0

Hi,

For a week now I've been fighting with a VX2 on my laptop running W2K with NTFS. At least that's what Adware reports when I run it. It can't clean it, though. I have basically the same sympthoms other people report in the posts. Last night I ran Dllcompare and then Killbox. I entered the dll files from Dllcompare (which I suspect should not be in my system32 folder) into Killbox, without letting it reboot. After the last file I said "OK" to reboot. At that point it responded with "Verifying Reg entries...plz wait" and after that poped up a message with white X in a red circle saying "PendingFileRenamingOperations RegistryData has been Removed from External Process!" and it didn't reboot the machine. I restarted the computer myself and then ran Dllcompare again. In the log file there were again a lot of files listed. So I guess nothing has been done. Do you have an idea what that last Killbox message means? How can I make it reboot?
Thanks

5
Contributors
30
Replies
31
Views
12 Years
Discussion Span
Last Post by crunchie
0

If you want to post a dllcompare log and a findit log, we would be glad to help you out :).

Go here and download FindIt.zip to your Desktop, unzip it and open the FindIt folder and doubleclick on find.bat. Let it run (please be patient, it will take a few minutes) and when it has finished gathering info, it will generate a file called Output.txt. Please copy it and paste it back in this thread.

0

Crunchie, thanks for your readiness to help.

I followed the procedure described in http://www.lavasoftsupport.com/index.php?showtopic=54511&st=0
My machine is a laptop running W2K SP3 with NTFS.

As I said Killbox didn't reboot the machine, I restarted it. Then after I logged in again I ran Ad-ware SE Pro and told it to do a full system scan on next startup , to use delayed loading and clean automatically. Then I rebooted again and ran DLLcompare after Ad-ware finished the scan. It found no suspicious files except msrdo20.dll and rdocurs.dll but I assume those are ok since their date was in 2000. Guard.tmp was also not in the system32 folder. On next reboot Ad-ware also doesn't find any VX2 anymore. At this stage I just continued with the procedure, cleaned the registry and the hosts file. Then rebooted and checked everything again - no trace of VX2. However, my machine continues to be extremely slow. When I open Task Manager I can see that the CPU usage is at 100%. I don't know what is occupying it. Is there any way to understand what is doing this?
Here are my DLLcompare log file and Findit log lile. I ran those in Safe Mode, since the machine is so slow in normal mode. Let me know if I have to do anything else.

Dllcompare:

*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINNT\SYSTEM32\msrdo20.dll    Wed May 10 2000  11:00:00p  A.S..        397,312   388.00 K
C:\WINNT\SYSTEM32\rdocurs.dll    Mon Mar 13 2000  11:00:00p  A.S..        151,552   148.00 K
________________________________________________

1,158 items found:  1,158 files (2 H/S), 0 directories.
Total of file sizes:  211,449,510 bytes    201.65 M

Administrator Account =  True

AppInit_DLLs value = apitrap.dll (not hidden)
--------------------End log---------------------


Findit:

Warning! This utility will find legitimate files in addition to malware. 
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Download\Find It NT-2K-XP

 ------- System Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/05/2005  09:33p      <DIR>          dllcache
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
05/10/2000  11:00p             397,312 Msrdo20.dll
03/13/2000  11:00p             151,552 Rdocurs.dll
               9 File(s)        549,088 bytes
               1 Dir(s)  21,070,811,136 bytes free

 ------- Hidden Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/05/2005  09:33p      <DIR>          dllcache
01/04/2005  06:53p                 124 vsconfig.xml
07/14/2003  07:23p               4,212 zllictbl.dat
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
06/08/2003  11:04p      <DIR>          GroupPolicy
06/08/2003  10:55p              21,692 folder.htt
06/08/2003  10:55p                 271 desktop.ini
              11 File(s)         26,523 bytes
               2 Dir(s)  21,070,801,920 bytes free

 ------------ Files Named "Guard" ---------------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32


 ------ Temp Files in System32 Directory ------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

12/07/1999  07:00a               2,577 CONFIG.TMP
               1 File(s)          2,577 bytes
               0 Dir(s)  21,070,809,600 bytes free

 ------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


 ------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"New Value #1"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


 ------------- Locate.com Results -------------

C:\WINNT\SYSTEM32\
   vsconfig.xml   Tue Jan  4 2005   6:53:18p  A..H.            124     0.12 K

1 item found:  1 file, 0 directories.
   Total of file sizes:  124 bytes      0.12 K

 -------- Strings.exe Qoologic Results --------


 --------- Strings.exe Aspack Results ---------


 -------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"

If you want to post a dllcompare log and a findit log, we would be glad to help you out :).

