Hi guys this is my log.
I am using Sygate firewall and I checked my security log just now and got this message

"Somebody is scanning your computer.
Your computer's TCP ports:
135, 1025, 445, and 80 have been scanned from 210.24.124.66."

and earlier in the day
"Somebody is scanning your computer.
Your computer's TCP ports:
135, 1025, 2745, and 80 have been scanned from 210.24.74.100.."

Is my ISP scanning my PC or is it some virus or trojan? Some have said that it is a trojan scanning my ports using a remote machine. Also it seems liek my downloads haave slowed down...dunno if this is a coincidence or affcted by certain spyware or trojans.

This is my log

Logfile of HijackThis v1.99.1
Scan saved at 2:44:40 PM, on 4/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
E:\ESM2\eEBSVC.exe
E:\ESM2\SAgent2.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\helpwin.exe
C:\WINDOWS\System32\WinxpSys32.exe
C:\WINDOWS\System32\HP_DeskJet_500.exe
C:\WINDOWS\System32\javavm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\WINDOWS\System32\winmgr.exe
C:\WINDOWS\System32\mspci.exe
C:\WINDOWS\System32\mspn32.exe
C:\WINDOWS\System32\SPOOLER.EXE
E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Messenger\msmsgs.exe
E:\realplayer\RealPlay.exe
C:\jijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://rohprhebmgdjapynxas.info/NC6CdJ0DuIfNF0ViVff__8DDoKUKrA3Stj43nJPAnKA.cgi"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKLM\..\Run: [PPPOEO] pingppac.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Win32 NDIS ] helpwin.exe
O4 - HKLM\..\Run: [Windows Time] winmgr.exe
O4 - HKLM\..\Run: [Microsoft PCI Manager] mspci.exe
O4 - HKLM\..\Run: [Windows TM] WinxpSys32.exe
O4 - HKLM\..\Run: [Windows System Gateway ] SPOOLER.EXE
O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKLM\..\RunServices: [PPPOEO] pingppac.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Win32 NDIS ] helpwin.exe
O4 - HKLM\..\RunServices: [Windows Time] winmgr.exe
O4 - HKLM\..\RunServices: [Microsoft PCI Manager] mspci.exe
O4 - HKLM\..\RunServices: [Windows TM] WinxpSys32.exe
O4 - HKLM\..\RunServices: [Windows System Gateway ] SPOOLER.EXE
O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - HKLM\..\RunOnce: [Win32 NDIS ] helpwin.exe
O4 - HKLM\..\RunOnce: [Windows TM] WinxpSys32.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\Run: [Win32 NDIS ] helpwin.exe
O4 - HKCU\..\Run: [Windows Time] winmgr.exe
O4 - HKCU\..\Run: [Microsoft PCI Manager] mspci.exe
O4 - HKCU\..\Run: [Windows TM] WinxpSys32.exe
O4 - HKCU\..\Run: [Windows System Gateway ] SPOOLER.EXE
O4 - HKCU\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\RunServices: [Microsoft PCI Manager] mspci.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\RunOnce: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\RunOnce: [Win32 NDIS ] helpwin.exe
O4 - HKCU\..\RunOnce: [Windows TM] WinxpSys32.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - E:\ESM2\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Beside the trojan, my spyware doctor always have messages poping out warning me of some such as "[HP Deskjet 500] HP_DeskJet_500.exe". Maybe this are harmless but they are still irritating and can these be deleted?

Can anyone help me to see my log and advise what to remedy? Thanks!

You are quite a mess.

Go here and get one of the free trials of an Anti Trojan and scan for Trojans.
http://www.wilders.org/anti_trojans.htm
---------------------------------------


You will be restarting into Safe mode later.
Go here for directions if you need help:

http://service1.symantec.com/SUPPORT/tsgen...001052409420406
--------

Because XP will not always show you hidden files and folders by default.
Reset your search settings first.

