Hay!I´m really desperate because I don´t know how to solve this problem...I´ve been using LimeWare for a while and now I have a virus on my computer...P2P-Worm.Win32.VB.dw...I am running a sistem scan with a kavdos.exe application, I think it is a some sort of a Kapersky scan...


Can you help me to delete this virus?

thanks

I see that noone has answered the question but I suppose it is my fault because I gave you too little informations...I have done Hijackthis scan and this is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 19:10:52, on 29.4.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\System32\winlog.exe
C:\Program Files\outlook\outlook.exe
C:\windows\mousepad15.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\windows\System32\SKS~1\winword.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\x\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0AB9ABC1-A7EA-4F65-8C18-C01C0D794542} - C:\Program Files\Windows NT\mefo.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [newname] C:\windows\newname15.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad15.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard15.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dme] C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - HKCU\..\Run: [Rnab] "C:\windows\System32\SKS~1\winword.exe" -vt yazr
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\windows\system32\l00u0ad9ed0.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Please help me....also, I´ve been using Spybot S&D and I can´t delete cmd but it doesn´t seems to be a big problem

Thanks one more time ;)

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip).
Unzip it to it’s own folder (c:\BFU)

RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\alcanshorty.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to pop up and press OK.

click "save"

IN "filename" enter log.txt

click exit to exit the BFU program.

Please copy the contents of the log.txt back here in your next reply. The log.txt will be in the C:\BFU\ folder ...

thank you very much, I will do what you said wright now...

I did everything you said and I have saved lod.txt but there is only this in that file:

BFU v1.00.9
Windows XP (WinNT 5.01.2600 )
Script started at 20:23:19, on 29.4.2006

Script completed.

Maybe I did something wrong?:scratch:

Ok, I'll be here :)

I meant to say log.txt instead lod.txt :D

What should I do next?:scratch:

I am so sorry, sometimes I am so stupid when it´s about computers :D

I have one something wrong :D

Here is it:

BFU v1.00.9
Windows XP (WinNT 5.01.2600 )
Script started at 20:28:04, on 29.4.2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\windows\DH.dll|1 (file not found)
Failed: ServiceStop Network Monitor (operation failed)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF3AD6.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF61BB.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF68FB.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF77AC.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF91C0.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DFF9D3.tmp (operation failed)
Failed: FileDelete C:\windows\Temp\ZLT063c7.TMP (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\4X6V052B (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\89ATCVAT (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\D007LX0T (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\E55UVUDK (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\KT2F8LYR (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\SLYB89EZ (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\Y3QB2PUN (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\windows\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FileMove C:\windows\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.


Also, I see there is something wrong here...there are a lot of folders which are "not found":scratch:

You're doing fine. You must have scanned twice with BFU which is why that last log isn't finding anything. Can you please scan with HijackThis and post a fresh log from it please?

Thank you for your patience:)

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 21:23:07, on 29.4.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\windows\System32\SKS~1\winword.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\explorer.exe
C:\Documents and Settings\x\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0AB9ABC1-A7EA-4F65-8C18-C01C0D794542} - C:\Program Files\Windows NT\mefo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dme] C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - HKCU\..\Run: [Rnab] "C:\windows\System32\SKS~1\winword.exe" -vt yazr
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4749/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\windows\system32\l00u0ad9ed0.dll (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

In the mean time I have done a McAfee Virus Scan and this is what it said:

C:\Documents and Settings\...\QXPP~1.EXE Adware-ClickSpring
C:\ Armin_Van_Buuren-A_State_Of_Trance_245_(Fre... W32/Generic.m
C:\Documents and Settings\x\Complete\ Games.zip W32/Generic.m
C:\Documents and Settings\x\Complete\ Music.zip W32/Generic.m
C:\Documents and Settings\x\Complete\ Software.zip W32/Generic.m
C:\(PS2)Fighters megamix 5-in-1 (CVS2,MVC2,MVC2... W32/Generic.m
C:\...\100+ Raven Riley pics SULiik.zip W32/Generic.m
C:\...\100+ Tara Reid pics SULiik.zip W32/Generic.m
C:\...\1400+ Pics of Mariah Carey.zip W32/Generic.m
C:\...\20+ Jessica Alba pics SULiik.zip W32/Generic.m
C:\...\32 AMG Wallpapers SULiik.zip W32/Generic.m
C:\...\3D Stereograms - 3rd Release.zip W32/Generic.m
C:\...\50 Carmen Electra pics SULiik.zip W32/Generic.m
C:\...\56 Ford GT40 Wallpapers SULiik.zip W32/Generic.m
C:\...\60+ Elisha Cuthbert pics SULiik.zip W32/Generic.m
C:\...\70+ Jennifer Lopez pics SULiik.zip W32/Generic.m
C:\...\About CNET Networks.zip W32/Generic.m
C:\Acronis True Image Workstation v9 1 3567 Inc... W32/Generic.m
C:\...\Advanced search.zip W32/Generic.m
C:\Air America Radio - The Laura Flanders Show ... W32/Generic.m
C:\Air America Radio - The Laura Flanders Show ... W32/Generic.m
C:\Documents and Settings\...\All RSS feeds.zip W32/Generic.m
C:\Documents and Settings\...\All Software.zip W32/Generic.m
C:\American Dad S02E13 PDTV XviD-LOL [eztv].zip... W32/Generic.m
C:\Anime Shaman King Full Episodes Complete.zip... W32/Generic.m

