cmdservice! not able to remove with the thread already there, i tried with all the thread already in this forum but was not able to do so because my computer as probably not the same OS then these people.

Please help me to remove the crap in my system, i disconnected this computer from the internet because as soon as i'm reconnecting it pop-ups and spyware or virus are coming back in minutes.

My OS is Win2000 server. and i already try a couple of different program like spybot, ewido, xoftspy, clamwin and more that are still install on my computer like l2mfix, blbeta.exe and hijackthis.

everything else except cmdservice in HKLM\system\currentcontroleset\cmdservice looks like is staying there.

Thank you in advance for your help.
Jack

P.S. Sorry for my english i'm from Canada, Québec and i'm a french person.

No problem. My french ain't that hot either. :)

Please download and unzip Ren-cmdService (http://downloads.subratam.org/Lon/ren-cmdservice.zip) to your desktop.
This is important. It will only work if the folder is placed on your desktop.

Open the ren-cmdservice folder by doubleclicking it and then doubleclick the ren-cmdservice.bat file to run the program.

Your default email program will be activated. Please follow the instructions for submitting the files.

When the program finishes there will be a logit.txt file in the ren-cmdservice folder post the content of that file on the forum please.

Here is the logit.txt

Can't send you the zip file with the infected computer because he is not on the net for the moment i used another computer and i copied the files on a disc, can i send it to you by the forum or by hotmail from another computer?

Thanks

cmdservice seems to be gone now, but now i have the spyware.look2me in my system that i can't get rid of.

Thanks for the cmdservice removal program. Jack

Hi Jack,

I'll need to see a HijackThis log to help you with that.

Follow the instructions here (http://home.planet.nl/~kleyn080/hijackthisexplanation.html).

Ok here is the Hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 14:29:52, on 02/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\winnt\asuskbservice.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\winnt\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
f:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\winnt\System32\llssrv.exe
C:\winnt\system32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\winnt\system32\rundll32.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\winnt\system32\Dfssvc.exe
C:\winnt\system32\wuauclt.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\SpywareDetectorSVC.exe
C:\winnt\system32\SDSystemTray.exe
C:\Program Files\SpywareDetector\SDMonitor.exe
F:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "f:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpybotSnD] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [SystemTraySD] C:\winnt\system32\SDSystemTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\Program Files\SpywareDetector\SDMonitor.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\winnt\system32\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 1.1.3.lnk.disabled
O4 - Startup: Photo Express Calendar Checker SE.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: E-Color.lnk.disabled
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O20 - Winlogon Notify: MS-DOSOptions - C:\WINNT\system32\hrls0537e.dll
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\winnt\asuskbservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\winnt\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - f:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\winnt\system32\nvsvc32.exe
O23 - Service: SpyDetectSVC - Max Secure Software - C:\winnt\system32\SpywareDetectorSVC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Yup. That's the one. :(

Download L2mfix from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Close any programs you have open since this step requires a reboot.
>From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

l2mfix process is done but when i reboot it's really slow so i'm sorry if it's taking time to post back the log

Here they are


L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.


Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (212 bytes security) (deflated 85%)

____________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 14:54:36, on 02/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\winnt\asuskbservice.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\winnt\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
f:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\winnt\System32\llssrv.exe
C:\winnt\system32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\System32\rsvp.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\SpywareDetectorSVC.exe
C:\winnt\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\winnt\system32\SDSystemTray.exe
C:\Program Files\SpywareDetector\SDMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\winnt\system32\Dfssvc.exe
F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\winnt\system32\wuauclt.exe
F:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
C:\winnt\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "f:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpybotSnD] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [SystemTraySD] C:\winnt\system32\SDSystemTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\Program Files\SpywareDetector\SDMonitor.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\winnt\system32\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 1.1.3.lnk.disabled
O4 - Startup: Photo Express Calendar Checker SE.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: E-Color.lnk.disabled
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\winnt\asuskbservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\winnt\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - f:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\winnt\system32\nvsvc32.exe
O23 - Service: SpyDetectSVC - Max Secure Software - C:\winnt\system32\SpywareDetectorSVC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Good job.

