Issas, Svshost, Msras, Ntvdm, Spyware/Malware/Virus on Windows 2000

Topic:Issas, Svshost, Msras, Ntvdm, Spyware/Malware/Virus on Windows 2000

Remainpoint:0

Hanzu

PostTime:12/16/2008 8:02:13 AM

Top

Level:

Professional point:

Experience:

Thread:

277

Post:

897

Total online time:

Joined date:

4/28/2007 11:25:00 PM

Last Visit:

12/16/2008 11:33:11 PM

Status:

	Try our remote PC help service to fix your PC instantly(Only cost $19.95)
	Register to make Ads free

Techguys,

I'm running windows professional and have a bunch of programs that just keep coming back. I've run Ewido and Adaway which has killed a few but the main ones are tough. I read on one of the other posts that there is one program that regenerates its name every time you boot up and this program regenerates the others. I also have runthis.bat which stops the programs from running but they regenerate so fast I lose all my computer functions. I'm using process explorer and windows task manager to find them but when I try to stop the process it gives me a warning that I do not have access to stop it (even though I log on as the administrator). I've also tried to manually go to the program to change it's settings to give me access but this also does not work. The malware shows a microsoft identity but it's (not confirmed) which makes it tough to figure out which ones are good and bad. I think one of the renaming programs is spbbcsvc.exe. I'm posting a hjt log and would appreciate any and all help. What are my chances of getting rid of these problems? Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 8:14:32 AM, on 2/9/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mssearchnet.exe
C:\WINNT\System32\nvctrl.exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\desk95.exe
C:\WINNT\System32\viewport.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\System32\hphmon03.exe
C:\WINNT\iau.exe
C:\WINNT\stisvsq.exe
C:\WINNT\svshost.exe
C:\WINNT\msqdevl.exe
C:\WINNT\iau.exe
C:\WINNT\lssas.exe
C:\WINNT\mservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINNT\System32\hp7906.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Norton Personal Firewall 2005 retail Crack] G:\LimeWire\Music\Norton Personal Firewall 2005 retail Crack.exe
O4 - HKLM\..\Run: [WinUpdate] C:\cmon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [wmv license crack] G:\LimeWire\Music\wmv license crack.exe
O4 - HKLM\..\Run: [WinZIP v9.0 Keygen] G:\LimeWire\Music\WinZIP v9.0 Keygen.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vmcleaner] gxlib.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\System32\hphmon03.exe
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [WyvernWorks Ad Away] "C:\Program Files\WyvernWorks\Ad Away 2004\Ad Away.exe" -minimized
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O20 - Winlogon Notify: mljki - C:\WINNT\System32\mljki.dll
O21 - SSODL: WdSMkkLsTxTjGlzD - {2CB2EE41-8618-44EB-33B9-F3525FEF79F2} - C:\WINNT\System32\vt.dll (file missing)
O21 - SSODL: Adware Away v2.2.8.9_is1 - {CC4F6EFF-CDF5-461F-480B-31CBD7C6B35F} - c:\program files\adware away\wcudpy32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver - HP - C:\WINNT\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


PohTayToez	PostTime:12/16/2008 11:49:40 AM	Point:0 \| # 1
Level: 1 Professional point: 3 Experience: 8 Thread: 285 Post: 966 Total online time: 8M Joined date: 4/28/2007 11:55:00 PM Last Visit: 12/16/2008 11:44:45 PM Status:	Fix these with HJT mark them, close IE, click fix checked O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe DownLoad http://www.downloads.subratam.org/KillBox.zip Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode: Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. C:\Program Files\winupdates C:\WINNT\System32\sndcfg16.exe Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. START RUN type in %temp% OK - Edit Select all File Delete Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp Not all temp files will delete and that is normal Empty the recycle bin Boot and post a new log from normal NOT safe mode Please give feedback on what worked/didnt work and the current status of your system


maxman847	PostTime:12/16/2008 12:26:11 PM	Point:0 \| # 2
Level: 1 Professional point: 81 Experience: 32 Thread: 281 Post: 990 Total online time: 32M Joined date: 4/29/2007 12:22:00 AM Last Visit: 12/17/2008 12:54:30 AM Status:	* Click here to download smitRem.exe. Save the file to your desktop. It is a self extracting file. Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop. Do not do anything with it yet. You will run the RunThis.bat file later in safe mode. * * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode. * Restart your computer into safe mode now. Perform the following steps in safe mode: * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. * * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK. * Restart back into Windows normally now. * Run ActiveScan online virus scan here When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself. - Save the results from the scan! Post a new HiJackThis log along with the results from ActiveScan and Go to the link below and download the trial version of SpySweeper: SpySweeper http://www.webroot.com/consumer/prod...rc=4129&ac=pcoh * Click the Free Trial link under "SpySweeper" to download the program. * Install it. Once the program is installed, it will open. * It will prompt you to update to the latest definitions, click Yes. * Once the definitions are installed, click Options on the left side. * Click the Sweep Options tab. * Under What to Sweep please put a check next to the following: o Sweep Memory o Sweep Registry o Sweep Cookies o Sweep All User Accounts o Enable Direct Disk Sweeping o Sweep Contents of Compressed Files o Sweep for Rootkits o Please UNCHECK Do not Sweep System Restore Folder. * Click Sweep Now on the left side. * Click the Start button. * When it's done scanning, click the Next button. * Make sure everything has a check next to it, then click the Next button. * It will remove all of the items found. * Click Session Log in the upper right corner, copy everything in that window. * Click the Summary tab and click Finish. * Paste the contents of the session log you copied into your next reply. Also post a new Hijack This log.


