I've got that dreaded SVCHOST.EXE problem. The one where you get application errors that read "the instructions at referenced memory cannot be read" as soon as I start up my laptop. However, my SVCHOST problem has done something that I have not seen it do to others while I researched on this. It has prevented me from connecting to the internet. The only way I can connect is while in Safe Mode. While not in safe mode, when I try to connect my Local Area Connection, it will say LAN can not be found. And it won't allow me to set up a new internet connection either. I have scanned my PC with Synmantec and have come up with nothing. Using the program "Absolute Startup", I have been able to determine the source of my problem while experimenting with the services on startup. When I disable "svchost.exe -k netsvcs", also known as Remote Access (Auto) Connection Manager I stop receiving the application errors, however I still can not connect online because obviously, these services are needed by Windows 2000 to operate and go online. I've also disabled Automatic Windows Updates because that's often been cited as the source of this headache, but that hasn't solved anything either. I got this problem originally from opening an .exe file that I shouldn't have opened. Here is my hijackthis file, any help or suggestions is greatly appreciated. This is taken during normal boot, if my safe mode log is needed too, just ask.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:51 PM, on 3/13/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\rsvp.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINNT\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1179892421\ee\aolsoftware.exe
C:\program files\common files\aol\1179892421\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1179892421\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackCheck\Hcheck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://live.xbox.com/en-US/profile/Friends.aspx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINNT\system32\WLTRAY
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\Run: [Internat.exe] internat.exe (User 'ASPNET')
O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'ASPNET')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AirFortress® Client.lnk = ?
O4 - Global Startup: FMTP.lnk = C:\WINNT\Support_Files\ifmem.bat
O4 - Global Startup: FMTPprinter.lnk = C:\WINNT\Support_Files\printer.bat
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134589117044
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143753340215
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9758C124-7DE9-4E40-8FA8-9A680ACA1457}: NameServer = 85.255.112.88,85.255.112.236
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NFServer - Unknown owner - C:\Program Files\Fortress\AirFortress® Client\NFServer.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe

--
End of file - 10679 bytes

Hi newromecity, welcome to SAF

SVCHOST is a legit Windows file, unless it resides in a wrong folder.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Go to your Control Panel, add-remove programs. and uninstall ViewPoint.

Download FixWareout from http://www.4shared.com/file/40178743/91522...areout.html?s=1

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they are still there:

O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\Run: [Internat.exe] internat.exe (User 'ASPNET')

O17 - HKLM\System\CCS\Services\Tcpip\..\{9758C124-7DE9-4E40-8FA8-9A680ACA1457}: NameServer = 85.255.112.88,85.255.112.236

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

Should you have problems connecting to the internet after the fix, follow these instrutions.
<Start -> Control Panel Network Connections. Right-click on your default connection (usually Local Area Connection or Dial-up Connection if you are using Dial-up) and leftclick on Properties. Doubleclick on the Internet Protocol (TCP/IP) item and select the button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.

If HJT does not start, click and run it.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake (some entries may no longer be there, though).:

O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\Run: [Internat.exe] internat.exe (User 'ASPNET')

O17 - HKLM\System\CCS\Services\Tcpip\..\{9758C124-7DE9-4E40-8FA8-9A680ACA1457}: NameServer = 85.255.112.88,85.255.112.236

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236

Click on Fix Checked when finished and exit HijackThis

Post the FixWareout report along with a fresh HJT log.

Chris

Thanks for the help Chris. Below are both the new hijack file and fixwareout report.

A couple of notes, while in regular boot, I could not access the Control panel to reset the network connection, I had to go into Safe Mode to do so. In regular boot, I got the following messages...

"Cannot find the file (null) or one of its components. Make sure the path and filename are correct and that all required libraries are available."

and also

"Access to specified device, path or file is denied."

Also, the desktop is not visible.

I was able to access Hijack this though because I have it under programs in the Start Menu. Everything else though, I have to do under Safe Mode.

The SVCHOST.EXE application error continues to pop up, and I also noticed that the processes take up 100% CPU Usage, eating up all my memory.

Username "Administrator" - 03/13/2009 21:15:07 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"Dell Wireless Manager UI"="C:\\WINNT\\system32\\WLTRAY"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"Synchronization Manager"="mobsync.exe /logon"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:03 PM, on 3/13/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINNT\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINNT\system32\mobsync.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Fortress\AirFortress® Client\NFRemote.exe
C:\Program Files\Common Files\AOL\1179892421\ee\aolsoftware.exe
C:\program files\common files\aol\1179892421\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1179892421\ee\aolsoftware.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Hcheck.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://live.xbox.com/en-US/profile/Friends.aspx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINNT\system32\WLTRAY
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'ASPNET')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AirFortress® Client.lnk = ?
O4 - Global Startup: FMTP.lnk = C:\WINNT\Support_Files\ifmem.bat
O4 - Global Startup: FMTPprinter.lnk = C:\WINNT\Support_Files\printer.bat
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134589117044
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143753340215
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NFServer - Unknown owner - C:\Program Files\Fortress\AirFortress® Client\NFServer.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe

--
End of file - 9659 bytes

According to your HJT log, the SVCHOST file is running from its proper folder. The wareout infection seems to be gone.

You may have other infections associated with it, and there is a possibility that they are interfering with the normal system behavior.

- Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").

- Download Malwarebytes Anti-Malware from http://www.majorgeeks.com/Malwarebyte'...ware_d5756.html to the desktop.

- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both these checked:
- Update Malwarebytes Anti-Malware
- Launch Malwarebytes Anti-Malware
- Then click Finish.

- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
- On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
- The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.

- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply along with a fresh HijackThis log and exit MBAM.

NB - If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.

Post the mbam report along with a fresh HJT log.

Chris

Very frustrating. MBAM will not run automatically. It's installed and it's there but it won't open when I click on it, nor will it open automatically after setup.

Try to rename mbam.exe to see if any improvement.

Also, download RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop and run it there.

Post the log it generates.

Chris

MBAM.exe still doesn't run. As for RSIT, I get the following message...

"AutoIt Error

Line - 1:

Error: Incorrect number of parameters in function call."

Question. In the first hijack log, you had me fix the error of internat.exe. I believe there are two more instances of it though in the 2nd hijack log under 04, do those matter or are they supposed to remain?

internat.exe may either be a Windows legit program (keyboard language) or Added by the Backdoor.AntiLam.20.K.

Name: SVCHOST
Filename: internat.exe

This one can give a hacker access to your system.

Since it's coming back, I need you to run the other tools to be sure.

This will be a shot in the dark...

Download Combofix to your desktop by clicking here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Close all windows and any program on your system tray. Do not mouseclick or type anything while combofix is running. That may cause it to stall.

You can safely ignore warnings about not having the recovery console installed. Run it only once !

Post the Combofix report along with a fresh HJT log.

Chris

ComboFix detected something known as rootkit activity on my PC. Here's the report. I will post a fresh HJT following this post.