Go http://castlecops.com/zx/Zupe/Find%20It%20NT-2K-XP.zip]here and download FindIt.zip to your Desktop, unzip it and open the FindIt folder and doubleclick on find.bat. Let it run (please be patient, it will take a few minutes) and when it has finished gathering info, it will generate a file called Output.txt. Please copy it and paste it back in this thread.

Edited by Reverend Jim: Fixed formatting

0

There does not appear to be anything untoward there. Perhaps running in safe mode affected the scan and a normal scan would be more beneficial?
Do you have hijackthis? If not, Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop (in a folder on the desktop is fine) & not directly on your hard drive). If you prefer an executable file, then download from here.
If you have anything disabled in MsConfig, please re-enable it/them.
Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

Silent runners will find things that hijackthis cannot see, if there.

0

I don't think I have msconfig. I typed msconfig in Start > Run and it said there is no such file Can you give some more info on that, please?

0

Sorry, I misunderstood. W2K does not come with Msconfig :). You can download it though. That was one of my 'canned' responses that I use each time required. It saves a lot of typing :D. W2K is the only system without it, I believe. Just ignore that part.

0

OK, good. I have also put hijackthis and silentrunner in separate folders on my hard drive. Is this ok?

Sorry, I misunderstood. W2K does not come with Msconfig :). You can download it though. That was one of my 'canned' responses that I use each time required. It saves a lot of typing :D. W2K is the only system without it, I believe. Just ignore that part.

0

Yes, that's fine. If you run silent runners it will create a log when it has finished scanning. The log will be saved in the same folder it is running from. Copy the contents of that log here.
Run hijackthis and save the entire log and copy that here also.

0

Fine, I'll send the results tomorrow. It's late now here and I'm going to bed :)

Yes, that's fine. If you run silent runners it will create a log when it has finished scanning. The log will be saved in the same folder it is running from. Copy the contents of that log here.
Run hijackthis and save the entire log and copy that here also.

0

I managed to run findit in normal mode - had to wait about an hour to get the log. Also had no problems running hijackthis. However, it seems I'm having problem running silent runners. Their web site says that the script should not take more than some second to run and produce the log. I'm waiting already about an hour and still don't have the log. If I check in the Task Manager it says that the script is still running. Don't know what to do.
May be it is because the machine is still extremely slow.
Found another problem too - actually two of them. First, if I connect the PC to internet (to the cable) and opent IE and want to access for example www.yahoo.com, after a second the URL changes to something like
c:///%20www.yahoo.com and IE says page not found. If I type again www.yahoo.com IE crashes and closes.
Then the second thing I noticed was that if I go in the control panel and try to open Add/Remove Programs it opens an empty window which crashes/closes after half a minute. Something is really not as it is supposed to be in my computer.
Here I attach the logs from findit and hijackthis. If I manage to get the one from silen runners I'll add it later. Thanks for the help.

Findit:

Warning! This utility will find legitimate files in addition to malware. 
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Svilen\Apps\Find It NT-2K-XP

 ------- System Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/05/2005  09:33p      <DIR>          dllcache
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
05/10/2000  11:00p             397,312 Msrdo20.dll
03/13/2000  11:00p             151,552 Rdocurs.dll
               9 File(s)        549,088 bytes
               1 Dir(s)  20,485,458,432 bytes free

 ------- Hidden Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/08/2005  11:24p                  33 FFASTLOG.TXT
01/05/2005  09:33p      <DIR>          dllcache
01/04/2005  06:53p                 124 vsconfig.xml
07/14/2003  07:23p               4,212 zllictbl.dat
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
06/08/2003  11:04p      <DIR>          GroupPolicy
06/08/2003  10:55p              21,692 folder.htt
06/08/2003  10:55p                 271 desktop.ini
              12 File(s)         26,556 bytes
               2 Dir(s)  20,485,449,216 bytes free

 ------------ Files Named "Guard" ---------------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32


 ------ Temp Files in System32 Directory ------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

12/07/1999  07:00a               2,577 CONFIG.TMP
               1 File(s)          2,577 bytes
               0 Dir(s)  20,485,456,896 bytes free

 ------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


 ------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"New Value #1"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


 ------------- Locate.com Results -------------

C:\WINNT\SYSTEM32\
   ffastlog.txt   Sat Jan  8 2005  11:24:04p  A..H.             33     0.03 K
   vsconfig.xml   Tue Jan  4 2005   6:53:18p  A..H.            124     0.12 K

