rdrv.sys keeps re-appearing after deleting manually. I have made the necessary deletions and modifications in regedit as instructed by symantec and other sources which all were very similar.
I updated and ran the following software as instructed and got the following results: This was done in safemode with no network cable connected.
Windows Update: Windows 2000 Advanced Server - All Updates completed
Adaware SE: No spyware detected - all clean
CleanUp! - deleted alot of stuff
CWShredder - nothing was present exept for "CWS.AboutBlank"
SpyBot S&D - Nothing found
Ewido - nothing found or fixed
TrojanHunter - no trojan found (Symantec however finds Trojan.cache.cache.kit)
All software illustrated above was ran exactly how described in the following webpage: http://www.geekstogo...?showtopic=2852
PS. The primary purpose of this server is to run Lintivity software (Very similar to WebEx) and LogmeIn.com which is a web hosted PCanywhere.
Logfile of HijackThis v1.99.1
Scan saved at 10:50:23 PM, on 8/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Chat Anywhere\chatanyw.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NetTime\NetTime.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Chat Anywhere\NTService.exe
C:\Documents and Settings\Administrator\My Documents\My Downloads\Virus Clean RR\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [WDTRAYSetup] C:\Program Files\Linktivity\connectionpoint\cnptray.exe
O4 - HKLM\..\Run: [NetTime] C:\Program Files\NetTime\NetTime.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCB7DBA-5895-4492-86F1-C24CEE5C883F}: NameServer = 10.240.89.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F488B-9A7A-45D6-98F4-60A3D09F2014}: NameServer = 10.240.89.215
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Chat Anywhere - LionMax Software - C:\Program Files\Chat Anywhere\NTService.exe
O23 - Service: Linktivity MS ConnectionPoint (ConnectionPoint) - Linktivity, Inc. - C:\PROGRA~1\LINKTI~1\CONNEC~1\CONNEC~1.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Linktivity Sun ConnectionPoint (jService) - Spartacom, Inc. - c:\progra~1\Linktivity\ConnectionPoint\jService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NetTime (NetTimeSvc) - Unknown owner - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Kernel - Unknown owner - C:\WINNT\svchost.exe