ComboFix 09-03-14.01 - Administrator 2009-03-15 12:05:20.1 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Administrator\Application Data\WeatherDPA
c:\documents and settings\Administrator\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA_kyf_update.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
c:\recycler\S-3-0-30-100026831-100028940-100024868-8434.com
C:\resycled
c:\winnt\packet.dll
c:\winnt\pthreadVC.dll
c:\winnt\system32\drivers\gaopdxttrpbqbapsxwnomujnklftjuyfuxbhxe.sys
c:\winnt\system32\gaopdxcounter
c:\winnt\system32\gaopdxphvtomuwykrvmswiyobobqmcxcrvooda.dll
c:\winnt\Web\default.htt
c:\winnt\wpcap.dll
D:\Autorun.inf
d:\recycler\S-3-0-30-100026831-100028940-100024868-8434.com
D:\resycled
E:\Autorun.inf
e:\recycler\S-3-0-30-100026831-100028940-100024868-8434.com
E:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_IPRIP
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 04:16 . 09-03-15 04:16 588,502 ---h----- c:\winnt\ShellIconCache
2009-03-14 23:52 . 09-03-14 23:52 <DIR> d-------- C:\rsit
2009-03-14 13:05 . 09-03-14 13:05 <DIR> d-------- c:\program files\MBAM
2009-03-14 13:05 . 09-03-14 13:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 13:05 . 09-02-11 10:19 38,496 --a------ c:\winnt\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-14 13:05 . 09-02-11 10:19 15,504 --a------ c:\winnt\SYSTEM32\DRIVERS\mbam.sys
2009-03-14 12:37 . 09-03-14 12:37 <DIR> d-------- c:\program files\CCleaner
2009-03-13 20:19 . 09-03-13 21:21 <DIR> d-------- C:\fixwareout
2009-03-13 14:16 . 09-03-13 14:36 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 21:30 . 09-03-12 21:30 <DIR> d-------- c:\program files\F-Group
2009-03-12 20:59 . 07-08-22 13:10 400,890 --a------ C:\txtsetup.sif
2009-03-12 20:59 . 05-07-13 23:06 259,776 --a------ C:\$LDR$
2009-03-12 20:55 . 09-03-12 20:55 <DIR> d-------- C:\$WIN_NT$.~LS
2009-03-12 20:55 . 09-03-12 20:55 <DIR> d-------- C:\$WIN_NT$.~BT
2009-03-12 14:02 . 09-03-12 15:41 <DIR> d-------- c:\program files\Ascentive
2009-03-12 14:02 . 08-11-07 17:58 223,232 --a------ c:\winnt\SYSTEM32\sqlite3.dll
2009-03-12 14:02 . 09-02-10 18:05 208,896 --a------ c:\winnt\SYSTEM32\ConTest.dll
2009-03-12 14:02 . 08-11-07 17:58 86,016 --a------ c:\winnt\SYSTEM32\SQLiteWrapper.dll
2009-03-12 14:02 . 08-11-06 16:04 36,864 --a------ c:\winnt\SYSTEM32\ascbalon.dll
2009-03-12 14:02 . 08-11-06 16:04 20,480 --a------ c:\winnt\SYSTEM32\SysRestore.dll
2009-03-12 00:33 . 09-03-12 01:20 <DIR> d-------- c:\program files\Anti Trojan Elite
2009-03-12 00:20 . 05-08-27 03:38 1,435,272 --a------ c:\winnt\SYSTEM32\Flash.ocx
2009-03-12 00:20 . 03-11-19 14:59 512,688 --a------ c:\winnt\SYSTEM32\XceedCry.dll
2009-03-12 00:20 . 04-05-11 10:56 423,784 --a------ c:\winnt\SYSTEM32\XceedBkp.dll
2009-03-12 00:20 . 04-02-05 21:53 389,120 --a------ c:\winnt\SYSTEM32\ACTSKN43.OCX
2009-03-12 00:20 . 01-07-28 13:50 265,753 --a------ c:\winnt\SYSTEM32\AS-Exp2.ocx
2009-03-12 00:20 . 04-01-09 11:54 188,416 --a------ c:\winnt\SYSTEM32\actsplash.ocx
2009-03-12 00:20 . 04-03-09 00:00 131,856 --a------ c:\winnt\SYSTEM32\MSADODC.ocx
2009-03-12 00:20 . 01-03-28 23:02 89,088 --a------ c:\winnt\SYSTEM32\ProgressBar4.ocx
2009-03-12 00:20 . 01-04-20 02:28 28,672 --a------ c:\winnt\SYSTEM32\systray.ocx
2009-03-12 00:20 . 99-01-26 20:36 11,012 --a------ c:\winnt\SYSTEM32\threadapi.tlb
2009-03-11 21:31 . 09-03-12 15:36 <DIR> d-------- c:\program files\Panda Security
2009-03-11 14:37 . 08-11-02 20:00 <DIR> d-------- c:\documents and settings\ASPNET\Application Data\SACore
2009-03-11 14:37 . 09-03-11 14:37 <DIR> d-------- c:\documents and settings\ASPNET
2009-03-10 15:13 . 09-03-10 15:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 07:02 --------- d-----w c:\program files\yRead2
2009-03-14 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-13 05:00 --------- d-----w c:\program files\Advanced Uninstaller PRO - Version 9
2009-03-12 20:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 19:05 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-11 17:32 --------- d-----w c:\program files\DivX
2009-02-27 22:03 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-02-08 17:36 --------- d---a-w c:\program files\Dell
2009-02-08 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-02-08 17:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-08 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-02-07 02:42 --------- d-----w c:\documents and settings\Administrator\Application Data\WNR
2009-02-07 00:25 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-07 00:18 --------- d---a-w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-07 00:09 --------- d-----w c:\program files\HP
2009-02-07 00:05 --------- d-----w c:\program files\Common Files\HP
2009-02-07 00:01 --------- d---a-w c:\program files\Common Files\Adaptec Shared
2009-02-06 23:50 --------- d-----w c:\program files\Common Files\Nullsoft
2009-02-04 17:18 --------- d-----w c:\documents and settings\Administrator\Application Data\Move Networks
2009-02-04 02:38 --------- d-----w c:\documents and settings\Administrator\Application Data\Aim
2009-02-04 02:35 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2009-02-04 02:24 --------- d-----w c:\program files\Common Files\Real
2009-02-02 17:38 --------- d-----w c:\documents and settings\Administrator\Application Data\.BitTornado
2009-02-02 05:18 --------- d-----w c:\documents and settings\Administrator\Application Data\Graboid Inc
2009-02-01 23:37 --------- d-----w c:\documents and settings\Administrator\Application Data\MozillaControl
2009-02-01 22:34 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-01 01:34 --------- d-----w c:\documents and settings\All Users\Application Data\Graboid Inc
2008-08-22 23:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-08-15 23:29 18,848 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2003-07-10 18:54 271 ---ha-w c:\program files\DESKTOP.INI
2003-07-10 18:54 21,952 ---ha-w c:\program files\FOLDER.HTT
2003-06-20 12:00 32,528 ----a-w c:\winnt\INF\WBFIRDMA.SYS
.

------- Sigcheck -------

01-02-20 13:09 8192 d36a33c21eeed5a6c1daecb7c80a1909 c:\winnt\SYSTEM32\CTFMON.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 8192 c:\winnt\SYSTEM32\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [04-10-30 14:59 385024]
"Synchronization Manager"="mobsync.exe" [03-06-20 07:00 111376 c:\winnt\SYSTEM32\MOBSYNC.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [03-06-20 07:00 20752 c:\winnt\SYSTEM32\INTERNAT.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-20 07:00 186640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
04-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
06-09-01 00:49 140048 c:\winnt\SYSTEM32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\DRIVERS\el90xbc5.sys [99-10-23 12:22 61712]
R3 SavRoam;SavRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [04-03-12 14:18 169192]
R3 Scr110;SCR110 Serial Smart Card Reader;c:\winnt\system32\DRIVERS\Scr110.sys [03-02-04 03:00 19272]
R3 SCRx31 USB Reader;SCRx31 USB Reader;c:\winnt\system32\DRIVERS\stc2.sys [02-07-03 19:32 56320]
R3 w70n5;Intel® PRO/Wireless 7100 Adapter Driver;c:\winnt\system32\DRIVERS\w70n5.sys [04-01-13 02:46 2481408]
R4 NFServer;NFServer;c:\program files\Fortress\AirFortress® Client\NFServer.exe [02-06-21 17:21 110592]
S0 fasttrak;fasttrak;c:\winnt\system32\DRIVERS\fasttrak.sys [01-04-26 16:00 64418]
S0 mraid2k;mraid2k;c:\winnt\system32\DRIVERS\mraid2k.sys [01-06-08 09:25 17258]
S1 Dlc;DLC Protocol;c:\winnt\system32\DRIVERS\dlc.sys [03-06-20 07:00 56112]
S1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [02-08-14 14:11 5632]
S2 AppleTalk;AppleTalk Protocol;c:\winnt\system32\DRIVERS\sfmatalk.sys [03-06-20 07:00 148400]
S2 PRPC;PRPC; [x]
S3 GTIPCI21;GTIPCI21;c:\winnt\system32\DRIVERS\gtipci21.sys [04-05-03 16:26 80384]
S3 IWCA2K;Intel Wireless Connection Agent Miniport for Win 2K;c:\winnt\system32\DRIVERS\iwca2k.sys [04-08-12 08:43 21504]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [04-01-16 19:06 50032]