2 items found:  2 files, 0 directories.
   Total of file sizes:  157 bytes      0.15 K

 -------- Strings.exe Qoologic Results --------


 --------- Strings.exe Aspack Results ---------


 -------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"tgcmdprovidersbc"=";\"c:\\program files\\support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf /nosystray"
"LTSMMSG"=";LTSMMSG.exe"
"ControlPanel"=";C:\\WINNT\\System32\\cmd32.exe internat.dll,LoadKeyboardProfile"
"Hcontrol"="C:\\WINNT\\Hcontrol.exe"
"SiS KHooker"=";C:\\WINNT\\System32\\khooker.exe"
"SoundMan"=";SOUNDMAN.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"EM_EXEC"=";C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe SetReg"
"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"BJCFD"=";C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"ABREGMON"="C:\\Program Files\\MKS\\Bin\\ABregmon.exe"


Hijackthis:



Logfile of HijackThis v1.99.0
Scan saved at 1:16:10 PM, on 1/9/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\svilen\apps\psd14\lmgrd.exe
C:\WINNT\Hcontrol.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\ATKOSD.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Svilen\Apps\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.48.49.94:8080
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmdprovidersbc] ;"c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [LTSMMSG] ;LTSMMSG.exe
O4 - HKLM\..\Run: [ControlPanel] ;C:\WINNT\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\Hcontrol.exe
O4 - HKLM\..\Run: [SiS KHooker] ;C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] ;SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] ;C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BJCFD] ;C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddLink.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\aklsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - [url]http://67.19.185.246/i/8/loader2.ocx[/url]
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT![url]http://69.50.163.248/328//main.chm::/update.exe[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3096BE2E-CB1E-4AC6-A6A4-724CE3C517EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3096BE2E-CB1E-4AC6-A6A4-724CE3C517EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3096BE2E-CB1E-4AC6-A6A4-724CE3C517EA}: NameServer = 192.168.1.1
O23 - Service: ArcaBit NetMonitor - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Cadence License Manager - Globetrotter Software Inc - c:\svilen\apps\psd14\lmgrd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: mks_vir antivirus monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Portmap - Unknown - C:\WINNT\System32\portmap.exe (file missing)
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Edited by Reverend Jim: Fixed formatting

0

Could have the culprit here :).

Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "aklsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [ControlPanel] ;C:\WINNT\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O15 - Trusted IP range: (HKLM)

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://67.19.185.246/i/8/loader2.ocx
Topconverting Adware
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.163.248/328//main.chm::/update.exe
Adult Content Dialer

O23 - Service: Portmap - Unknown - C:\WINNT\System32\portmap.exe (file missing)

Reboot into safe mode following the instructions here and navigate to and delete the following if found:

C:\WINNT\System32\cmd32.exe<----file
c:\winnt\system32\aklsp.dll<----file

Reboot normally after doing the above, rescan with hijackthis, then post that log here please.

0

Crunchie,

I followed your instructions. After I rebooted in safe mode there were no instances of the files you mentioned. There is a file called cmdl32.exe which I left untouched.
Yesterday, I found out that my computer was slowed down by lmgrd.exe which is a licence daemon for flexlm. It was occupying close to 100% of the CPU. I renamed the file, so it is not loaded at start up now and the computer runs ok in terms of speed
Where are you? At about what time to you go online here? Just to know when I can expect to "see" you.
Here again are my findit and hijackthis files. Thanks.

Find_it:

Warning! This utility will find legitimate files in addition to malware. 
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Svilen\Apps\Find It NT-2K-XP

 ------- System Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/05/2005  09:33p      <DIR>          dllcache
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
05/10/2000  11:00p             397,312 Msrdo20.dll
03/13/2000  11:00p             151,552 Rdocurs.dll
               9 File(s)        549,088 bytes
               1 Dir(s)  20,636,644,864 bytes free

 ------- Hidden Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/10/2005  09:25a                 484 FFASTLOG.TXT
01/05/2005  09:33p      <DIR>          dllcache
01/04/2005  06:53p                 124 vsconfig.xml
07/14/2003  07:23p               4,212 zllictbl.dat
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
06/08/2003  11:04p      <DIR>          GroupPolicy
06/08/2003  10:55p              21,692 folder.htt
06/08/2003  10:55p                 271 desktop.ini
              12 File(s)         27,007 bytes
               2 Dir(s)  20,636,635,648 bytes free