Open Folder Options>view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Next go to Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
--------
If you are on Cable and always connected, disconnect your Modem!
Boot to Safe mode.

Run hijackthis and select the following items. Press the fix checked button.

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe

O4 - HKLM\..\Run: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKLM\..\Run: [PPPOEO] pingppac.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Win32 NDIS ] helpwin.exe
O4 - HKLM\..\Run: [Windows Time] winmgr.exe
O4 - HKLM\..\Run: [Microsoft PCI Manager] mspci.exe
O4 - HKLM\..\Run: [Windows TM] WinxpSys32.exe
O4 - HKLM\..\Run: [Windows System Gateway ] SPOOLER.EXE
O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKLM\..\RunServices: [PPPOEO] pingppac.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Win32 NDIS ] helpwin.exe
O4 - HKLM\..\RunServices: [Windows Time] winmgr.exe
O4 - HKLM\..\RunServices: [Microsoft PCI Manager] mspci.exe
O4 - HKLM\..\RunServices: [Windows TM] WinxpSys32.exe
O4 - HKLM\..\RunServices: [Windows System Gateway ] SPOOLER.EXE
O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - HKLM\..\RunOnce: [Win32 NDIS ] helpwin.exe
O4 - HKLM\..\RunOnce: [Windows TM] WinxpSys32.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\Run: [Win32 NDIS ] helpwin.exe
O4 - HKCU\..\Run: [Windows Time] winmgr.exe
O4 - HKCU\..\Run: [Microsoft PCI Manager] mspci.exe
O4 - HKCU\..\Run: [Windows TM] WinxpSys32.exe
O4 - HKCU\..\Run: [Windows System Gateway ] SPOOLER.EXE
O4 - HKCU\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\RunServices: [Microsoft PCI Manager] mspci.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\RunOnce: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\RunOnce: [Win32 NDIS ] helpwin.exe
O4 - HKCU\..\RunOnce: [Windows TM] WinxpSys32.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


--------------------------

Run the anti trojan program.

Delete any of these files if they still exist: Look for them in the system32 folder. BE careful. Some of these have similiar names to legitimate files. Choose carefully what you delete.


javavm.exe
pingppac.exe
sysmsvc.exe
helpwin.exe
winmgr.exe
mspci.exe
WinxpSys32.exe
SPOOLER.EXE
mspn32.exe
HP_DeskJet_500.exe


----------------
Go to start >Run and type
%TEMP%
Press enter.

Select all and delete all.


Shut down. Reconnect your modem.

Restart into regular Windows mode.


Go for free online Virus scans here:

http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/

Allow Trend to clean.

Panda will not clean, but it wil produce a log. Be sure to create that log and save it.

Post back with all results. The Panda log and a new Hijackthis log.


You need to install Windows XP SP2 and all security updates as well.

Hi Mosiac, thanks for taking time out. I am now stuck here.
I performed the above steps until the part when I am running the http://housecall.trendmicro.com/housecall/start_corp.asp
I got a message from the website asking me to install the setupex.exe for it to work...I suspect its the java application. Anyway I installed and tried to run it but got the following error message,

"You cannot install Windows 98 while running this version of Windows.
Start your computer in MS-DOS mode and then install Windows 98. See the Windows 98 installation guide for further instructions."

I am using Windows XP, not Win 98! Hence I am stuck and I cannot proceed.

And also
1. Regarding deleting some files as instructed in the System 32 folder...I have 2 harddisk and each has it own system 32 folder. So i searched for the files in both system 32 folders and theres this file, sysmsvc.exe, which I cant deleted from the PC sayign it is in use.

2. After I finished the part using hijackthis and connected back my modem and on my PC, I found that some diles such as spooler.exe appeared again.

3. I have a SQL Service server machine running which appear in my taskbar for the pst few weeks but I have no idea how it appeared as I didnt download it. Is it some trojan or spyware?

May I know how do I clear the step regarding the Trend website so I can proceed?

Sorry it works on Explorer but not Netscape...I will come back with the results.