--- Other Services/Drivers In Memory ---

*Deregistered* - adpu160m
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - agp440
*Deregistered* - Aha154x
*Deregistered* - aic78u2
*Deregistered* - aic78xx
*Deregistered* - Alerter
*Deregistered* - AppleTalk
*Deregistered* - AppMgmt
*Deregistered* - Aspi32
*Deregistered* - aspnet_state
*Deregistered* - audstub
*Deregistered* - BASFND
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - ccProxy
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - DefWatch
*Deregistered* - Dhcp
*Deregistered* - Diskperf
*Deregistered* - Dlc
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Dnscache
*Deregistered* - EFS
*Deregistered* - Fastfat
*Deregistered* - fasttrak
*Deregistered* - Fd16_700
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - GhPciScan
*Deregistered* - Gpc
*Deregistered* - IntelIde
*Deregistered* - IpFilterDriver
*Deregistered* - IWCA2K
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MPFP
*Deregistered* - MpfService
*Deregistered* - mraid2k
*Deregistered* - mraid35x
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - NetDDE
*Deregistered* - NetDDEdsdm
*Deregistered* - Netlogon
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - NtLmSsp
*Deregistered* - Null
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - omci
*Deregistered* - Parallel
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PptpMiniport
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RemoteRegistry
*Deregistered* - ROOTMODEM
*Deregistered* - RSVP
*Deregistered* - s24trans
*Deregistered* - SamSs
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - SbcpHid
*Deregistered* - seclogon
*Deregistered* - SimpTcp
*Deregistered* - SNDSrvc
*Deregistered* - Sparrow
*Deregistered* - Srv
*Deregistered* - swenum
*Deregistered* - Symantec AntiVirus
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMIDSCO
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - SysmonLog
*Deregistered* - Tcpip
*Deregistered* - Ultra
*Deregistered* - Update
*Deregistered* - UPS
*Deregistered* - UtilMan
*Deregistered* - VgaSave
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - wanatw
*Deregistered* - WmdmPmSN
*Deregistered* - Wmi
*Deregistered* - wuauserv
.
Contents of the 'Scheduled Tasks' folder

2004-08-04 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [04-01-02 13:20 ]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://live.xbox.com/en-US/profile/Friends.aspx
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}\SOFTWARE
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}\SOFTWARE\Classes
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}\SOFTWARE\Classes\CLSID
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ProgID
LSP: %SystemRoot%\system32\msafd.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gzlf1ra1.default\
FF - prefs.js: browser.startup.homepage - hxxp://games.espn.go.com/frontpage/flbdraftkit|http://sports.espn.go.com/fantasy/baseball/flb/story?page=mlbdk2k9ranksTop500|http://webmail.aol.com/41421/aim/en-us/Suite.aspx|http://games.espn.go.com/flb/leagueoffice?leagueId=43108
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 12:13:31
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-577020384-2308808795-1272252130-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63496D0E-1653-5764-30C8-8B7AE0E43F7E}*]
"bbehecjdilgdpohalhpomfdfdaamgcffalkn"=hex:61,61,00,00
"abehecjdilgdpohalhiphkgpaeocpaolen"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\EncInst]
@DACL=(02 0000)
"DebugFile"="c:\\encinst.log"
"DebugLevel"=hex:ef
"Enabled"=hex:fe
"path"="c:\\WINNT\\system32\\export\\encinst.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents]
@DACL=(02 0000)
"ComponentList"=multi:"{FB8B5424-4B01-433E-AB3B-4B296655D43A}\00{89820200-ECBD-11CF-8B85-00AA005B4383}\00{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}\00{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}\00{5DC6714D-359A-4BBE-A62E-38E86902C81A}\00{E9A84D17-E5C1-4890-A557-4460207F6AAF}\00{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\00{C53A407B-397A-4EEC-812F-E951673CDE7F}\00{0E7420B5-D964-400C-8AC0-60537B2D0832}\00{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}\00{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}\00{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}\00{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}\00{AA936DF4-2B08-4B1F-B071-72192E287704}\00{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\00{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{0E7420B5-D964-400C-8AC0-60537B2D0832}]
@DACL=(02 0000)
"FriendlyName"="SQLXMLX Exception Package"
"ComponentGUID"="{0E7420B5-D964-400C-8AC0-60537B2D0832}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{0E7420B5-D964-400C-8AC0-60537B2D0832}\\SQLXMLXP.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{0E7420B5-D964-400C-8AC0-60537B2D0832}\\sqlxmlxp.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}]
@DACL=(02 0000)
"FriendlyName"="Microsoft MDAC Response Files"
"ComponentGUID"="{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}\\rspfiles.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}\\rspfiles.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
"FriendlyName"="DirectX"
"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{5DC6714D-359A-4BBE-A62E-38E86902C81A}]
@DACL=(02 0000)
"FriendlyName"="Microsoft MDAC Setup Files"
"ComponentGUID"="{5DC6714D-359A-4BBE-A62E-38E86902C81A}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{5DC6714D-359A-4BBE-A62E-38E86902C81A}\\dasetup.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{5DC6714D-359A-4BBE-A62E-38E86902C81A}\\dasetup.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{89820200-ECBD-11CF-8B85-00AA005B4383}]
@DACL=(02 0000)
"FriendlyName"="Internet Explorer 6"
"ComponentGUID"="{89820200-ECBD-11CF-8B85-00AA005B4383}"
"Version"=dword:00060000
"Sub-Version"=dword:00000000
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\ieex.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\ieex.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}]
@DACL=(02 0000)
"FriendlyName"="BidInterface Exception Package"
"ComponentGUID"="{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}\\bidintrx.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}\\bidintrx.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}]
@DACL=(02 0000)
"FriendlyName"="Microsoft SQL Server ODBC Drivers"
"ComponentGUID"="{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}\\SQLODBC.INF"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}\\sqlodbc.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]
@DACL=(02 0000)
"FriendlyName"="DirectX BDA"
"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}]
@DACL=(02 0000)
"FriendlyName"="Microsoft SQL Server Net Libs"
"ComponentGUID"="{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}\\SQLNET.INF"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}\\sqlnet.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}]
@DACL=(02 0000)
"FriendlyName"="Microsoft SQL Server OLEDB Provider"
"ComponentGUID"="{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}\\SQLOLDB.INF"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}\\sqloldb.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}]
@DACL=(02 0000)
"FriendlyName"="Microsoft Active Accessibility"
"ComponentGUID"="{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}"
"Version"=dword:00040002
"Sub-Version"=dword:151e0000
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}\\msaaNT.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}\\msaa2K.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C53A407B-397A-4EEC-812F-E951673CDE7F}]
@DACL=(02 0000)
"FriendlyName"="MSXML 3.0 Exception Package"
"ComponentGUID"="{C53A407B-397A-4EEC-812F-E951673CDE7F}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{C53A407B-397A-4EEC-812F-E951673CDE7F}\\MSXMLX.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{C53A407B-397A-4EEC-812F-E951673CDE7F}\\msxmlx.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Player Exception Pack"
"ComponentGUID"="{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}"
"Version"=dword:00090000
"Sub-Version"=dword:00000ba4
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}\\wmexpack.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}\\wmexpack.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{E9A84D17-E5C1-4890-A557-4460207F6AAF}]
@DACL=(02 0000)
"FriendlyName"="WebData Setup Exception Package"
"ComponentGUID"="{E9A84D17-E5C1-4890-A557-4460207F6AAF}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{E9A84D17-E5C1-4890-A557-4460207F6AAF}\\WDSETUP.INF"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{E9A84D17-E5C1-4890-A557-4460207F6AAF}\\wdsetup.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}]
@DACL=(02 0000)
"FriendlyName"="Mdac 2.8 Exception Package"
"ComponentGUID"="{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\\MDACXPAK.INF"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\\mdacxpak.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{FB8B5424-4B01-433E-AB3B-4B296655D43A}]
@DACL=(02 0000)
"FriendlyName"="DirectX quartz Exception Pack"
"ComponentGUID"="{FB8B5424-4B01-433E-AB3B-4B296655D43A}"
"Version"=dword:00060003
"Sub-Version"=dword:00010376
"ExceptionInfName"=expand:"c:\\WINNT\\RegisteredPackages\\{FB8B5424-4B01-433E-AB3B-4B296655D43A}\\dx819696_w2k.inf"
"ExceptionCatalogName"=expand:"c:\\WINNT\\RegisteredPackages\\{FB8B5424-4B01-433E-AB3B-4B296655D43A}\\dx819696_w2k.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\KnownGood]
@DACL=(02 0000)
"SpeechCpl"="c:\\Program Files\\Common Files\\Microsoft Shared\\Speech\\sapi.cpl"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\Migration DLLs]
@DACL=(02 0000)
"Microsoft Office Family"="c:\\PROGRA~1\\MICROS~2\\Office10\\MIGRAT~1\\MIGRATE.DLL"
"Roxio Easy CD Creator 5"="c:\\Program Files\\Common Files\\Adaptec Shared\\Migration"
"Microsoft Windows Media Player 9 Series"="c:\\Program Files\\Windows Media Player\\Installer"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OC Manager]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\AddressBook]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'lsass.exe'(272)
c:\winnt\System32\BCMLogon.dll
.
Completion time: 2009-03-15 12:17:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 17:16:59