 ------------ Files Named "Guard" ---------------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32


 ------ Temp Files in System32 Directory ------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

12/07/1999  07:00a               2,577 CONFIG.TMP
               1 File(s)          2,577 bytes
               0 Dir(s)  20,636,643,328 bytes free

 ------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sbcydsl 3.12"="sbcydsl 3.12"


 ------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"New Value #1"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


 ------------- Locate.com Results -------------

C:\WINNT\SYSTEM32\
   ffastlog.txt   Mon Jan 10 2005   9:25:40a  A..H.            484     0.47 K
   vsconfig.xml   Tue Jan  4 2005   6:53:18p  A..H.            124     0.12 K

2 items found:  2 files, 0 directories.
   Total of file sizes:  608 bytes      0.59 K

 -------- Strings.exe Qoologic Results --------


 --------- Strings.exe Aspack Results ---------


 -------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"tgcmdprovidersbc"="\"c:\\program files\\support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf /nosystray"
"LTSMMSG"="LTSMMSG.exe"
"Hcontrol"="C:\\WINNT\\Hcontrol.exe"
"SiS KHooker"="C:\\WINNT\\System32\\khooker.exe"
"SoundMan"="SOUNDMAN.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe SetReg"
"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"ABREGMON"="C:\\Program Files\\MKS\\Bin\\ABregmon.exe"



Hijackthis:


Logfile of HijackThis v1.99.0
Scan saved at 9:35:27 AM, on 1/10/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\Hcontrol.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\ATKOSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Svilen\Apps\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.48.49.94:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\Hcontrol.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddLink.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - [url]http://67.19.185.246/i/8/loader2.ocx[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47F290-75F5-4CFB-A827-BAB20551539C}: NameServer = 151.164.1.8,206.13.28.12
O23 - Service: ArcaBit NetMonitor - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Cadence License Manager - Unknown - c:\svilen\apps\psd14\lmgrd.exe (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: mks_vir antivirus monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Edited by Reverend Jim: Fixed formatting

0

OK, I cleaned that one too.
However, I still can't connect to internet. I reinstalled my ISP's s/w and I can connect to their server, but when I type for example [url]www.yahoo.com[/url] in IE, it returns "page not found". Basically, the same is the effect if I use mozilla. Do you think it's a good idea to reinstall W2K over the present installation - I may have problems with this since I have SP3 installed on the computer and the installation cd is older than that.
But at least now when I open Add/Remove Programs it doesn't crash :-)
One more thing. In terms of protecting my computer against viruses, adware, spyware etc., putting a firewall, what software would you recommend to install?

You know, when I was downloading spywareblaster, I got the message
"Spybot reports that you want to download "Avenue A, Inc.". This is a known threat. Do you want to Bloc this". I say "yes" to block it, but now everytime I open a new page I get this message. There's something sitting in my computer (this is the desktop now, not the laptop). The same is reported for something called "DoubleClick"

I'm in California, so time difference is big :-)

Here are again my last finit and hijackthis logs:

Warning! This utility will find legitimate files in addition to malware. 
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Svilen\Apps\Find It NT-2K-XP

 ------- System Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/05/2005  09:33p      <DIR>          dllcache
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
05/10/2000  11:00p             397,312 Msrdo20.dll
03/13/2000  11:00p             151,552 Rdocurs.dll
               9 File(s)        549,088 bytes
               1 Dir(s)  20,638,195,712 bytes free

 ------- Hidden Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/11/2005  08:54a                 517 FFASTLOG.TXT
01/05/2005  09:33p      <DIR>          dllcache
01/04/2005  06:53p                 124 vsconfig.xml
07/14/2003  07:23p               4,212 zllictbl.dat
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
06/08/2003  11:04p      <DIR>          GroupPolicy
06/08/2003  10:55p              21,692 folder.htt
06/08/2003  10:55p                 271 desktop.ini
              12 File(s)         27,040 bytes
               2 Dir(s)  20,638,186,496 bytes free

 ------------ Files Named "Guard" ---------------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32


 ------ Temp Files in System32 Directory ------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

12/07/1999  07:00a               2,577 CONFIG.TMP
               1 File(s)          2,577 bytes
               0 Dir(s)  20,638,194,176 bytes free

 ------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sbcydsl 3.12"="sbcydsl 3.12"


 ------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"New Value #1"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