Ok I have finished scanning...sure took a long time on the Pand.

This is the log for the hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:50:06 PM, on 4/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
E:\ESM2\eEBSVC.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
E:\ESM2\SAgent2.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\jijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://rohprhebmgdjapynxas.info/NC6CdJ0DuIfNF0ViVff__8DDoKUKrA3Stj43nJPAnKA.cgi"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - E:\ESM2\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

This is the log for the Panda

Incident Status Location

Virus:Bck/Small.HI Disinfected Operating system
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\System\adcache
Spyware:Spyware/New.net No disinfected C:\WINDOWS\newdotnet*.dll
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\GatorPatch.log
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Adware:Adware/DownloadWare No disinfected Windows Registry
Adware:Adware/FlashTrack No disinfected C:\Program Files\Flt
Spyware:Spyware/BetterInet No disinfected Windows Registry
Spyware:Spyware/Searchcentrix No disinfected C:\Program Files\dynamic toolbar
Adware:Adware/Twain-Tech No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Winad Client
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/WhenUSearch No disinfected C:\Program Files\Common Files\Whenu
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Delta No disinfected Windows Registry
Adware:Adware/Ucontrol No disinfected C:\Program Files\Common Files\ucontrol
Virus:W32/Gaobot.EDJ.worm Disinfected C:\WINDOWS\SYSTEM32\SPOOLER.EXE
Virus:Bck/Small.HI Disinfected C:\WINDOWS\SYSTEM32\hwclock.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\63GDADK1\d2[1].exe.tcf
Virus:Trj/Downloader.XY Disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KXUZSTYV\ie[1].exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KXUZSTYV\dd[1].exe.tcf
Virus:W32/Gaobot.DTS.worm Disinfected C:\WINDOWS\SYSTEM32\TFTP1060
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\SYSTEM32\ii
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\SYSTEM32\oo
Virus:Trj/MS04-011.B Disinfected C:\WINDOWS\SYSTEM32\rpc32.exe
Virus:Trj/Spy.Justin Disinfected C:\WINDOWS\ISNSYS.dll
Adware:Adware/IGetNet No disinfected C:\WINDOWS\TEMP\WinStart001.EXE.dat
Adware:Adware/Gator No disinfected C:\WINDOWS\TEMP\GUU7285.TMP
Spyware:Spyware/New.net No disinfected C:\WINDOWS\newdotnet3_36.dll
Adware:Adware/nCase No disinfected C:\temp\NCasePackage.exe.tcf
Adware:Adware/WUpd No disinfected C:\temp\WinCtlAdInstPack.exe
Virus:Trj/Downloader.XY Disinfected C:\lp.exe
Adware:Adware/MultiMPP No disinfected C:\RECYCLED\Dc40.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/MultiMPP No disinfected C:\RECYCLED\Dc40.tmp\dlmax.dll
Adware:Adware/MultiMPP No disinfected C:\RECYCLED\Dc41.tmp\mxTarget.cab
Adware:Adware/MultiMPP No disinfected C:\RECYCLED\Dc41.tmp\mxTarget.cab[mxTarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\RECYCLED\Dc41.tmp\mxTarget.cab[preInsMt.exe]
Adware:Adware/MultiMPP No disinfected C:\RECYCLED\Dc41.tmp\mxTarget.dll
Adware:Adware/Lop No disinfected C:\RECYCLED\Dc477.exe
Adware:Adware/Lop No disinfected C:\RECYCLED\Dc582.exe
Adware:Adware/Lop No disinfected C:\RECYCLED\Dc606.exe
Adware:Adware/Lop No disinfected C:\RECYCLED\Dc636.exe
Adware:Adware/Lop No disinfected C:\RECYCLED\Dc642.exe
Adware:Adware/Lop No disinfected C:\RECYCLED\Dc649.exe
Adware:Adware/Lop No disinfected C:\RECYCLED\Dc654.exe
Adware:Adware/WUpd No disinfected C:\AutoUpdate.exe.tcf
Adware:Adware/PurityScan No disinfected C:\gam.exe
Virus:Trj/Zapchast.D Disinfected C:\FOUND.027\FILE0001.CHK
Adware:Adware/WUpd No disinfected C:\wuampdr.exe.tcf
Adware:Adware/MultiMPP No disinfected C:\jijackthis\backups\backup-20050207-162236-708.dll
Adware:Adware/Lop No disinfected C:\jijackthis\backups\backup-20050207-162236-532.dll
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\debug safe.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\Delete Date.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\MATHACTIVE.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\bias shim.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\chicstyle.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-57801d7c.zip[InstallerApplet.class]