Amy	PostTime:12/16/2008 1:06:07 PM	Point:0 \| # 3
Level: 1 Professional point: 71 Experience: 5 Thread: 316 Post: 950 Total online time: 5M Joined date: 4/28/2007 10:49:00 PM Last Visit: 12/16/2008 11:39:24 PM Status:	Thank you for your help. I used killbox and as you said it said both files did not exist. Here is a new hjt log. Logfile of HijackThis v1.99.1 Scan saved at 7:36:30 PM, on 3/20/2006 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Documents and Settings\Administrator\Desktop\Spy_Sweeper\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.exe C:\WINNT\System32\atiptaxx.exe C:\WINNT\System32\desk95.exe C:\WINNT\System32\viewport.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINNT\System32\hphmon03.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINNT\System32\taskmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe O4 - HKLM\..\Run: [WinampAgent] "F:\Winamp\Winampa.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\System32\hphmon03.exe O4 - HKLM\..\Run: [WyvernWorks Ad Away] "C:\Program Files\WyvernWorks\Ad Away 2004\Ad Away.exe" -minimized O4 - HKLM\..\Run: [SpySweeper] "C:\Documents and Settings\Administrator\Desktop\Spy_Sweeper\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll O21 - SSODL: Adware Away v2.2.8.9_is1 - {CC4F6EFF-CDF5-461F-480B-31CBD7C6B35F} - c:\program files\adware away\wcudpy32.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver - HP - C:\WINNT\System32\HPHipm09.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Documents and Settings\Administrator\Desktop\Spy_Sweeper\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Thanks again.


Nevakonaza	PostTime:12/16/2008 1:26:05 PM	Point:0 \| # 4
Level: 1 Professional point: 58 Experience: 4 Thread: 255 Post: 956 Total online time: 4M Joined date: 4/28/2007 11:29:00 PM Last Visit: 12/16/2008 11:28:56 PM Status:	Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK. Thank you but before I begin I've had trouble with one part of the instructions (when I had help from another tech). Under control panel and display I do not have a "Desktop" tab. There are: background, screensaver, appearance, web, effects and settings and I was unable to find any which had the "Customize Desktop" button. Am I looking in the wrong place or am I just not looking deep enough? I'm assuming every step is vital to my computers health and want to make sure I get this one right. Thank you again.


Hanzu	PostTime:12/16/2008 2:57:56 PM	Point:0 \| # 5
Level: 1 Professional point: 64 Experience: 3 Thread: 277 Post: 897 Total online time: 3M Joined date: 4/28/2007 11:25:00 PM Last Visit: 12/16/2008 11:33:11 PM Status:	Oh I see you are running W2K - Not XP - go ahead with the rest and we'll see what's next


computermaineack	PostTime:12/16/2008 2:59:02 PM	Point:0 \| # 6
Level: 1 Professional point: 8 Experience: 13 Thread: 275 Post: 917 Total online time: 13M Joined date: 4/28/2007 11:37:00 PM Last Visit: 12/16/2008 11:49:17 PM Status:	Now how are things


PC_eye	PostTime:12/16/2008 3:07:46 PM	Point:0 \| # 7
Level: 1 Professional point: 96 Experience: 6 Thread: 271 Post: 1040 Total online time: 6M Joined date: 4/28/2007 11:55:00 PM Last Visit: 12/16/2008 11:36:22 PM Status:	Add remove programs remove Limewire the likely source of your infections Fix these with HJT mark them, close IE, click fix checked R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [Norton Personal Firewall 2005 retail Crack] G:\LimeWire\Music\Norton Personal Firewall 2005 retail Crack.exe O4 - HKLM\..\Run: [WinUpdate] C:\cmon.exe O4 - HKLM\..\Run: [wmv license crack] G:\LimeWire\Music\wmv license crack.exe O4 - HKLM\..\Run: [WinZIP v9.0 Keygen] G:\LimeWire\Music\WinZIP v9.0 Keygen.exe O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe O21 - SSODL: WdSMkkLsTxTjGlzD - {2CB2EE41-8618-44EB-33B9-F3525FEF79F2} - C:\WINNT\System32\vt.dll (file missing) DownLoad http://www.downloads.subratam.org/KillBox.zip Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode: Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. C:\cmon.exe G:\LimeWire C:\Program Files\winupdates C:\WINNT\System32\sndcfg16.exe Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. START RUN type in %temp% OK - Edit Select all File Delete Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp Not all temp files will delete and that is normal Empty the recycle bin Boot and post a new log from normal NOT safe mode Please give feedback on what worked/didnt work and the current status of your system

Sorry, you are not login, click here to login