 ------------- Locate.com Results -------------

C:\WINNT\SYSTEM32\
   ffastlog.txt   Tue Jan 11 2005   8:55:00a  A..H.            517     0.50 K
   vsconfig.xml   Tue Jan  4 2005   6:53:18p  A..H.            124     0.12 K

2 items found:  2 files, 0 directories.
   Total of file sizes:  641 bytes      0.63 K

 -------- Strings.exe Qoologic Results --------


 --------- Strings.exe Aspack Results ---------


 -------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"tgcmdprovidersbc"="\"c:\\program files\\support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf /nosystray"
"LTSMMSG"="LTSMMSG.exe"
"Hcontrol"="C:\\WINNT\\Hcontrol.exe"
"SiS KHooker"="C:\\WINNT\\System32\\khooker.exe"
"SoundMan"="SOUNDMAN.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe SetReg"
"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"ABREGMON"="C:\\Program Files\\MKS\\Bin\\ABregmon.exe"





Logfile of HijackThis v1.99.0
Scan saved at 9:12:18 AM, on 1/11/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\Hcontrol.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\ATKOSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\ntvdm.exe
C:\Svilen\Apps\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.48.49.94:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\Hcontrol.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddLink.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47F290-75F5-4CFB-A827-BAB20551539C}: NameServer = 151.164.1.8,206.13.28.12
O23 - Service: ArcaBit NetMonitor - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Cadence License Manager - Unknown - c:\svilen\apps\psd14\lmgrd.exe (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: mks_vir antivirus monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Thanks for the help

Edited by mike_2000_17: Fixed formatting

0

Try these sutapanaki.
Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.

Try running IEFIX.htm which will repair IE and run a System File Check.

0

Crunchie,

I think I'm nearing the end of this, so please bear with me just a bit more. I appreciate your help.
I ran LSPFix the way you said. There was nothing in the left window. After pressing Finish the massage said:

Repairs complete
0 NameSpace provider entries removed
0 NameSpace provider entries renumbered
0 Protocol provider entires removed
0 Protocol provider entires renumbered

I ran also IEFIX, but unfortunately this didn't solve the problem. Still can not search in internet. I don't think it is an IE problem. If I use Mozilla, the result is the same.
[COLOR=Red]Do you think it's a good idea to reinstall W2K over the present installation - I may have problems with this since I have SP3 installed on the computer and the installation cd is older than that.
One more thing. In terms of protecting my computer against viruses, adware, spyware etc., putting a firewall, what software would you recommend to install?[/COLOR]

Here once again are my findit and hijackthis files:

Warning! This utility will find legitimate files in addition to malware. 
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Svilen\Apps\Find It NT-2K-XP

 ------- System Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/12/2005  09:35a      <DIR>          dllcache
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
05/10/2000  11:00p             397,312 Msrdo20.dll
03/13/2000  11:00p             151,552 Rdocurs.dll
               9 File(s)        549,088 bytes
               1 Dir(s)  20,499,070,976 bytes free

 ------- Hidden Files in System32 Directory -------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

01/12/2005  08:06p                 716 FFASTLOG.TXT
01/12/2005  09:35a      <DIR>          dllcache
01/04/2005  06:53p                 124 vsconfig.xml
07/14/2003  07:23p               4,212 zllictbl.dat
06/10/2003  10:38a                  32 {CF29D4AD-1F3D-492E-A227-5787F489A6E6}.dat
06/10/2003  10:37a                  32 {287F7370-0A12-47F2-9F40-2FFDB245C853}.dat
06/10/2003  10:36a                  32 {ED8C094E-6A69-4860-AC0F-C6E3B91A3341}.dat
06/10/2003  10:36a                  32 {189B658B-CDA1-450A-98EC-1874B31D592A}.dat
06/10/2003  10:36a                  32 {4B148977-E564-4BD0-B638-DFB135EAFE11}.dat
06/10/2003  10:36a                  32 {0037823A-9B4B-4418-94D9-7CBC61EDC20A}.dat
06/10/2003  10:35a                  32 {0C828796-5EF1-49F1-BF36-2FA0F77C420F}.dat
06/08/2003  11:04p      <DIR>          GroupPolicy
06/08/2003  10:55p              21,692 folder.htt
06/08/2003  10:55p                 271 desktop.ini
              12 File(s)         27,239 bytes
               2 Dir(s)  20,499,061,760 bytes free

 ------------ Files Named "Guard" ---------------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32