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\fbqzcyhj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\FirstPopInter.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\shimoptionmathrect.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\aqxvnfwf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\btdnukfl.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\yktvmywl.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\qtuoovqk.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\smqfdumd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\iindgweq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\user\Application Data\OneIdle\kyxpildd.exe
Adware:Adware/MediaTickets No disinfected C:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008362.bat
Virus:Trj/Downloader.AAW Disinfected C:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008558.exe
Adware:Adware/MediaTickets No disinfected C:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008310.exe.tcf[trofkz.REG]
Adware:Adware/MediaTickets No disinfected C:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008310.exe.tcf[x.bat]
Adware:Adware/WUpd No disinfected C:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008310.exe.tcf[wininstall.html]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I12LSH6V\istsvc_updater_sf[1]
Adware:Adware/MediaTickets No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I12LSH6V\mtrslib2[1].js
Adware:Adware/MediaTickets No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7E14D0R\MediaTicketsInstaller[1].cab.tcf
Adware:Adware/MediaTickets No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7E14D0R\MediaTicketsInstaller[1].cab.tcf[MediaTicketsInstaller.ocx]
Adware:Adware/MediaTickets No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7E14D0R\MediaTicketsInstaller[1].cab.tcf[MediaTicketsInstaller.INF]
Adware:Adware/TopRebates No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7E14D0R\webrebates_other[1].exe
Spyware:Spyware/YourSiteBar No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7E14D0R\ysb[1].dll.tcf
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QJW9MDCH\istsvc[1].exe.tcf
Adware:Adware/PowerScan No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QJW9MDCH\powerscan[1].exe.tcf
Adware:Adware/WUpd No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QJW9MDCH\prompt[1].php
Adware:Adware/WUpd No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH07ERM5\bridge-c46[1].cab.tcf[WinAdToolsX.dll]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH07ERM5\index[1].htm
Adware:Adware/MediaTickets No disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\mt.html
Adware:Adware/IPInsight No disinfected E:\Documents and Settings\user\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected E:\Documents and Settings\user\Local Settings\Temp\conscorr.ini
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\index[1].html[index[1]]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\index[3].html[index[3]]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\index[4].html
Adware:Adware/WUpd No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\Info[1].txt
Adware:Adware/SBSoft No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\tbd_web[1].htm
Adware:Adware/nCase No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\180SAInstaller[1].cab.tcf[180SAInstaller.dll]
Adware:Adware/nCase No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\180SAInstaller[1].cab.tcf[180SALib.dll]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\index[2].html[index[2]]
Adware:Adware/WUpd No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\prompt[1].php
Adware:Adware/MediaTickets No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\welcome3[1].htm
Spyware:Spyware/YourSiteBar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\ysb[1].dll.tcf
Adware:Adware/WUpd No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\bridge-c46[1].cab.tcf[WinAdToolsX.dll]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\index[1].html[index[1]]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\index[2].html[index[2]]
Adware:Adware/MediaTickets No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\mtrslib2[1].js
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PP6FTTQ6\index[1].html[index[1]]
Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PP6FTTQ6\istsvc[1].exe
Adware:Adware/PowerScan No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PP6FTTQ6\powerscan[1].exe.tcf
Adware:Adware/WUpd No disinfected E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PP6FTTQ6\WinRatchet[1].exe.tcf
