Oddly enuf, something I d/led on Kazaa got me. It first changed my home page...fixed that. Ran Trojan Hunter, Ad Aware, Spy Bot, CWShredder, and Norton Anti Virus. I found and removed (?) cws.xmlmimefilter, and remnants of Win32n netsky B (sp). Every program comes back clean now, but task manager shows two instances of services.exe running, which takes up 99 - 100 % of CPU resources. This problem does not show in safe mode. I have enclosed copy of the hijack this log in the hope someone can point me in the right direction to solve this. Thanks all.....

Logfile of HijackThis v1.97.5
Scan saved at 11:08:40 AM, on 3/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\ServicePackFiles\i386\services.exe
C:\WINNT\ServicePackFiles\i386\services.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [service] C:\WINNT\ServicePackFiles\i386\services.exe -serv
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.4817824074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Hi,

O4 - HKLM\..\Run: [service] C:\WINNT\ServicePackFiles\i386\services.exe -serv

Added as the result of the NETSKY or NETSKY.B VIRUSES! Note - not to be confused with the valid Windows "services.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt

Info and removal tool;

http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.html

Good luck

There is no reason for any individual to have a computer in his home.
Ken Olsen (1926 - ), President, Digital Equipment, 1977

Report Offensive Follow Up For Removal

PS: Get rid of KaZaa, it includes GATOR! Probably, about the worst spyware ever developed. If you want to DL music, use WinMX instead.

I used the Symanted tool and it solved my problem. Thanks all...

Actually, I use KazaaLite++, but this nasty was included in what was supposed to be a crack. I know, I know.........

I think KazzaLite K++ Edition says it doesnt have anything (Adware/Spyware), but my "n-Case" Adware came from it I am sure, I am diverting to WinMX as specified, I dont download illegal music but I download music made by non-copyright artists as a form of mixing for my own music, I download free distribution samples so does speak...

Oh and Gator is the dirty little bitch in teh world, I am glad someone feels the same way, I wish there headqaurters would burn down and everyone with it, or the point of origin, God, you have a prayer, any God at all, I honor all religions for this request, make thier knuckles bleed!

hehe

No luck... i tried everything listed above and everytime i start my computer, it takes awhile to load b/c services.exe is taking up 99% of the CPU..... This happened after my friend told me to reinstall Kazaa Lite....

Any help is greatly appreciated! Thanks!

---------------------
The Legend Continues
GODZILLA FOREVER
http://go.to/gforever/
----------------------