on HELP>>ABOUT

icewall · « **Reply #16 on:** August 29, 2005, 11:57:05 PM »

hmm i used to have antikeylogger installed..but i uninstalled that long ago.

My msn version is 7.0 (build 7.0.0816)

guestolo · « **Reply #17 on:** August 31, 2005, 08:49:09 PM »

Sorry for the delay icewall
I have to admit, I'm not big on personal messengers
Have the standard version
4.7 that comes with XP SP2

But doesn't your version of Messenger come with Advertisements?
From what I've been reading on the Net there is a A-Patch to remove them
Of course this is against Microsoft's Terms of Use so I won't link you too it
Use at your own risk

PM
PM
PM

TheTechGuide Forum

News:

Author Topic: 2 very frustrating problems.. (Read 1322 times)

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..

icewall

2 very frustrating problems..

guestolo

2 very frustrating problems..