Spyware:Spyware/Relevancy No disinfected E:\Program Files\SearchRelevancy\SearchRelevancy.dll.tcf
Spyware:Spyware/ISTbar No disinfected E:\Program Files\SideFind\istsvc_updater_sf.exe
Adware:Adware/WUpd No disinfected E:\Program Files\Winad Client\ClientCom.dll.tcf
Adware:Adware/WUpd No disinfected E:\Program Files\Winad Client\WinClt.exe.tcf
Adware:Adware/WUpd No disinfected E:\Program Files\Windows AdTools\Info.txt
Adware:Adware/WUpd No disinfected E:\Program Files\Windows AdTools\WinRatchet.exe.tcf
Adware:Adware/WUpd No disinfected E:\Program Files\Windows ServeAd\WinAtServ.dll
Adware:Adware/WUpd No disinfected E:\Program Files\Windows ServeAd\WinServAd.exe
Adware:Adware/WUpd No disinfected E:\Program Files\Windows ServeAd\WinServSuit.exe
Virus:Trj/Zapchast.D Disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP2\A0008086.bat
Virus:Trj/Zapchast.D Disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008199.bat
Virus:Trj/Zapchast.D Disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008268.bat
Spyware:Spyware/ISTbar No disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008270.exe
Spyware:Spyware/YourSiteBar No disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008273.dll.tcf
Adware:Adware/PowerScan No disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008274.exe.tcf
Adware:Adware/WUpd No disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008336.dll.tcf
Adware:Adware/WUpd No disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008337.exe.tcf
Adware:Adware/WUpd No disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008338.exe.tcf
Virus:Trj/Zapchast.D Disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008413.bat
Virus:Trj/Zapchast.D Disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008560.bat
Spyware:Spyware/ISTbar No disinfected E:\System Volume Information\_restore{81D6E979-0104-4728-8901-99C352DD4F3E}\RP3\A0008585.exe.tcf
Spyware:Spyware/BetterInet No disinfected E:\temp\lc.exe.tcf
Adware:Adware/nCase No disinfected E:\temp\NCasePackage.exe.tcf
Adware:Adware/SAHAgent No disinfected E:\temp\SAHPackage.exe
Adware:Adware/WinTools No disinfected E:\WINDOWS\2_0_1browserhelper2.dll.tcf
Spyware:Spyware/ISTbar No disinfected E:\WINDOWS\Downloaded Program Files\istactivex.inf
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\Downloaded Program Files\lsp_.dll
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\Downloaded Program Files\SahHtml_.exe
Adware:Adware/SBSoft No disinfected E:\WINDOWS\Downloaded Program Files\webdlg32.inf
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\Downloaded Program Files\xmlparse_.dll
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\Downloaded Program Files\xmltok_.dll
Spyware:Spyware/YourSiteBar No disinfected E:\WINDOWS\Downloaded Program Files\ysbactivex.inf
Adware:Adware/IPInsight No disinfected E:\WINDOWS\inf\conscorr.inf
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\SAHUninstall.exe
Adware:Adware/WUpd No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\bridge-c46[1].cab.tcf[WinAdToolsX.dll]
Spyware:Spyware/YourSiteBar No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\CASLU78T.HTM
Adware:Adware/SBSoft No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\D96YTFKO\tbd_web[1].htm
Spyware:Spyware/ISTbar No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\index[1].html[index[1]]
Adware:Adware/MediaTickets No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MW3G8DDT\welcome3[1].htm
Adware:Adware/MediaTickets No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\MediaTicketsInstaller[1].cab.tcf
Adware:Adware/MediaTickets No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\MediaTicketsInstaller[1].cab.tcf[MediaTicketsInstaller.ocx]
Adware:Adware/MediaTickets No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\MediaTicketsInstaller[1].cab.tcf[MediaTicketsInstaller.INF]
Adware:Adware/MediaTickets No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NG26N5X4\mtrslib2[1].js
Spyware:Spyware/ISTbar No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PP6FTTQ6\index[1].html
Adware:Adware/WUpd No disinfected E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PP6FTTQ6\prompt[1].php
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\lsp.dll
Adware:Adware/PurityScan No disinfected E:\WINDOWS\system32\mt-uninstaller.exe
Virus:W32/Sdbot.ftp Disinfected E:\WINDOWS\system32\o
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\SahHtml.exe
Adware:Adware/WUpd No disinfected E:\WINDOWS\system32\update.exe.tcf
Adware:Adw