Pre-Run: 3,982,138,880 bytes free
Post-Run: 4,159,325,184 bytes free

483

A couple of notes...the SVCHOST application error seems to have finally gone away. No longer do I get the message "Local Area Connection can not be found" either. However, still can't connect to internet, even though the properties of LAN show it is enabled and has obtain IP and obtain DNS Server automatically, checked.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:14 PM, on 3/15/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\WINNT\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dmadmin.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackCheck\Hcheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://live.xbox.com/en-US/profile/Friends.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'ASPNET')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134589117044
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143753340215
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7920 bytes

The MBAM program finally opened and I was able to run it. Here's the log from that, along with a new HJT log.

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.0.2195 Service Pack 4

3/15/2009 5:06:30 PM
mbam-log-2009-03-15 (17-06-18).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 113772
Time elapsed: 37 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Desktop\Rome\Videos\WindXpSp3By_AleXDa1NOnLy\WW2.5+Z+TZ\$OEM$\$$\system32\cmdow.exe (Malware.Tool) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:43 PM, on 3/15/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\WINNT\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dmadmin.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackCheck\Hcheck.exe
C:\WINNT\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://live.xbox.com/en-US/profile/Friends.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'ASPNET')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134589117044
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143753340215
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9758C124-7DE9-4E40-8FA8-9A680ACA1457}: NameServer = 167.206.254.1,167.206.254.2
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7995 bytes

Combofix shows no active rootkit.

You must uninstall XP Police Antivirus from your add-remove programs if listed there. It is a rogue antivirus and may download more crap to your system. Uninstall Zango toolbar as well if possible.

Mbam was not updated: (database version: 1749). Also, the report shows "no action taken" instead of "Quarantined and deleted" as it should.

Please update and run it again, making it quarantine or delete anything found.

Does RSIT still not run ?

Chris

PS - Download an run LSPfix from http://www.cexx.org/LSPFix.exe and see if you can connect.

RSIT had to be run on Safe Mode since I can't connect on regular boot.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-15 19:07:56
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 4 GB (12%) free of 38 GB
Total RAM: 503 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:02 PM, on 3/15/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\dmadmin.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackCheck\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://live.xbox.com/en-US/profile/Friends.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134589117044
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143753340215
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9758C124-7DE9-4E40-8FA8-9A680ACA1457}: NameServer = 167.206.254.1,167.206.254.2
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6844 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-13 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-07 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\s [2007-08-25 40]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-13 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"Synchronization Manager"=mobsync.exe /logon []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2001-02-20 8192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINNT\s [2007-08-25 40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau]
C:\WINNT\system32\nwprovau.dll [2006-09-01 140048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINNT\system32\wlnotify.dll [2005-04-08 57104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-15 16:24:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-03-15 15:47:26 ----SHD---- C:\RECYCLER
2009-03-15 12:48:16 ----A---- C:\WINNT\SchedLgU.Txt
2009-03-15 12:17:07 ----D---- C:\WINNT\temp
2009-03-15 12:17:04 ----A---- C:\ComboFix.txt
2009-03-15 11:54:54 ----A---- C:\WINNT\zip.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\VFIND.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\SWXCACLS.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\SWSC.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\SWREG.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\sed.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\NIRCMD.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\grep.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\fdsv.exe
2009-03-15 11:54:31 ----D---- C:\WINNT\ERDNT
2009-03-15 11:54:29 ----D---- C:\Qoobox
2009-03-14 23:52:31 ----D---- C:\rsit
2009-03-14 13:05:17 ----D---- C:\Program Files\MBAM
2009-03-14 13:05:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-14 12:59:52 ----A---- C:\WINNT\ntbtlog.txt
2009-03-14 12:37:31 ----D---- C:\Program Files\CCleaner
2009-03-13 20:19:31 ----D---- C:\fixwareout
2009-03-13 14:16:25 ----D---- C:\Program Files\Trend Micro
2009-03-12 21:30:43 ----D---- C:\Program Files\F-Group
2009-03-12 21:00:13 ----ASH---- C:\BOOT.BAK
2009-03-12 20:55:54 ----D---- C:\$WIN_NT$.~LS
2009-03-12 20:55:54 ----D---- C:\$WIN_NT$.~BT
2009-03-12 17:40:12 ----A---- C:\WINNT\UPGRADE.TXT
2009-03-12 17:40:10 ----D---- C:\WINNT\setup.pss
2009-03-12 14:02:45 ----A---- C:\WINNT\system32\sqlite3.dll
2009-03-12 14:02:45 ----A---- C:\WINNT\system32\ascbalon.dll
2009-03-12 14:02:44 ----A---- C:\WINNT\system32\SysRestore.dll
2009-03-12 14:02:44 ----A---- C:\WINNT\system32\SQLiteWrapper.dll
2009-03-12 14:02:44 ----A---- C:\WINNT\system32\ConTest.dll
2009-03-12 14:02:43 ----D---- C:\Program Files\Ascentive
2009-03-12 00:33:29 ----D---- C:\Program Files\Anti Trojan Elite
2009-03-12 00:20:44 ----A---- C:\WINNT\system32\XceedCry.dll
2009-03-12 00:20:44 ----A---- C:\WINNT\system32\XceedBkp.dll
2009-03-11 21:31:54 ----D---- C:\Program Files\Panda Security
2009-03-11 20:16:26 ----D---- C:\WINNT\SoftwareDistribution
2009-03-10 15:13:08 ----D---- C:\Documents and Settings\Administrator\Application Data\Thinstall

