just another "SPYware detected! error 348

I have tried to read through other's posts with this problem, but have had no luck, so here is my hijackthis log.

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\t318\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\t318\Application Data\Mozilla\Profiles\default\dlnsccvp.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\t318\Application Data\Mozilla\Profiles\default\dlnsccvp.slt\prefs.js)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} (Altiris ClientBootstraper Class) - http://tolaltiris/aexns/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = slk.local
O17 - HKLM\Software\..\Telephony: DomainName = slk.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = slk.local

 

Hi,

Your log looks clean. Is it the case where you see these errors when you visit certain websites ? can you give us an example ?

If so, they are probably just popup windows designed to scare you into clicking on them, and ultimately buying their junk

 

No, it's not pop-ups. My homepage keeps being reset to an "eshredder" website (about:blank). I also believed my log to be clean, and that is why I am quite confused.

 

Thomas, could it be something your Altiris server is doing? Can you find out about that? Suppose this is a system in a network; are there more computers with the same happening?
I'm no expert in the HJT field, i thought these about:blank things appeared on the R0 R1 lines which i don't see in your log and can't tell if they should be

How did you conclude it is the "SPYware detected! system error #384", that was not on the About:blank changes only i guess?