It seems liek this is a limit on the amount of words in a post....

This is the rest of what the previous post has left out.

Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\SahHtml.exe
Adware:Adware/WUpd No disinfected E:\WINDOWS\system32\update.exe.tcf
Adware:Adware/PurityScan No disinfected E:\WINDOWS\system32\vswjrui.dll
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\xmltok.dll
Adware:Adware/Transponder No disinfected E:\WINDOWS\system32\yjmbye.exe.tcf
Adware:Adware/PurityScan No disinfected E:\WINDOWS\system32\TTRIB~1.EXE
Adware:Adware/IPInsight No disinfected E:\WINDOWS\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected E:\WINDOWS\Temp\conscorr.ini
Adware:Adware/SBSoft No disinfected E:\WINDOWS\Temp\ICD2.tmp\webdlg32.inf
Spyware:Spyware/ISTbar No disinfected E:\WINDOWS\Temp\ICD3.tmp\istactivex.inf
Adware:Adware/MediaTickets No disinfected E:\WINDOWS\Temp\installer.exe
Adware:Adware/TopRebates No disinfected E:\WINDOWS\Temp\webrebates.exe

You have two Operating systems and it appears that both are loaded with problems.


Disconnect from the internet.



Go to Start >Run and type
services.msc
Press enter
Scroll to this entry and double click on it to bring up its properties page:

Hardware Clock Driver

Stop the service and set it to disabled.
Apply and exit.

Boot directly to Safe Mode.
Go to Start>run and type hijackthis
Press enter.
Fix this entry:

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe


Delete these folders:
C:\WINDOWS\System\adcache
C:\Program Files\Flt
C:\Program Files\dynamic toolbar
C:\Program Files\Common Files\Whenu
C:\Program Files\Winad Client
C:\Program Files\Common Files\ucontrol
E:\Program Files\SearchRelevancy
E:\Program Files\SideFind
E:\Program Files\Winad Client
E:\Program Files\Winad Client
E:\Program Files\Windows AdTool
C:\Documents and Settings\user\Application Data\OneIdle

Delete these files if they still exist:
C:\WINDOWS\System32\hwclock.exe
C:\GatorPatch.log
C:\Temp\FLEOK
C:\WINDOWS\inf\dlmax.inf
C:\WINDOWS\SYSTEM32\SPOOLER.EXE
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\63GDADK1\d2[1].exe.tcf
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KXUZSTYV\dd[1].exe.tcf C:\WINDOWS\SYSTEM32\TFTP1060
C:\WINDOWS\TEMP\WinStart001.EXE.dat
C:\WINDOWS\TEMP\GUU7285.TMP
C:\temp\NCasePackage.exe.tcf
C:\temp\WinCtlAdInstPack.exe
C:\AutoUpdate.exe.tcf
C:\gam.exe
C:\wuampdr.exe.tcf
C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\debug safe.exe
C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\Delete Date.exe C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\MATHACTIVE.exe C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\bias shim.exe
C:\Documents and Settings\All Users\Application Data\SAVE BIRD DEAD DART\chicstyle.exe
C:\Documents and Settings\user\Application Data\OneIdle\fbqzcyhj.exe
C:\Documents and Settings\user\Application Data\OneIdle\FirstPopInter.exe
C:\Documents and Settings\user\Application Data\OneIdle\shimoptionmathrect.exe