Also, I am sorry if I have some English mistakes, I am not from English speaking area :)

The clickspring looks right (I've got that on my list to have you do next). But I'm not sure about the others McAfee found.

Hold on while I'm still writing up the next steps to take.

You had a LOT of different malwares on there.

Make a copy of these instructions

Close all browser and any open windows.

Open HijackThis and do a *Scan Only*. When it finishes, checkmark all of these entries, and then press the *fix checked* button

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {0AB9ABC1-A7EA-4F65-8C18-C01C0D794542} - C:\Program Files\Windows NT\mefo.dll

O4 - HKCU\..\Run: [Dme] C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe

O4 - HKCU\..\Run: [Rnab] "C:\windows\System32\SKS~1\winword.exe" -vt yazr

O20 - Winlogon Notify: Control Panel - C:\windows\system32\l00u0ad9ed0.dll (file missing)

If this is not your ISP, then checkmark these to fix these also
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
...................................
Get this tool from Trend-Micro
Damage Cleanup Engine / Template

NOTE: You must download the tool AND the updates (pattern file) - so follow these instructions carefuly.

http://www.trendmicro.com/download/dcs.asp
Get the Sysclean Package for non-Trend customers.

Grab a copy of the instructions here:
please download the following files
http://www.trendmicro.com/ftp/products/tsc/readme.txt

NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. This file also contains the description and the different features of this package.

Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.


DCT CONTROL RELEASE
Download Latest DCT Control Release
http://www.trendmicro.com/download/pattern-dcs-disclaimer.asp

The Damage Cleanup Template (DCT) Control Release is a pre-release version of Damage Cleanup Template (DCT) and is updated by TrendLabs almost as often as new samples come in. Since it is designed to clean registries and system files from 'in-the-wild' malware infections, DCT Control release receives only preliminary testing. DCT Control Release also must be deployed manually to your product.

Click the link above for additional information and deployment instructions. Users are advised to read the succeeding disclaimer carefully before downloading the current DCT Control Release.

I. Description

This self-extracting archive is a stand-alone fix package that
incorporates the Damage Cleanup Engine and Template. It replaces the
traditional fix tool by addressing a wide variety of system infections
rather than a specific malware infection.


This tool supports the following features:

o Terminate all malware instances in memory
o Remove malware registry entries
o Remove malware entries from system files
o Scan for and delete all malware copies in all local hard drives



II. File List

o sysclean.com - the main executable module
o readme.txt - this file
o lpt$vpn.XXX - downloadable component (see Requirements)



III. Requirements

1. Download the latest pattern file lpt$vpn.XXX in ZIP format as
lptXXX.ZIP from the following location:

<http://www.trendmicro.com/download/pattern.asp>

This file must be saved in the same folder where you run
this fix package.

2. This tool is designed to run under Windows 9x/ME/NT/2000/XP.

For users running Windows NT 4.0, you need to copy the file, PSAPI.DLL,
to the Windows system directory, which is usually C:\WINNT\system32.
You can find the file in the Windows NT 4.0 Setup CD at the
following locations:

\Support\Debug\i386\PSAPI.DLL



IV. Parameters

/NOGUI No GUI (runs the tool in console mode)
/SILENT Run in silent mode (no output display)
<folder> The folder where the tool begins scanning. If
unspecified, this tool scans all local hard drives
/Y Automatically answers yes to all prompts
/? Displays help information



V. How to Use

1. Create a temporary folder and copy SYSCLEAN.COM into this folder.

NOTE: This temporary folder should be created on a local or mapped drive.