======List of files/folders modified in the last 1 months======

2009-03-15 19:07:56 ----AD---- C:\WINNT\SYSTEM32
2009-03-15 19:07:14 ----D---- C:\Program Files\Mozilla Firefox
2009-03-15 19:04:05 ----A---- C:\WINNT\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-03-15 19:01:35 ----AD---- C:\WINNT\system32\IAS
2009-03-15 19:01:03 ----AD---- C:\WINNT\Debug
2009-03-15 18:58:35 ----AD---- C:\Program Files
2009-03-15 18:57:28 ----AD---- C:\WINNT\system32\DRIVERS
2009-03-15 18:14:12 ----AD---- C:\WINNT
2009-03-15 17:35:36 ----AHD---- C:\WINNT\INF
2009-03-15 15:38:19 ----D---- C:\WINNT\system32\NtmsData
2009-03-15 15:05:28 ----D---- C:\Program Files\yRead2
2009-03-15 12:13:34 ----A---- C:\WINNT\system.ini
2009-03-15 12:07:39 ----AD---- C:\WINNT\AppPatch
2009-03-15 12:07:38 ----AD---- C:\Program Files\Common Files
2009-03-15 12:05:43 ----SD---- C:\WINNT\Web
2009-03-14 12:51:26 ----D---- C:\WINNT\Minidump
2009-03-14 01:13:38 ----SHD---- C:\WINNT\CSC
2009-03-13 22:26:23 ----SD---- C:\WINNT\Downloaded Program Files
2009-03-13 20:12:14 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-03-13 12:44:18 ----D---- C:\WINNT\system32\Macromed
2009-03-13 00:00:08 ----D---- C:\Program Files\Advanced Uninstaller PRO - Version 9
2009-03-12 22:24:47 ----RASH---- C:\BOOT.INI
2009-03-12 21:30:20 ----D---- C:\Downloads
2009-03-12 16:38:33 ----D---- C:\Rome
2009-03-12 15:44:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-12 15:38:00 ----SD---- C:\WINNT\Tasks
2009-03-12 14:05:10 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-12 14:02:54 ----SHD---- C:\WINNT\Installer
2009-03-12 14:02:54 ----AHD---- C:\Config.Msi
2009-03-12 14:02:47 ----D---- C:\WINNT\Support_Files
2009-03-11 16:04:55 ----A---- C:\WINNT\WIN.INI
2009-03-11 16:04:51 ----RASD---- C:\WINNT\Fonts
2009-03-11 15:52:16 ----ASD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-03-11 14:37:38 ----AD---- C:\Documents and Settings
2009-03-11 14:19:40 ----AD---- C:\WINNT\system32\CONFIG
2009-03-11 12:32:11 ----D---- C:\Program Files\DivX
2009-02-27 17:03:48 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
2009-02-25 12:55:00 ----A---- C:\WINNT\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINNT\s [2007-08-25 40]
R1 Cdralw2k;Cdralw2k; C:\WINNT\s [2007-08-25 40]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 MPFP;MPFP; C:\WINNT\S [2007-08-25 40]
R1 omci;OMCI WDM Device Driver; C:\WINNT\s [2007-08-25 40]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINNT\s [2007-08-25 40]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINNT\s [2007-08-25 40]
R3 IWCA2K;Intel Wireless Connection Agent Miniport for Win 2K; C:\WINNT\s [2007-08-25 40]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\s [2007-08-25 40]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\s [2007-08-25 40]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\s [2007-08-25 40]
R3 usbhub20;USB 2.0 Root Hub Support; C:\WINNT\s [2007-08-25 40]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\s [2007-08-25 40]
S1 Dlc;DLC Protocol; C:\WINNT\s [2007-08-25 40]
S1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
S1 SbcpHid;SbcpHid; \??\C:\WINNT\system32\Drivers\SbcpHid.sys []
S1 SYMTDI;SYMTDI; C:\WINNT\S [2007-08-25 40]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINNT\s [2007-08-25 40]
S2 AppleTalk;AppleTalk Protocol; C:\WINNT\s [2007-08-25 40]
S2 Aspi32;Aspi32; C:\WINNT\s [2007-08-25 40]
S2 BASFND;BASFND; \??\C:\WINNT\system32\Drivers\BASFND.sys []
S2 HidUsb;Microsoft HID Class Driver; C:\WINNT\s [2007-08-25 40]
S2 mdmxsdk;mdmxsdk; C:\WINNT\s [2007-08-25 40]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINNT\s [2007-08-25 40]
S2 NwlnkNb;NWLink NetBIOS; C:\WINNT\s [2007-08-25 40]
S2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINNT\s [2007-08-25 40]
S2 PRPC;PRPC; C:\WINNT\s [2007-08-25 40]
S2 s24trans;WLAN Transport; C:\WINNT\s [2007-08-25 40]
S2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
S3 ATE_PROCMON;ATE_PROCMON; C:\WINNT\s [2007-08-25 40]
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\Common Files\AOL\ACS\ATWPKT2.SYS []
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINNT\s [2007-08-25 40]
S3 bvrp_pci;bvrp_pci; C:\WINNT\s [2007-08-25 40]
S3 ccdecode;Closed Caption Decoder; C:\WINNT\s [2007-08-25 40]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\s [2007-08-25 40]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver; C:\WINNT\s [2007-08-25 40]
S3 GTIPCI21;GTIPCI21; C:\WINNT\s [2007-08-25 40]
S3 HSF_DP;HSF_DP; C:\WINNT\s [2007-08-25 40]
S3 HSF_DPV;HSF_DPV; C:\WINNT\s [2007-08-25 40]
S3 HSFHWICH;HSFHWICH; C:\WINNT\s [2007-08-25 40]
S3 ialm;ialm; C:\WINNT\s [2007-08-25 40]
S3 mouhid;Mouse HID Driver; C:\WINNT\s [2007-08-25 40]
S3 MPE;BDA MPE Filter; C:\WINNT\s [2007-08-25 40]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\s [2007-08-25 40]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\s [2007-08-25 40]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\navex15.sys []
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINNT\s [2007-08-25 40]
S3 nm;Network Monitor Driver; C:\WINNT\s [2007-08-25 40]
S3 nv4;nv4; C:\WINNT\s [2007-08-25 40]
S3 NWRDR;NetWare Rdr; C:\WINNT\s [2007-08-25 40]
S3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINNT\s [2007-08-25 40]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\S [2007-08-25 40]
S3 Scr110;SCR110 Serial Smart Card Reader; C:\WINNT\s [2007-08-25 40]
S3 SCRx31 USB Reader;SCRx31 USB Reader; C:\WINNT\s [2007-08-25 40]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\s [2007-08-25 40]
S3 STAC97;SigmaTel C-Major Audio; C:\WINNT\s [2007-08-25 40]
S3 streamip;BDA IPSink; C:\WINNT\s [2007-08-25 40]
S3 SYMDNS;SYMDNS; C:\WINNT\S [2007-08-25 40]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINNT\S [2007-08-25 40]
S3 SYMIDS;SYMIDS; C:\WINNT\S [2007-08-25 40]
S3 SYMIDSCO;SYMIDSCO; C:\WINNT\S [2007-08-25 40]
S3 SYMNDIS;SYMNDIS; C:\WINNT\S [2007-08-25 40]
S3 SYMREDRV;SYMREDRV; C:\WINNT\S [2007-08-25 40]
S3 tapvpn;TAP VPN Adapter; C:\WINNT\s [2007-08-25 40]
S3 UIUSys;Conexant Setup API; C:\WINNT\s [2007-08-25 40]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\s [2007-08-25 40]
S3 w70n5;Intel® PRO/Wireless 7100 Adapter Driver; C:\WINNT\s [2007-08-25 40]
S3 winachsf;winachsf; C:\WINNT\s [2007-08-25 40]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\s [2007-08-25 40]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\S [2007-08-25 40]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
S2 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINNT\s [2007-08-25 40]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-02-29 291960]
S2 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2004-05-06 29912]
S2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
S2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
S2 SimpTcp;Simple TCP/IP Services; C:\WINNT\s [2007-08-25 40]
S2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
S2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2004-05-05 222352]
S2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S2 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\S [2007-08-25 40]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S4 GhostStartService;GhostStartService; C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE [2002-08-14 200704]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-13 138168]
S4 NFServer;NFServer; C:\Program Files\Fortress\AirFortress® Client\NFServer.exe [2002-06-21 110592]
S4 NWCWorkstation;Client Service for NetWare; C:\WINNT\s [2007-08-25 40]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S4 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINNT\S [2007-08-25 40]

-----------------EOF-----------------

Malwarebytes' Anti-Malware 1.34
Database version: 1853
Windows 5.0.2195 Service Pack 4

3/15/2009 6:56:30 PM
mbam-log-2009-03-15 (18-56-30).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 117223
Time elapsed: 21 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Desktop\Rome\Videos\WindXpSp3By_AleXDa1NOnLy\WW2.5+Z+TZ\$OEM$\$$\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.

