Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
I've tried to follow the same steps, but it seems everytime I try to do a scan, install a new malware remover, or even just run HJT, the program just errors out and things go further south. So, I thought I might ask you guys for some help. Here is my nutshell status:
1. I'm in safe mode, because now no other mode will boot up.
2. Symantec antivirus appears to be removing malware, but I notice symantec's virus definition date is now "blank".
3. I changed HJT to scanner.exe and finally got a log again. Below is my current HJT log...
4. Yes, I have a separate workstation on which I'm communicating with you.
Can you help?
Logfile of HijackThis v1.99.1
Scan saved at 2:10:50 PM, on 10/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Hijackthis\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Riddick Engineering Corporation
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - D:\WINNT\system32\mmweoppl.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O2 - BHO: (no name) - {F2A8EFAB-2F2A-4128-96C0-FCA8DEAE10B8} - D:\WINNT\system32\ddcbx.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [09421dad] rundll32.exe "D:\WINNT\system32\acgkikbb.dll",b
O4 - HKLM\..\RunServices: [helloworld] nb32ext3.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8183] command /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2147] cmd /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1630] command /c del "D:\WINNT\system32\kodsrngn.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC819] cmd /c del "D:\WINNT\system32\kodsrngn.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA82] command /c del "D:\WINNT\system32\dwdsrngt.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2618] cmd /c del "D:\WINNT\system32\dwdsrngt.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2721] command /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3272] cmd /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5210] command /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1263] cmd /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [VundoFix] "T:\UPGRADES\AntiVirus\VundoFix\vundofix.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6813] command /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1254] cmd /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6799] command /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9519] cmd /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FlashPath Monitor.lnk = E:\SmartDisk\FlashPath\sdstat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3D679FAC-C75F-11D2-A4D6-00C04F68FE3A} (PJ9enuC Class) - http://mp.usintellig...033/pjcintl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {484A7A26-FDB0-11D0-8D2B-00C04FB92E89} (MS Project Text Conversion Class) - http://mp.usintellig...ts/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131651202055
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://ftp.hp.com/pu...ayer/isetup.cab
O16 - DPF: {EA29E197-44E3-45BE-84C1-5869B67BDE01} (IntraLaunch.MainControl) - file://\\Server-r2\INTERNET\Webpages\riddickeng-com\Intranet\IntraLaunch\sample\IntraLaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = riddickeng.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = riddickeng.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = riddickeng.com
O20 - Winlogon Notify: NavLogon - D:\WINNT\system32\NavLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