2. Download latest pattern file. Extract the downloaded ZIP pattern
file into the created folder.

3. Close all applications running on your system, including any
antivirus software.

4. Run the executable file, SYSCLEAN.COM, by either:

a. Double-clicking the tool in Windows Explorer.
b. Executing it via command prompt using syntax based on the
aforementioned parameters.

4. Enable any antivirus software that is installed on your system and
perform a manual scan.

NOTE: This fix tool generates the log file, SYSCLEAN.LOG, in its
current folder.


Next, post the SYSCLEAN.LOG results back here please.

Ok, I´ll do that and then I´ll answer...;)

I have done everithing you have told me and I have followed each step and I´ve got the SYSCLEAN log file but it is too long to copy it here...is there any other way to post that log here?can I post files on this forum?

I will describe what happened...SYSCLEAN scaned the system and it found a virus WORM GAOBOT.DF and it also cleaned it...

I hope this will help you to help me...

I will come here tomorrow to see what are we going to do next ;)

Thank you one more time for helping me and for patience :)

EDIT:When you saw a log file from a McAfee virus scan you saw ClickSpring and it looked right, but you weren´t sure about the rest?

Well, now I realised that all the rest was from the folder C:\Documents and Settings\x\Complete\ and SYSCLEAN cleaned viruses from THAT folder...and also I think that LimeWare was saving downloaded informations there :scratch:...I think thaht I have downloaded a viruses from LimeWare....

Maybe that will help you...don´t forget the virus in the title of this theme...I don´t is it deleted....

Thanks

You're welcome. We have lots of patience around here :)

Please compress (i.e. put into a zip file) the Sysclean.log and attach to your next reply. In Windows XP right-click the file and select "send to compressed (zipped) folder".

When you press the *Reply* Button scoll down a bit under *Additional Options*

The second section is called "Attach Files" - press the *Manage Attachments* button. Browse to the sysclean.zip file and attach it to your reply. I can then download and review it.

Next, please scan once more with HijackThis and post a fresh HijackThis log too :)

Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:49:01, on 30.4.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\x\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4749/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Also, my zipped SYSCLEAN file is about 45 kb big, and the forum limit is about 39 kb....

I have splited log file on two files, and then those "halves" compressed and here their are :):

First half and the second half of a SYSCLEAN log file:

Also, maybe this will help you...after I contacted you and after you gave me some advices I realised that I can start Windows Task Manager again...probably the SYSCLEAN deleted some virus who was stopping Windows Task MAnager...also, at the begining LimeWare "window" was appearing very often and it was giving me "advice" to install LimeWare again, and now it is not appearing any more...

now I am running Avast home! thorough scan so I can send you a log if that is necessary... :)

Ok, I got the logs from Sysclean - I'm reviewing them now. I'll be back when I'm done :)

Ok, take your time ;)

I've reviewed your logs and looks like it was successful cleaning your PC, however, that is very damaging worm. :( You need to be aware that it may have stolen information or compromised your system!. Trend-Micro calls this Gaobot.df and it had a write up on it.

Here is a description:
Gaobot.DF
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FGAOBOT%2EDF&VSect=T

Backdoor Capabilities

Using a random port, this worm connects to the Internet Relay Chat (IRC) server and joins a specific channel, where it listens for the following commands from a remote malicious user:

Download files from a specified URL
Find, delete, rename or execute files
Flush DNS buffer
Get clipboard data
Get network information
Get system information
Initiate a denial of service (DoS) attack
List or delete network shares
List or terminate processes
Logs keystrokes
Perform IRC commands
Redirect connections
Execute commands using a remote shell
Scan for vulnerabilities
Send email messages
Sniff incoming or outgoing packets
Start an FTP, HTTP, or TFTP server
Steal CD keys
Steal passwords
Visit specified URL
It executes these commands locally on an affected system, providing the remote user virtual control over the machine.


There is more in that link I gave you.

You were likely infected because you are not up to date on critical security updates from windows and you are vulnerable to future attacks as well.

You really need to get SP2 and ALL critical security updates from Microsoft
http://update.microsoft.com/microsoftupdate/

Some final Clean up steps

Go to Start > Run and type in the box: cleanmgr
This will run the Windows disk cleanup utility. Wait while it scans your system and then it will present a list of files/folders to to delete. Make sure these 3 are checkmarked and press *ok* to delete them:

Temporary Files

Temporary Internet Files

Recycle bin

Next: Please reset your system restore in Windows XP
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405

Let me know if you are seeing any remaining problems. You may want to consider a reformat/reinstall as an option if you are able to save your important data and have the original disks to reinstall (but get SP2 first and save it to CD or other removable media) so that you can install SP2 before connecting to the internet after reinstall.