LSPfix says there are no problems found, and lists the following .dll files under KEEP.

RNR20
WINRNR
NWPROVAU
MSAFD
RSVPSP

I've been able to get Internet Explorer to work now. I don't know if this specifically had anything to do with it but I went to Windows Automatic Updates and turned them on, they had been turned off. Still can't connect to Mozilla Firefox for some odd reason, working on it.

We are making some progress.

Download SDFix from: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix\

Reboot into Safe Mode (without networking support !)

- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). I need that log afterwards.

Post back the sdfix report along with a new RSIT report.

Chris

I got a couple of prompts on screen telling me about new hardware added, "Network Controller" but Windows couldn't locate any drivers for it. Important?


SDFix: Version 1.240
Run by Administrator on Sun 03/15/2009 at 11:32p

Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 23:55:54
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\EncInst]
"DebugFile"="c:\encinst.log"
"path"="C:\WINNT\system32\export\encinst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents]
"ComponentList"=str(7):"{FB8B5424-4B01-433E-AB3B-4B296655D43A}\0{89820200-ECBD-11CF-8B85-00AA005B4383}\0{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}\0{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}\0{5DC6714D-359A-4BBE-A62E-38E86902C81A}\0{E9A84D17-E5C1-4890-A557-4460207F6AAF}\0{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\0{C53A407B-397A-4EEC-812F-E951673CDE7F}\0{0E7420B5-D964-400C-8AC0-60537B2D0832}\0{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}\0{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}\0{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}\0{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}\0{AA936DF4-2B08-4B1F-B071-72192E287704}\0{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\0{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{0E7420B5-D964-400C-8AC0-60537B2D0832}]
"FriendlyName"="SQLXMLX Exception Package"
"ComponentGUID"="{0E7420B5-D964-400C-8AC0-60537B2D0832}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{0E7420B5-D964-400C-8AC0-60537B2D0832}\SQLXMLXP.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{0E7420B5-D964-400C-8AC0-60537B2D0832}\sqlxmlxp.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}]
"FriendlyName"="Microsoft MDAC Response Files"
"ComponentGUID"="{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}\rspfiles.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{12F1D3F6-5371-4962-8B9E-41AC0668F2C1}\rspfiles.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"FriendlyName"="DirectX"
"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxxp.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxxp.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{5DC6714D-359A-4BBE-A62E-38E86902C81A}]
"FriendlyName"="Microsoft MDAC Setup Files"
"ComponentGUID"="{5DC6714D-359A-4BBE-A62E-38E86902C81A}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{5DC6714D-359A-4BBE-A62E-38E86902C81A}\dasetup.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{5DC6714D-359A-4BBE-A62E-38E86902C81A}\dasetup.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{89820200-ECBD-11CF-8B85-00AA005B4383}]
"FriendlyName"="Internet Explorer 6"
"ComponentGUID"="{89820200-ECBD-11CF-8B85-00AA005B4383}"
"Version"=dword:00060000
"Sub-Version"=dword:00000000
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{89820200-ECBD-11cf-8B85-00AA005B4383}\ieex.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{89820200-ECBD-11cf-8B85-00AA005B4383}\ieex.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}]
"FriendlyName"="BidInterface Exception Package"
"ComponentGUID"="{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}\bidintrx.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{97F5A9DB-8CA2-496B-9847-9C1DF6D93701}\bidintrx.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}]
"FriendlyName"="Microsoft SQL Server ODBC Drivers"
"ComponentGUID"="{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}\SQLODBC.INF"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{A2F3B5A7-2D39-4A4E-96E6-BFADEBCBB27B}\sqlodbc.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]
"FriendlyName"="DirectX BDA"
"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"
"Version"=dword:00040009
"Sub-Version"=dword:00000386
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\dxbda.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\dx9bda.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}]
"FriendlyName"="Microsoft SQL Server Net Libs"
"ComponentGUID"="{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}\SQLNET.INF"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{B15C73EE-0AD0-41C2-BC15-D0A623F0078C}\sqlnet.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}]
"FriendlyName"="Microsoft SQL Server OLEDB Provider"
"ComponentGUID"="{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}\SQLOLDB.INF"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{BA63DE4B-CAD8-49C5-A3F2-E976BEB019C8}\sqloldb.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}]
"FriendlyName"="Microsoft Active Accessibility"
"ComponentGUID"="{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}"
"Version"=dword:00040002
"Sub-Version"=dword:151e0000
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}\msaaNT.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{BA840A40-FE9C-49A6-B5DA-18EEEF49B9A7}\msaa2K.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C53A407B-397A-4EEC-812F-E951673CDE7F}]
"FriendlyName"="MSXML 3.0 Exception Package"
"ComponentGUID"="{C53A407B-397A-4EEC-812F-E951673CDE7F}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{C53A407B-397A-4EEC-812F-E951673CDE7F}\MSXMLX.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{C53A407B-397A-4EEC-812F-E951673CDE7F}\msxmlx.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}]
"FriendlyName"="Windows Media Player Exception Pack"
"ComponentGUID"="{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}"
"Version"=dword:00090000
"Sub-Version"=dword:00000ba4
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}\wmexpack.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}\wmexpack.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{E9A84D17-E5C1-4890-A557-4460207F6AAF}]
"FriendlyName"="WebData Setup Exception Package"
"ComponentGUID"="{E9A84D17-E5C1-4890-A557-4460207F6AAF}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{E9A84D17-E5C1-4890-A557-4460207F6AAF}\WDSETUP.INF"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{E9A84D17-E5C1-4890-A557-4460207F6AAF}\wdsetup.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}]
"FriendlyName"="Mdac 2.8 Exception Package"
"ComponentGUID"="{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}"
"Version"=dword:00020050
"Sub-Version"=dword:03fe0003
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\MDACXPAK.INF"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\mdacxpak.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{FB8B5424-4B01-433E-AB3B-4B296655D43A}]
"FriendlyName"="DirectX quartz Exception Pack"
"ComponentGUID"="{FB8B5424-4B01-433E-AB3B-4B296655D43A}"
"Version"=dword:00060003
"Sub-Version"=dword:00010376
"ExceptionInfName"=str(2):"C:\WINNT\RegisteredPackages\{FB8B5424-4B01-433E-AB3B-4B296655D43A}\dx819696_w2k.inf"
"ExceptionCatalogName"=str(2):"C:\WINNT\RegisteredPackages\{FB8B5424-4B01-433E-AB3B-4B296655D43A}\dx819696_w2k.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\KnownGood]
"SpeechCpl"="C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.cpl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Migration DLLs]
"Microsoft Office Family"="C:\PROGRA~1\MICROS~2\Office10\MIGRAT~1\MIGRATE.DLL"
"Roxio Easy CD Creator 5"="C:\Program Files\Common Files\Adaptec Shared\Migration"
"Microsoft Windows Media Player 9 Series"="C:\Program Files\Windows Media Player\Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\MasterInfs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents]
"wmpocm"=dword:00000001
"autoupdate"=dword:00000001
"dtc"=dword:00000001
"msmq"=dword:00000000
"ieaccess"=dword:00000001
"iis_common"=dword:00000000
"iis_inetmgr"=dword:00000000
"com"=dword:00000001
"iis_www"=dword:00000000
"iis_pwmgr"=dword:00000000
"iis_doc"=dword:00000000
"iis_ftp"=dword:00000000
"iis_smtp"=dword:00000000
"fp_extensions"=dword:00000000
"oeaccess"=dword:00000001
"mswordpad"=dword:00000001
"calc"=dword:00000001
"charmap"=dword:00000001
"clipbook"=dword:00000001
"deskpaper"=dword:00000001
"mousepoint"=dword:00000001
"objectpkg"=dword:00000001
"paint"=dword:00000001
"templates"=dword:00000001
"chat"=dword:00000001
"dialer"=dword:00000001
"hypertrm"=dword:00000001
"cdplayer"=dword:00000001
"mplay"=dword:00000001
"rec"=dword:00000001
"vol"=dword:00000001
"media_clips"=dword:00000001
"media_utopia"=dword:00000001
"accessopt"=dword:00000001
"pinball"=dword:00000001
"freecell"=dword:00000001
"minesweeper"=dword:00000001
"solitaire"=dword:00000001
"imagevue"=dword:00000001
"fax"=dword:00000001
"indexsrv_system"=dword:00000001
"snmp"=dword:00000000
"simptcp"=dword:00000001
"iprip"=dword:00000001
"lpdsvc"=dword:00000000
"iisdbg"=dword:00000000
"display"=dword:00000001
"ntcomponents"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\AddressBook]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63496D0E-1653-5764-30C8-8B7AE0E43F7E}]
"bbehecjdilgdpohalhpomfdfdaamgcffalkn?"=hex:61,61,00,00
"abehecjdilgdpohalhiphkgpaeocpaolen?"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Remaining Files :



Files with Hidden Attributes :

Wed 12 May 2004 192 A.SH. --- "C:\BOOT.BAK"
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

Finished!