E:\WINDOWS\2_0_1browserhelper2.dll.tcf
E:\WINDOWS\Downloaded Program Files\istactivex.inf
E:\WINDOWS\Downloaded Program Files\lsp_.dll
E:\WINDOWS\Downloaded Program Files\SahHtml_.exe
E:\WINDOWS\Downloaded Program Files\webdlg32.inf
E:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
E:\WINDOWS\Downloaded Program Files\xmlparse_.dll
E:\WINDOWS\Downloaded Program Files\xmltok_.dll
E:\WINDOWS\Downloaded Program Files\ysbactivex.inf
E:\WINDOWS\inf\conscorr.inf
E:\WINDOWS\SAHUninstall.exe
E:\WINDOWS\system32\lsp.dll
E:\WINDOWS\system32\mt-uninstaller.exe
E:\WINDOWS\system32\SahHtml.exe
E:\WINDOWS\system32\update.exe.tcf



Empty your Recycle Bin

Delete the contents of these folders:
E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\

E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5

E:\Documents and Settings\user\Local Settings\Temp

E:\temp

E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5

-----------------

Restart into regular windows mode.

Download the latest version of Ad-Aware SE Personal (Note: Ad-Aware 6.0 has been discontinued!) at http://www.lavasoftusa.com/support/download/

After installing AAW, and before running the program, you NEED to FIRST update it:
Launch Ad-Aware, and click "Check for Updates" above the start button; you'll be prompted to download and install the latest Reference File.


Allow it to clean all it finds.

Do not restart into your other system on E:

That will need to be addressed later. But ad-aware will scan all drives.

----------------
Restart.
Run Hijackthis and post the new log.

Hi Mosiac, I am stuck at the step of installing the Ad-Aware SE Personal. Only this version is available for download 'Ad-Aware SE Personal Edition 1.05 ' but the download doesnt start at all...be it on Netscape, Win explorer or Opera...Any other wasy to install it?

Try going directly to this page.



http://www.download.com/3000-2144-10045910...page&tag=button

Click the download now. If it doesn't work try this link to alternate download pages:




http://www.download.com/Ad-Aware-SE-Person...76.html?tag=dir

Sorry I realised I already had the adware se personal 1.05 installed previously and I managed to complete that step.

This is the new log.
Logfile of HijackThis v1.99.1
Scan saved at 12:21:38 PM, on 4/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\ICQ\ICQ.exe
E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\devldr32.exe
E:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
E:\ESM2\eEBSVC.exe
E:\ESM2\SAgent2.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\jijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://rohprhebmgdjapynxas.info/NC6CdJ0DuIfNF0ViVff__8DDoKUKrA3Stj43nJPAnKA.cgi"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\fo2larsi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113796550162
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - E:\ESM2\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


You are right about the 2 operating systems. There are 2 win XP on my PC but I am only using one. Never used the other one and have long wanted to get rid of it but have no idea how to and I am not sure of the two which is the current one I am using now..

Toy r3ally need to upgrade your windows version. Your current operating system is running from the C: drive. But you do have some things which are in folder on your E: drive, and they are in use. You could reinstall those items and get any files from that drive which you wnat to save, and then format E:
After that edit boot.ini in msconfg>Boot.ini tab >Check all boot paths

It will tell you that the E:Windows install is not valid and ask you if you want to remove it. You would say yes.

There are privacy issues with real. It's up to you to keep or remove.

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll


This can be fixed.
O4 - Global Startup: PowerReg Scheduler.exe

First go back to services.msc and disable this service. Then see if this can be fixed. IF not, we'll use another method.

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

when I went to Services, for the Hardware clock driver prop, under the LOG ON part the services is already dsiabled. Then I used hijackthis to fix it but after which I run the scan again and it appears again.

For the windows upgrade so you mean SP2? I tried to download it and was directed to the microsoft website in the windows update on the microsoft website, and I haev completed the steps on using an internet firewall and getting computer updates. I was not prompted to install any file at all which I suspect something is wrong as this service pck 2 is supposed to be a file which u install on the hard drive?