Also be aware of the dangers of using P2P programs. Tashi has written up some very good info here:

File Sharing, otherwise known as Peer To Peer. (P2P)
http://forums.spybot.info/showthread.php?t=282

I hope that is all a help to you. :)

I am running thorough sistem scna with avast an it found adware Clickspring and I deleted it...

I hope to hear you soon :D

Thank you for your help...

I have just finished avast scan and it found about 6-7 viruses...one of them was adware and the rest were trojans...I have deleted them all successfully...

Also, I am not sure I have deleted the P2P-Worm.Win32.VB.dw...is that the other name for WORM GAOBOT?

I still have some pop-ups like Webalize and 1revenue...

I have tried instelling Windows XP Servise Pack 2 earlier but something allways get wrong...I even ordered CD...anyway, I´ll try to install it again because I see it is very important...

I will not use any P2P programes any more...they only brings trouble ;)

Also, I am not sure I have deleted the P2P-Worm.Win32.VB.dw...is that the other name for WORM GAOBOT? Yes, each of the AV companies has different name for it.


see the Aliases at the bottom of this page:
http://vil.nai.com/vil/content/v_133690.htm

It is also sometimes called the Alcra/Alcan worm, but that is the first "fix" we ran to clean your computer (Alcra Remover)

Likely these scanners will find additional remaining odd files and/or registry keys.


I still have some pop-ups like Webalize and 1revenue... You may have some remaining adware/spywares that were installed by this worm. It may help to run the tools listed in this instruction:
http://forums.spybot.info/showthread.php?t=4015


I have tried instelling Windows XP Servise Pack 2 earlier but something allways get wrong...I even ordered CD...anyway, I´ll try to install it again because I see it is very important... Yes, very important. The infections you had may have been preventing the install of SP2. After running the cleaners above in the link I posted, let me know if you are able to install SP2?


I will not use any P2P programes any more...they only brings trouble ;)Smart move. It is not worth the headaches! :bigthumb:

Thank you very much for everything :)

I have downloaded SmitfraudFix,and I have got a rapport.exe log

Now I am downloading ewido,and I will do the rest of "cleaning process"...

I have a Windows SP 2 on a CD and I have tried to install it today but it couldn´t...it gave me a message "Maybe the key is invalid" or something like that...when I bought this computer (new) i have got this Windows XP on it and I have been using it since then....

I will try to install it later after I use all this malware removal tools

I will contact you here then ;)

Ok, Here are some links for how to validate your windows so you can get the updates:

These links should help with that process

Microsoft Genuine Windows
http://www.microsoft.com/genuine/default.mspx?displaylang=en

Genuine Windows FAQ
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

Windows Validation Assistant
http://www.microsoft.com/resources/howtotell/ww/windows/default.mspx

Microsoft Product Activation
http://www.microsoft.com/resources/howtotell/en/mpa.mspx

If you are still having a problem, contract Microsoft's tech support (it is a free service, to help you get your updates issues straightened out)

For support outside the United States and Canada, please contact your Microsoft Help and Support worldwide. Go to this page and choose your region from the box:
http://support.microsoft.com/common/international.aspx

Thank you one more time for saving me and my computer :)

I have done everything you said and here are reports and log files

I will try to install Windows Servise Pack 2 tomorrow and then I will contact you and Microsoft Help and Support center...

Please, have a look at my log files from Hijackthis, Spybot S&D and SmitfraudFix (Clean) and see is it everything allright...

Thanks...

Ok, couple more things we need to do.

1. Please download and unzip Ren-cmdservice to your desktop.
It will only work correctly if the folder is placed on your desktop and extracted.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder and doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.

2. Go to your Control Panel. Look in Add/Remove Programs. Find these two Sun Java programs listed:

Java 2 Runtime Environment, SE v1.4.2_03 1.4.2_03

J2SE Runtime Environment 5.0 Update 3 1.5.0.30

Highlight and press *remove*

Then get the latest version of Sun Java here:
http://www.java.com/en/download/windows_automatic.jsp

or here (manual download):
http://www.java.com/en/download/manual.jsp

And in the future, remember to remove older versions of Java when you automatically update to a newer version to avoid exploitation of older versions left on your system.

Ok, here is the log file from cmdservice :).Is this going to delete cmd service(a problem in Spybot S&D)?I hope it is!:)

Running from C:\Documents and Settings\x\Desktop\ren-cmdservice
No Image Path Listed in Registry

Original perms.

