Hi,
I have a P4,2.53GHz w/500MG RAM. MS 2000 Pro 5.00.2195 SP4. While unprotected, I was infected with multiple virus and spyware content. The baddy was Spydawn which I have removed (for the most part) using the process posted here by Grinler (TY).

HOWEVER, I uninstalled Spydawn three days ago BEFORE I started this process. Who knew? :-(

At step 9 of the Automated removal process "Do you want to clean the registry", I got a warning window saying "Cannot import cleanup.reg: Error accessing registry". I clicked OK and the reboot window did not appear. Got a "Desktop Warning" instead. The notepad log appeared without a reboot. Here it is...



SmitFraudFix v2.147

Scan done at 19:49:57.37, Thu 03/08/2007
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

I still had trouble. Browser wouldn't work right. I could reboot and get online once, access a page, then it would all go south again. Very long time to get a page, then it would open blank and say "done".




I then attempted the manual removal. My System32 folder was in my WINNT folder, not WINDOWS. I couldn't find any of the guilty dll files there. After running the tool again, I got the same "Cannot import cleanup.reg...message that I got before. I never could get Panda to work, but I'm going to try again before I post this. OK, couldn't get there.

More bad news. I use AOL. Might just finally dump it this time. Much trouble logging on.

That's it. I'll be watching. Thanx in advance for any attention I might get on this.

Cheers

Welcome at BC Automat
please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.

When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.In your post refer to this thread

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.