As for the deleteing of the other OS, does it mean I will have to reformat my whole E drive? I cant do that now as I have a lot of stuff inside in terms of gigs and its impossible to take them all out. Can we get rid of the OS in E drive without affecting the data in E drive? If so, can you guide me along?

Let's see if we can delete that service using sc.exe


go to start>Run and type cmd
press enter

When the command prompt appears paste in this command:

sc Enumdepend hwclock
Press enter and let me know what the outcome is.
If no problems we'll then delete the service. Let me know.

You don't have to format E:


Just go through all the files and folders and delete anything not in use. Like the Windows Folder. Just be sure there is nothing there your current system is using. Same for Program files and documents and Settings. I know you might have a couple of things installed fomr folders there you use.

Prune it out. Then check boot.ini and remove the OS as described to remove it from the boot menu.



What exactly happens when you go to Windows Update? And you are going there using IE and not Netscape, right.

I did what u said and
Enum:entriesRead = 0
was displayed.

For the Windows update there was an error when it was checking for Windows upate and it just stop. I tried on Windows Explorer.

As for deleting the otehr Os, I am really not good at determining what files are supposed to be delteed and what are not and afraid that once I delete something wrongly...kaboom. Is there like a fixed wizard to guide you to remove? Or do I just delete the Windows folder in my E drive?

open the command again and paste this in:

sc delete hwclock

Press enter.

Tell me the message it gives you.


You probably can delete the windows folder on E:

But it is your responsibility to see what you have installed on E:, and where, and still use in your current Install.

Opps I misead your instruction.
I pasted
'sc delete hwclock' under Run and click on Ok and realised what I have done. Then I went to run, cmd, and pasted 'sc delete hwclock' and I got

[SC] Openservice failed 1060:
The specified servie did not exist as an installed service.

I think I will leave my other OS as it is, dotn dare to take the risk. But does having another OS make you vulnerable to attacks, considering you never use it.

Executing that command from run did the trick. The difference is the window didn't stay open to let you see the output telling you it succeeded. But trying it again did tell you the service was no longer there.

If you run hijackthis, you should no longer see that service on the list.

I don't mean to scare you off on deleteing things on E:

The Operating system adds:

Windows and it has a lot of subfolders
Documents and Settings
Program Files

I want you to be careful, that's all.

You can only load and run one Operating system at a time on one computer, so no. You are not more vulnerable because you have some files and folders on another drive. Who knows, some day if your Widnows on C: has a problem, you may boot to E: and rescue the one on C:


I need the exact error you get at Windows Update please.

In that case I will leave my other OS. untouched.

this is the webpage of the windows update
http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us

The following comments
Windows Update has encountered an error and cannot display the requested page. You may find the following resources helpful in resolving the problem:
For self-help options:

Windows Update Response Center

Windows Update Troubleshooter

Windows Update Newsgroups
For assisted support options:

Microsoft Online Assisted Support (no-cost for Windows Update issues)

Read more about steps you can take to resolve this problem yourself.

I found the error...its right at a top corner in a light shade.

0x80072EE2

I used the Windows update troubleshooter to solve it but the first two methods did not work.

The third step

3. A misconfigured Proxy/Firewall can cause this problem. Double-check the Proxy/Firewall settings.
Add the following urls to the exception list within your Firewall/Proxy:
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://download.windowsupdate.com
For help configuring Proxy/Firewall refer to documentation or contact the manufacturer.

Did this resolve your problem?

I couldnt find the part on my Sygate firewall to add the urls.

I have been trying to get you some exact instructions. It may be that you need to allow Svchost access but not server rights.


Have a look at this page too for that error.

http://www.updatexp.com/0x80072ee2.html


Sygate Forums:
http://forums.sygate.com/vb/

thanks man

You're welcome. Did you get it resolved?