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
Read NT AUTHORITY\INTERACTIVE
Full access BUILTIN\Administrators


-----------------
Adjusted permisions

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
Full access BUILTIN\Administrators
Full access NT AUTHORITY\INTERACTIVE
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access NT AUTHORITY\SYSTEM


-----------------
Deleting cmdservie key
[SWSC] DeleteService FAIL
Delete Network Monitor if present
[SWSC] DeleteService FAIL
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
A Backup made was made, bakhive
Finised, Post the logit.txt then restart your PC please
ren-cmdservice.bat edited 2-4-2006
-----------------


Now I will remove Java and download what you said....

I have done a Spybot scan and these are the results(it didn´t find any spyware!:))

I have deinstalated Java and its update and I have downloaded new Java Runtime 5 Update 6 or something like that...I have followed the link you gave me :)

Is there anything else I should do?

I have followed the links you gave me to Microsoft pages and I have done smoe validating of my Windows and I have found out that I was a victim of software counterfeiting and that my version of Windows is not genuine...what should I do now?I suppose that was the reason I couldn´t upgrade my Windows XP with SP2....:confused:

Is anybody there?:confused:

ok, so you are good to go on all items except genuine windows and the updates?

In the Genuine Windows FAQ Page:
Validation Failure: What if my Microsoft software is not genuine?
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en#Question5Label

Q: What if my copy of Windows or Office fails the validation process or I believe I have received pirated software?
A:
In either case, Microsoft recommends the following actions:

* See your reseller and ask for genuine Microsoft software, using the report provided during the validation session for support. The report explains why your system was unable to validate and provides instructions for further follow-up.
* Visit the Microsoft How to Tell website to learn how to recognize genuine Microsoft software.
* Turn on Automatic Updates to make sure your system is being protected while you are resolving the problem.

Q: Do security updates require validation?
A:
Security updates are not part of WGA or OGA. You can install security updates using the Windows Automatic Updates feature or download them from the Download Center.

A:
Automatic Updates helps you keep your Windows installation current with the latest security updates. Using Automatic Updates does not require validation. Visit Protect Your PC to learn more.
.............
And scoll down a bit to this section on that same page:
What is the genuine Windows offer?

Q: What is the genuine Windows offer?
A:
The Microsoft genuine Windows offer is designed to help customers who unknowingly purchased counterfeit versions of Windows XP by offering those who qualify a complimentary copy or electronic license key for a genuine copy of Windows XP.

Q: What are the details of the genuine Windows offer?
A:
To help customers who unknowingly purchased a counterfeit version of Windows XP, Microsoft has created two genuine Windows offers for those who qualify:

* Complimentary offer: Microsoft will make a complimentary copy of Windows XP available to customers who have been sold counterfeit Windows. Customers will be required to submit a proof of purchase, the counterfeit CD, and a counterfeit report with details of their purchase. Only high-quality counterfeit Windows will qualify for the complimentary offer.
* Electronic License Key Offer: Microsoft will offer an alternative for customers who find out via the WGA validation process that they are not running genuine Windows, but do not qualify for, or choose not to take advantage of, the complimentary offer. These customers will be able to license a Windows Genuine Advantage Kit for Windows XP online for a price of $99 for Windows XP Home edition or $149 for Windows XP Professional. The Windows Genuine Advantage Kit for Windows XP will include a new 25-character Product Key and a Windows Product Key Update tool that will allow customers to convert their counterfeit copy to genuine Windows XP electronically.


Q: How is the Windows Genuine Advantage Kit for Windows XP different from the product available from resellers?
A:
Windows Genuine Advantage Kit for Windows XP is packaged differently and is only distributed by Microsoft directly to customers who qualify for the genuine Windows offer. It is not intended for resale.

Q: Can I install updates for Windows XP if am using Windows Genuine Advantage Kit for Windows XP?
A:
Yes.

And follow on down to the next section to those Q & A
Requirements and limitations of the genuine Windows offer

http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

Yes, I solved every problem on my computer (with your help ;)).Now it is clean :D

I owe you a lot...I don´t know how can I repay you...I you need anything just e-mail me and I will be happy to help you ;)

Yes, I solved every problem on my computer (with your help ;)).Now it is clean :D

I owe you a lot...I don´t know how can I repay you...If you need anything just e-mail me and I will be happy to help you ;)

Glad we could help Rock Princess! :)

Since your issues appear to be resolved, I'll go ahead and archive this thread. should need any further assistance please feel free to start a new topic or PM me to open this one back up.