 ------ Temp Files in System32 Directory ------

 Volume in drive C is SYSTEM
 Volume Serial Number is 0CD7-2490

 Directory of C:\WINNT\System32

12/07/1999  07:00a               2,577 CONFIG.TMP
               1 File(s)          2,577 bytes
               0 Dir(s)  20,499,069,440 bytes free

 ------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sbcydsl 3.12"="sbcydsl 3.12"


 ------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"New Value #1"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


 ------------- Locate.com Results -------------

C:\WINNT\SYSTEM32\
   ffastlog.txt   Wed Jan 12 2005   8:06:46p  A..H.            716     0.70 K
   vsconfig.xml   Tue Jan  4 2005   6:53:18p  A..H.            124     0.12 K

2 items found:  2 files, 0 directories.
   Total of file sizes:  840 bytes      0.82 K

 -------- Strings.exe Qoologic Results --------


 --------- Strings.exe Aspack Results ---------


 -------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"tgcmdprovidersbc"="\"c:\\program files\\support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf /nosystray"
"LTSMMSG"="LTSMMSG.exe"
"Hcontrol"="C:\\WINNT\\Hcontrol.exe"
"SiS KHooker"="C:\\WINNT\\System32\\khooker.exe"
"SoundMan"="SOUNDMAN.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe SetReg"
"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"ABREGMON"="C:\\Program Files\\MKS\\Bin\\ABregmon.exe"


Logfile of HijackThis v1.99.0
Scan saved at 8:38:55 PM, on 1/12/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\Hcontrol.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\ATKOSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\ntvdm.exe
C:\Svilen\Apps\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.48.49.94:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\Hcontrol.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddLink.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47F290-75F5-4CFB-A827-BAB20551539C}: NameServer = 151.164.1.8,206.13.28.12
O23 - Service: ArcaBit NetMonitor - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Cadence License Manager - Unknown - c:\svilen\apps\psd14\lmgrd.exe (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: mks_vir antivirus monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Edited by mike_2000_17: Fixed formatting

0

I got the message
"Spybot reports that you want to download "Avenue A, Inc.". This is a known threat. Do you want to Bloc this". I say "yes" to block it, but now everytime I open a new page I get this message. There's something sitting in my computer (this is the desktop now, not the laptop). The same is reported for something called "DoubleClick"

This is normal SpyBot behaviour. To have SpyBot block these automatically without asking you for confirmation, do the following:

- Open SpyBot and click on the "Immunize" option in the left-hand pane of the main window.

- In the right-hand pane of the resulting window, check the "enable permanent blocking of addresses in Internet Explorer" option box, and in the drop-down menu box below that, select "Block all bad pages silently"

I'm in California, so time difference is big :-)

I'm in Fairfax, CA, so time difference is not big. :mrgreen:

About your HJT log- I doubt the following entry is legit; have HTJ fix the entry unless you're absolutely sure that you should be running through a proxy server at telmos.net, because that's the name of the company to which the 212.48.49.94 IP address is registered:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.48.49.94:8080

Proxy settings such as the above will have an effect on your browsing regardless of which actual web browser you use...

0

Thanks Mate :-) (Still in CA, just watching Crocodile Dundee)
Fixed Spybot, hope it will not bother me any more.
Yeh, I don't think I need this proxy. The thing is that I'm not able to browse at all and perhaps this is not the only reason.

This is normal SpyBot behaviour. To have SpyBot block these automatically without asking you for confirmation, do the following:

- Open SpyBot and click on the "Immunize" option in the left-hand pane of the main window.

- In the right-hand pane of the resulting window, check the "enable permanent blocking of addresses in Internet Explorer" option box, and in the drop-down menu box below that, select "Block all bad pages silently"


I'm in Fairfax, CA, so time difference is not big. :mrgreen:

About your HJT log- I doubt the following entry is legit; have HTJ fix the entry unless you're absolutely sure that you should be running through a proxy server at telmos.net, because that's the name of the company to which the 212.48.49.94 IP address is registered:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.48.49.94:8080

Proxy settings such as the above will have an effect on your browsing regardless of which actual web browser you use...

0

I also managed finally to run SilentRunners on my computer. Here are the SilentRunners report and my last hijackthis log. Anything unusual this time?