Next step. Get rid of Max Spyware Detecor:
http://castlecops.com/o23list-989.html

Use Add/Remove Software to uninstall it.

You can fix this entry:

O23 - Service: SpyDetectSVC - Max Secure Software - C:\winnt\system32\SpywareDetectorSVC.exe

And I think you should fix this one too:
O4 - HKLM\..\Run: [ClamWin] "f:\Program Files\ClamWin\bin\ClamTray.exe" --logon

But that's mainly because it isn't advisable to run 2 AV's on one computer simultaneously and you are already running AntiVir.

So now do you think everything is back to normal and i can go back on the net with this computer (because i unplugged it a couple of days ago when i found the problem)?

What are you recommending me to use as anti-spyware and/or anti-virus program

Most Anti-Virus programs are OK these days.

I would feel silly advising anything else then Spybot S&D agaisnt spyware.
But at least make sure NOT to get any of these:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

And I'd add a firewall to the list of necessities.
Please read: http://forums.spybot.info/showthread.php?t=279

Thank you very much for your help, i will try to go back on the net now.

Thanks Jack.:bigthumb:

I'm sorry but i tried to passed EWIDO and he is still detecting the spyware.look2me, what's going on??

Help me again please

Here is my EWIDO log and my Hijackthis log --------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 15:35:05, 02/02/2006
+ Somme de contrôle: 16AAAFEE

+ Résultats du scan:

C:\winnt\system32\fp8403lqe.dll -> Spyware.Look2Me : Nettoyer sans sauvegarder
C:\winnt\system32\n48olel31hq.dll -> Spyware.Look2Me : Nettoyer sans sauvegarder
C:\winnt\system32\uvpnpmgr.dll -> Spyware.Look2Me : Nettoyer sans sauvegarder


::Fin du rapport

________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 15:38:31, on 02/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\winnt\asuskbservice.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\winnt\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
f:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\winnt\System32\llssrv.exe
C:\winnt\system32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\winnt\system32\Dfssvc.exe
F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\winnt\system32\wuauclt.exe
C:\winnt\System32\svchost.exe
F:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpybotSnD] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 1.1.3.lnk.disabled
O4 - Startup: Photo Express Calendar Checker SE.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: E-Color.lnk.disabled
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\winnt\asuskbservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\winnt\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - f:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\winnt\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

It just cleaned up some files that were active before and not anymore now.

Nothing to worry about, unless it finds others like it, in the next scan.

To be on the safe side.

Click Start > Run > and copy this command Services.msc and click OK
In the list of services that appears look for Secondary Logon, select it and rightclick the line with that service. Choose properties. On the General tab find the selector for the Startup type and set it to manual and then start the service.

Then run the L2Mfix again.
Post the log it creates.

Do you know what (secondary logon would be in french) my system is in french and i can't see witch one it is?

I think i found the secondary logon (execution par délégation) you think it's the right one?

after i made that i passed the l2mfix as ask
here is the log

P.S. EWIDO is not finding anything now
_______________________________________
L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.


Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (212 bytes security) (deflated 85%)

__________________________________

Here is the HJT log after the reboot


Logfile of HijackThis v1.99.1
Scan saved at 17:23:06, on 02/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\winnt\asuskbservice.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\winnt\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
f:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\winnt\System32\llssrv.exe
C:\winnt\system32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\System32\rsvp.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\winnt\system32\Dfssvc.exe
C:\winnt\system32\wuauclt.exe
C:\winnt\System32\svchost.exe
F:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpybotSnD] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 1.1.3.lnk.disabled
O4 - Startup: Photo Express Calendar Checker SE.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: E-Color.lnk.disabled
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\winnt\asuskbservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\winnt\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - f:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\winnt\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

It seem's that the program zone alarm and Kerio can not be used on a win2000 server system and the sygate doesn't exist anymore they discontinued the product, do you have another one you can tell me who would be compatible with my OS.

Thanks Jack.

P.S. I'm back on the net now and it's looking good.

Yep. Good job. :bigthumb:

As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the topic.
Glad we could help. :beerbeerb