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-16 00:03:09
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 4 GB (10%) free of 38 GB
Total RAM: 503 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:28 AM, on 3/16/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\clipsrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dmadmin.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\system32\DllHost.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackCheck\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://live.xbox.com/en-US/profile/Friends.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-21-577020384-2308808795-1272252130-1009\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'ASPNET')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134589117044
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143753340215
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9758C124-7DE9-4E40-8FA8-9A680ACA1457}: NameServer = 167.206.254.1,167.206.254.2
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NFServer - Unknown owner - C:\Program Files\Fortress\AirFortress® Client\NFServer.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9800 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-13 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-07 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\s [2007-08-25 40]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-13 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"Synchronization Manager"=mobsync.exe /logon []
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2004-05-06 124112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2001-02-20 8192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINNT\s [2007-08-25 40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau]
C:\WINNT\system32\nwprovau.dll [2006-09-01 140048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINNT\system32\wlnotify.dll [2005-04-08 57104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-15 23:26:12 ----D---- C:\WINNT\ERUNT
2009-03-15 23:12:12 ----D---- C:\SDFix
2009-03-15 21:58:36 ----A---- C:\WINNT\system32\wuauclt.exe
2009-03-15 21:44:43 ----D---- C:\Program Files\Adaptec
2009-03-15 16:24:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-03-15 15:47:26 ----SHD---- C:\RECYCLER
2009-03-15 12:48:16 ----A---- C:\WINNT\SchedLgU.Txt
2009-03-15 12:17:07 ----D---- C:\WINNT\temp
2009-03-15 12:17:04 ----A---- C:\ComboFix.txt
2009-03-15 11:54:54 ----A---- C:\WINNT\zip.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\VFIND.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\SWXCACLS.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\SWSC.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\SWREG.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\sed.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\NIRCMD.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\grep.exe
2009-03-15 11:54:54 ----A---- C:\WINNT\fdsv.exe
2009-03-15 11:54:31 ----D---- C:\WINNT\ERDNT
2009-03-15 11:54:29 ----D---- C:\Qoobox
2009-03-14 23:52:31 ----D---- C:\rsit
2009-03-14 13:05:17 ----D---- C:\Program Files\MBAM
2009-03-14 13:05:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-14 12:59:52 ----A---- C:\WINNT\ntbtlog.txt
2009-03-14 12:37:31 ----D---- C:\Program Files\CCleaner
2009-03-13 20:19:31 ----D---- C:\fixwareout
2009-03-13 14:16:25 ----D---- C:\Program Files\Trend Micro
2009-03-12 21:30:43 ----D---- C:\Program Files\F-Group
2009-03-12 21:00:13 ----ASH---- C:\BOOT.BAK
2009-03-12 20:55:54 ----D---- C:\$WIN_NT$.~LS
2009-03-12 20:55:54 ----D---- C:\$WIN_NT$.~BT
2009-03-12 17:40:12 ----A---- C:\WINNT\UPGRADE.TXT
2009-03-12 17:40:10 ----D---- C:\WINNT\setup.pss
2009-03-12 14:02:45 ----A---- C:\WINNT\system32\sqlite3.dll
2009-03-12 14:02:45 ----A---- C:\WINNT\system32\ascbalon.dll
2009-03-12 14:02:44 ----A---- C:\WINNT\system32\SysRestore.dll
2009-03-12 14:02:44 ----A---- C:\WINNT\system32\SQLiteWrapper.dll
2009-03-12 14:02:44 ----A---- C:\WINNT\system32\ConTest.dll
2009-03-12 14:02:43 ----D---- C:\Program Files\Ascentive
2009-03-12 00:33:29 ----D---- C:\Program Files\Anti Trojan Elite
2009-03-12 00:20:44 ----A---- C:\WINNT\system32\XceedCry.dll
2009-03-12 00:20:44 ----A---- C:\WINNT\system32\XceedBkp.dll
2009-03-11 21:31:54 ----D---- C:\Program Files\Panda Security
2009-03-11 20:16:26 ----D---- C:\WINNT\SoftwareDistribution
2009-03-10 15:13:08 ----D---- C:\Documents and Settings\Administrator\Application Data\Thinstall