"Silent Runners.vbs", revision 29, launched at: 09:30
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows 2000


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"tgcmdprovidersbc" = ""c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray" ["Support.com, Inc."]
"LTSMMSG" = "LTSMMSG.exe" ["Lucent Technologies"]
"Hcontrol" = "C:\WINNT\Hcontrol.exe" ["ASUSTeK COMPUTER INC."]
"SiS KHooker" = "C:\WINNT\System32\khooker.exe" [file not found]
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"EM_EXEC" = "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"NeroCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" [null data]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]
"ccRegVfy" = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]
"SymTray - Norton SystemWorks" = "C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg" ["Symantec Corporation"]
"HPDJ Taskbar Utility" = "C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]
"BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."]
"ABREGMON" = "C:\Program Files\MKS\Bin\ABregmon.exe" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> CLSID InProcServer32 resolves to: "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}" = "MIME File Types Hook"
-> CLSID InProcServer32 resolves to: "C:\WINNT\system32\url.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> CLSID InProcServer32 resolves to: "C:\WINNT\Downloaded Program Files\ymmapi.dll" ["Yahoo! Inc."]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" = "Eudora's Shell Extension"
-> CLSID InProcServer32 resolves to: "C:\Eudora\EuShlExt.dll" ["Qualcomm Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{081B391A-604F-4727-97A8-AF83216C15C2}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINNT\system32\guard.tmp" [file not found]
"{E947BFB0-CCF0-4AB5-A405-0CA113BDA122}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINNT\system32\sarmdll.dll" [file not found]
"{600280EB-6FEE-4412-A599-2E066FC76E54}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINNT\system32\wti.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "apitrap.dll" ["Symantec Corporation"]


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
"Microsoft Find Fast" -> shortcut to: "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]
"Office Startup" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]
"CleanSweep Smart Sweep-Internet Sweep" -> shortcut to: "C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe" ["Symantec Corporation"]
"Device Detector 2" -> shortcut to: "C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe" ["OLYMPUS Optical Co.,Ltd"]
"Hotkey" -> shortcut to: "C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe" ["ASUS"]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ArcaBit NetMonitor, ABNetMon, "C:\Program Files\MKS\Bin\NetMonSV.exe" ["ArcaBit sp. z o.o."]
DM1Service, DM1Service, "C:\Program Files\Olympus\DeviceDetector\DM1Service.exe" ["OLYMPUS OPTICAL CO.,LTD"]
Fix-It Task Manager, Fix-It Task Manager, "C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe -Service" ["Ontrack Data International"]
mks_vir antivirus monitor, MksVirMonSvc, "C:\Program Files\MKS\Bin\mksmonsv.exe" [empty string]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
PPPoE Service, PPPoEService, "C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe" [null data]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINNT\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]

----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Logfile of HijackThis v1.99.0
Scan saved at 9:17:17 AM, on 1/13/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\Hcontrol.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\ATKOSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\ntvdm.exe
C:\Svilen\Apps\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\Hcontrol.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Svilen\Apps\NetTransport 2\NTAddLink.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47F290-75F5-4CFB-A827-BAB20551539C}: NameServer = 151.164.1.8,206.13.28.12
O23 - Service: ArcaBit NetMonitor - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Cadence License Manager - Unknown - c:\svilen\apps\psd14\lmgrd.exe (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: mks_vir antivirus monitor - Unknown - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

0

The thing is that I'm not able to browse at all and perhaps this is not the only reason.

I don't see anything obviously nasty in your logs now, so perhaps you do have other issues in terms of your connectivity. Here are a few things you can check in that regard:

- It looks as though your computer is diirectly connected to your DSL modem; is that really the case? If so, check the modem's status using whatever configuration/utility sofware it came with. Verify that the modem reports a good connection to your ISP, and that it has obtained valid IP addressing and DNS server info from the ISP.

- If you connect to the modem through a broadband router, check its configuration/status as well.

- In your Start menu, click the "Run..." option, type "cmd" (omit the quotes) in the "Open:" box, and hit enter. In the resulting DOS window, type the following command at the DOS prompt:

ipconfig /all

In the statistics returned by the command, verify that your network adapter has been assigned valid IP, subnet mask, gateway address, and DNS server info.

- While still in the DOS box:

* Try to ping the local "loopback" address of your computer:

ping 127.0.0.1

* Try to ping the IP address that the ipconfig command reported for your network adapter:

ping IP_address_of_adapter

* Try to ping Google by its IP address:

ping 216.239.63.104

* Try to ping Google by URL

ping www.google.com


Let us know what you get.

