[Dippy]

i was told to fix a buddys work computer for a car wash.

when i first saw it i knew it was in trouble so i took it home and started going at it.

ran spybot, SUPER antispyware all fine. but i kept getting problems so i went to Malware Bytes.

this computer is running win2k ... and at the end of the malwarebytes install i get an regsrv32 error with a run time error '0' and '440'

i did some reasearch and did the following:

http://www.malwareby...?showtopic=7053

http://www.malwareby...amp;#entry34171


i still cannot install malwarebytes. same error.

i tried in normal mode and safe mode.

spybot runs and deletes many things and makes navigating in the pc easier but i KNOW there is more on here because everytime i use my thumb drive and put it back into my pc i find a virus on the thumb drive.


i have tried to run, SDFix, SmithfradFix, Norman Malware Cleaner and all do not work. most have errors when trying to run them.

i also am having problems trying to use combofix

another problem is this system is only at Win2k service pack 3 and i cannot upgrade it to service pack 4 because windows update is not working...

there is also a svhost.exe error when at the login screen in normal mode. safe mode does not show it.



here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:14 AM, on 4/29/2009
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\dhcp\svchost.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINNT\System32\Rundll32.exe
C:\WINNT\System32\Rundll32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DynDNS Updater\DynTray.exe
C:\DOCUME~1\MGT\LOCALS~1\Temp\1487271732.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Your Uninstaller 2008\uruninstaller.exe
C:\Program Files\Your Uninstaller 2008\uruninstaller.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {463282BC-EF68-47FE-AB53-68F5809A5C2B} - c:\winnt\system32\fakmdrh.dll
O2 - BHO: C:\WINNT\System32\sjg9s8guigjs.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINNT\System32\sjg9s8guigjs.dll
O2 - BHO: (no name) - {ebfbd8be-aaee-4d0d-851b-9cf98805168c} - C:\WINNT\System32\jenewitu.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [] C:\DOCUME~1\MGT\LOCALS~1\Temp\rg6af78o.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\MGT\LOCALS~1\Temp\rg6af78o.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\MGT\LOCALS~1\Temp\1487271732.exe
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINNT\TEMP\yqvxs9flxv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINNT\TEMP\yqvxs9flxv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINNT\TEMP\2507685836.exe (User 'Default user')
O4 - Global Startup: Initialize ICS.LNK = D:\ICS\PROGS\INITICS.BAT
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1240970045390
O17 - HKLM\System\CCS\Services\Tcpip\..\{3830F3FE-9AEE-4987-981C-FF2AAD72053A}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: sysdiag.dll C:\WINNT\System32\kedinoji.dll c:\winnt\system32\munihole.dll c:\winnt\system32\legekala.dll c:\winnt\system32\nolasiha.dll c:\winnt\system32\ c:\winnt\system32\dajufiwe.dll c:\winnt\system32\fuzuwigi.dll
O20 - Winlogon Notify: aptmmdro - C:\WINNT\SYSTEM32\fakmdrh.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\fuzuwigi.dll
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINNT\System32\sjg9s8guigjs.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\fuzuwigi.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINNT\dhcp\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6169 bytes

Edited by wannabe1, 29 April 2009 - 04:23 PM.

[Advertisements]

I have been running Super Anti spy ware, NOD32 and spy bot

i get the same problems each time i run scans... it doesnt seem like the programs are deleting them...


Any ideas on what to start with?

[Dippy]

I have been running Super Anti spy ware, NOD32 and spy bot

i get the same problems each time i run scans... it doesnt seem like the programs are deleting them...


Any ideas on what to start with?

[Dippy]

no suggestions?