======List of files/folders modified in the last 1 months======

2009-03-16 00:03:10 ----AD---- C:\WINNT\SYSTEM32
2009-03-16 00:00:47 ----D---- C:\Program Files\Mozilla Firefox
2009-03-15 23:42:00 ----D---- C:\WINNT\system32\NtmsData
2009-03-15 23:41:57 ----AD---- C:\WINNT\system32\IAS
2009-03-15 23:41:36 ----A---- C:\WINNT\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-03-15 23:41:33 ----AD---- C:\WINNT\Debug
2009-03-15 23:26:12 ----AD---- C:\WINNT
2009-03-15 21:58:41 ----RASHD---- C:\WINNT\system32\DLLCACHE
2009-03-15 21:58:27 ----AHD---- C:\WINNT\INF
2009-03-15 21:44:43 ----AD---- C:\Program Files\Windows Media Player
2009-03-15 21:44:43 ----AD---- C:\Program Files\Common Files
2009-03-15 21:44:43 ----AD---- C:\Program Files
2009-03-15 21:41:07 ----AD---- C:\WINNT\Help
2009-03-15 21:38:44 ----RASH---- C:\BOOT.INI
2009-03-15 18:58:35 ----AD---- C:\WINNT\system32\DRIVERS
2009-03-15 15:05:28 ----D---- C:\Program Files\yRead2
2009-03-15 12:13:34 ----A---- C:\WINNT\system.ini
2009-03-15 12:07:39 ----AD---- C:\WINNT\AppPatch
2009-03-15 12:05:43 ----SD---- C:\WINNT\Web
2009-03-14 12:51:26 ----D---- C:\WINNT\Minidump
2009-03-14 01:13:38 ----SHD---- C:\WINNT\CSC
2009-03-13 22:26:23 ----SD---- C:\WINNT\Downloaded Program Files
2009-03-13 20:12:14 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-03-13 12:44:18 ----D---- C:\WINNT\system32\Macromed
2009-03-13 00:00:08 ----D---- C:\Program Files\Advanced Uninstaller PRO - Version 9
2009-03-12 21:30:20 ----D---- C:\Downloads
2009-03-12 16:38:33 ----D---- C:\Rome
2009-03-12 15:44:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-12 15:38:00 ----SD---- C:\WINNT\Tasks
2009-03-12 14:05:10 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-12 14:02:54 ----SHD---- C:\WINNT\Installer
2009-03-12 14:02:54 ----AHD---- C:\Config.Msi
2009-03-12 14:02:47 ----D---- C:\WINNT\Support_Files
2009-03-11 16:04:55 ----A---- C:\WINNT\WIN.INI
2009-03-11 16:04:51 ----RASD---- C:\WINNT\Fonts
2009-03-11 15:52:16 ----ASD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-03-11 14:37:38 ----AD---- C:\Documents and Settings
2009-03-11 14:19:40 ----AD---- C:\WINNT\system32\CONFIG
2009-03-11 12:32:11 ----D---- C:\Program Files\DivX
2009-02-27 17:03:48 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
2009-02-25 12:55:00 ----A---- C:\WINNT\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINNT\s [2007-08-25 40]
R1 Cdralw2k;Cdralw2k; C:\WINNT\s [2007-08-25 40]
R1 Dlc;DLC Protocol; C:\WINNT\s [2007-08-25 40]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 MPFP;MPFP; C:\WINNT\S [2007-08-25 40]
R1 omci;OMCI WDM Device Driver; C:\WINNT\s [2007-08-25 40]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SbcpHid;SbcpHid; \??\C:\WINNT\system32\Drivers\SbcpHid.sys []
R1 SYMTDI;SYMTDI; C:\WINNT\S [2007-08-25 40]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINNT\s [2007-08-25 40]
R2 AppleTalk;AppleTalk Protocol; C:\WINNT\s [2007-08-25 40]
R2 Aspi32;Aspi32; C:\WINNT\s [2007-08-25 40]
R2 BASFND;BASFND; \??\C:\WINNT\system32\Drivers\BASFND.sys []
R2 mdmxsdk;mdmxsdk; C:\WINNT\s [2007-08-25 40]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINNT\s [2007-08-25 40]
R2 NwlnkNb;NWLink NetBIOS; C:\WINNT\s [2007-08-25 40]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINNT\s [2007-08-25 40]
R2 PRPC;PRPC; C:\WINNT\s [2007-08-25 40]
R2 s24trans;WLAN Transport; C:\WINNT\s [2007-08-25 40]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINNT\s [2007-08-25 40]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINNT\s [2007-08-25 40]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\s [2007-08-25 40]
R3 GTIPCI21;GTIPCI21; C:\WINNT\s [2007-08-25 40]
R3 HSF_DPV;HSF_DPV; C:\WINNT\s [2007-08-25 40]
R3 HSFHWICH;HSFHWICH; C:\WINNT\s [2007-08-25 40]
R3 ialm;ialm; C:\WINNT\s [2007-08-25 40]
R3 IWCA2K;Intel Wireless Connection Agent Miniport for Win 2K; C:\WINNT\s [2007-08-25 40]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\navex15.sys []
R3 NWRDR;NetWare Rdr; C:\WINNT\s [2007-08-25 40]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\S [2007-08-25 40]
R3 STAC97;SigmaTel C-Major Audio; C:\WINNT\s [2007-08-25 40]
R3 SYMDNS;SYMDNS; C:\WINNT\S [2007-08-25 40]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINNT\S [2007-08-25 40]
R3 SYMIDS;SYMIDS; C:\WINNT\S [2007-08-25 40]
R3 SYMIDSCO;SYMIDSCO; C:\WINNT\S [2007-08-25 40]
R3 SYMNDIS;SYMNDIS; C:\WINNT\S [2007-08-25 40]
R3 SYMREDRV;SYMREDRV; C:\WINNT\S [2007-08-25 40]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\s [2007-08-25 40]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\s [2007-08-25 40]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\s [2007-08-25 40]
R3 usbhub20;USB 2.0 Root Hub Support; C:\WINNT\s [2007-08-25 40]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\s [2007-08-25 40]
R3 winachsf;winachsf; C:\WINNT\s [2007-08-25 40]
S2 HidUsb;Microsoft HID Class Driver; C:\WINNT\s [2007-08-25 40]
S3 ATE_PROCMON;ATE_PROCMON; C:\WINNT\s [2007-08-25 40]
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\Common Files\AOL\ACS\ATWPKT2.SYS []
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINNT\s [2007-08-25 40]
S3 bvrp_pci;bvrp_pci; C:\WINNT\s [2007-08-25 40]
S3 ccdecode;Closed Caption Decoder; C:\WINNT\s [2007-08-25 40]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver; C:\WINNT\s [2007-08-25 40]
S3 HSF_DP;HSF_DP; C:\WINNT\s [2007-08-25 40]
S3 mouhid;Mouse HID Driver; C:\WINNT\s [2007-08-25 40]
S3 MPE;BDA MPE Filter; C:\WINNT\s [2007-08-25 40]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\s [2007-08-25 40]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\s [2007-08-25 40]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINNT\s [2007-08-25 40]
S3 nm;Network Monitor Driver; C:\WINNT\s [2007-08-25 40]
S3 nv4;nv4; C:\WINNT\s [2007-08-25 40]
S3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINNT\s [2007-08-25 40]
S3 Scr110;SCR110 Serial Smart Card Reader; C:\WINNT\s [2007-08-25 40]
S3 SCRx31 USB Reader;SCRx31 USB Reader; C:\WINNT\s [2007-08-25 40]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\s [2007-08-25 40]
S3 streamip;BDA IPSink; C:\WINNT\s [2007-08-25 40]
S3 tapvpn;TAP VPN Adapter; C:\WINNT\s [2007-08-25 40]
S3 UIUSys;Conexant Setup API; C:\WINNT\s [2007-08-25 40]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\s [2007-08-25 40]
S3 w70n5;Intel® PRO/Wireless 7100 Adapter Driver; C:\WINNT\s [2007-08-25 40]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\s [2007-08-25 40]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\S [2007-08-25 40]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINNT\s [2007-08-25 40]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-02-29 291960]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2004-05-06 29912]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 GhostStartService;GhostStartService; C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE [2002-08-14 200704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 NWCWorkstation;Client Service for NetWare; C:\WINNT\s [2007-08-25 40]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 SimpTcp;Simple TCP/IP Services; C:\WINNT\s [2007-08-25 40]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2004-05-05 222352]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S2 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-13 138168]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S2 NFServer;NFServer; C:\Program Files\Fortress\AirFortress® Client\NFServer.exe [2002-06-21 110592]
S2 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\S [2007-08-25 40]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]

-----------------EOF-----------------

Well, looks clean to me now.

How is your system running ? Still having problems ?

Chris

Everything's running great, thankfully. The only problem is Firefox not being able to connect. I don't mean to sound picky but Firefox is my web browser of choice. Any suggestions?

Failed to Connect

Firefox can't establish a connection to the server at www.suggestafix.com


Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.
* Are you unable to browse other sites? Check the computer's network connection.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.

I think it has something to do with missing drivers for Network Controller. I can't get them automatically because Windows won't connect. I need a place to download them manually.

upgrade from Windows 2K to Windows XP SP3 and now Internet Explorer won't work either. But weird enough, I can still connect online using AOL. Something's gotta be up with either my LAN settings or something with that Network Controller thing.

If you upgraded to XP SP3, you must reinstall all the motherboard and chipset drivers, as Windows generic drivers may not work as expected with all hardware.

If you don't have the drivers CD, post your motherboard make and model and I will try to find them for you.

Chris

Motherboard:
CPU Type Mobile Unknown, 800 MHz (11.5 x 70)
Motherboard Name Dell Inc. Latitude D610
Motherboard Chipset Unknown
System Memory 503 MB
BIOS Type Phoenix (10/02/05)
Communication Port Communications Port (COM1)
Communication Port ECP Printer Port (LPT1)

Here are the drivers. Download/install all of the proper ones (you may need your original manual to choose the originals).

Warning: Do NOT download/install (reflash) BIOS !

http://support.dell.com/support/downloads/...tid=&impid=

After all properly installed, your system should run smoothly.

Let us know how it goes.

Chris

Nothing's really changed as far as connecting to the internet goes. I checked the firewall settings figuring maybe there's something there that prevents me from connecting. When I click on Windows Firewall in Control Panel, I get the following message.

"Windows Firewall Settings can not be displayed because because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?"

When I click yes, I get "Windows can not start the Windows Firewall/Internet Connection Sharing (ICS) service"

I go to Administrative Tools / Services to start the service manually. I get "Error 1075. The dependency service does not exist or has been marked for deletion."

I check to see what dependencies are listed under Windows Firewall/Internet Connection Sharing and I get "Interface: Class not registered".

Something wrong in the registry or services preventing me from connecting to IE and Firefox?

If you upgraded to XP, all the proper services should be set by default to the registry, unless you skipped some file...

Chris