0

I have a router (linksys) which I use to connect both the desktop and the laptop to share internet. But for now, while I'm still fixing the laptop, I connect it directly to the DSL modem (Efficient networks) and not through the router.
Modem is working fine, because I have no problems browsing internet from the desktop. Moreover, it seems I'm able to connect to the ISP server.
Please see the statistics below

I don't see anything obviously nasty in your logs now, so perhaps you do have other issues in terms of your connectivity. Here are a few things you can check in that regard:

- In your Start menu, click the "Run..." option, type "cmd" (omit the quotes) in the "Open:" box, and hit enter. In the resulting DOS window, type the following command at the DOS prompt:

ipconfig /all

In the statistics returned by the command, verify that your network adapter has been assigned valid IP, subnet mask, gateway address, and DNS server info..

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : mylaptop
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Efficient Networks Enternet P.P.P.o.E Adapter
Physical Address. . . . . . . . . : 44-45-53-54-77-77
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : No
IP Address. . . . . . . . . . . . : 67.116.140.129
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 67.116.140.129
DHCP Server . . . . . . . . . . . : 255.255.255.255
DNS Servers . . . . . . . . . . . : 151.164.1.8
206.13.28.12
Lease Obtained. . . . . . . . . . : Thursday, January 13, 2005 9:09:36 PM
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASUSTeK/Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-0C-6E-40-D8-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.11.143
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :

- While still in the DOS box:

* Try to ping the local "loopback" address of your computer:

ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

* Try to ping the IP address that the ipconfig command reported for your network adapter:

ping IP_address_of_adapter

Pinging 67.116.140.129 with 32 bytes of data:

PING: transmit failed, error code 65.
PING: transmit failed, error code 65.
PING: transmit failed, error code 65.
PING: transmit failed, error code 65.

Ping statistics for 67.116.140.129:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

* Try to ping Google by its IP address:

ping 216.239.63.104

Pinging 216.239.63.104 with 32 bytes of data:

PING: transmit failed, error code 65.
PING: transmit failed, error code 65.
PING: transmit failed, error code 65.
PING: transmit failed, error code 65.

Ping statistics for 216.239.63.104:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

* Try to ping Google by URL

ping www.google.com


Let us know what you get.

Unknown host www.google.com

0

First of all, disable your ZoneAlarm firewall; it appears to at least be blocking the pings (if not more). Here's a link from Microsoft's support site with more info on the firewall and ping error:

http://support.microsoft.com/default.aspx?scid=kb;en-us;q316414

Drop the firewall, try the above tests again, and let us know what you get.

Also: the output of the ipconfig command shows that the same IP address is assigned to both your computer's network adapter and to your default gateway. Can you confirm with your ISP if that is the correct configuration for your connection? The two IPs are usually not identical.

0

It is zone alarm. I have confiquered it to launch at start up. When I disabled this, I was able to connect to internet. Even if I start zone alarm manually after the PC boots up, I have no problems connecting to the Net. I don't know why it behaves like this when it starts up with Windows. Thanks for the help.

First of all, disable your ZoneAlarm firewall; it appears to at least be blocking the pings (if not more). Here's a link from Microsoft's support site with more info on the firewall and ping error:

http://support.microsoft.com/default.aspx?scid=kb;en-us;q316414

Drop the firewall, try the above tests again, and let us know what you get.

Also: the output of the ipconfig command shows that the same IP address is assigned to both your computer's network adapter and to your default gateway. Can you confirm with your ISP if that is the correct configuration for your connection? The two IPs are usually not identical.

0

I don't know why it behaves like this when it starts up with Windows.

I'm not sure why it does that either, but I've also seen McAfee's firewall act the same way sometimes. You may need to go into the firewall setup/rules and do some manual reconfiguration to clear that up. Unfortunately, I haven't use ZoneAlarm in a couple of years, so I can't give you any specific help there; some Googling should give you a few suggestions to try though.

0

Yes, I'll try to fix this myself. Thanks for the help, anyway.
I have one more thing to ask. Is there a software that can tell me the registry entries a program has created/uses. I want to uninstall something. I know that the uninstall will normally clean the registry, but many times there are traces left and in this case I'd like to remove everything related to that software.

I'm not sure why it does that either, but I've also seen McAfee's firewall act the same way sometimes. You may need to go into the firewall setup/rules and do some manual reconfiguration to clear that up. Unfortunately, I haven't use ZoneAlarm in a couple of years, so I can't give you any specific help there; some Googling should give you a few suggestions to try though.

0

There does not appear to be anything untoward there. Perhaps running in safe mode affected the scan and a normal scan would be more beneficial?

when I have to remove spyware of vrises I aways do it in safe mode It makes it easer to get rid of the problem

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.