You should get SP4 and install that. Your W2K will run smoother after that.
Next, stop using IE, install Firefox from
www.getfirefox.com and use that exclusively.
Use IE ONLY for Windows-updates.
Boot in Safe Mode
Run Spybot again and let it IMMUNIZE your files, takes only a few seconds.
Press ctrl/alt/del and in Taskmanager try to STOP:
sdkvh.exe
mshta.exe
mfcrs32.exe
56.tmp.exe
tibs5.exe
loadqm.exe
Decide what you want to do with this program. You should NOT have it running all the time:
C:\Program Files\pcANYWHERE\awhost32.exe
Either STOP the process, or change settings to only start when YOU need it.
Next, run Hijackthis on its own and let it 'fix' (if still there):
C:\WINNT\system32\
sdkvh.exe
C:\WINNT\System32\
mshta.exe
C:\WINNT\system32\
mfcrs32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\
uomdv.dll/sp.html#28129
--->> there could be two files, one of them: sp.html <<---
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\
gvxoc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\gvxoc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\uomdv.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\gvxoc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\gvxoc.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\gvxoc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=sas.ne2.attbb.net:8000;gopher=sas.ne2.attbb.net:8000;http=sas.ne2.attbb.net:8000;https=sas.ne2.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.ne2.attbb.net
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9D869910-F044-4661-4B01-57F9883F0DAA} - C:\WINNT\system32\
winwm.dll
O4 - HKLM\..\Run: [sdkvh.exe] C:\WINNT\system32\sdkvh.exe
O4 - HKLM\..\Run: [56.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
56.tmp.exe 1 28129
O4 - HKLM\..\Run: [tibs5] C:\WINNT\System32\
tibs5.exe
O4 - HKLM\..\Run: [56.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\56.tmp.exe 1 28129
O4 - HKLM\..\Run: [LoadQM]
loadqm.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: pcANYWHERE Host Service - Symantec Corporation - C:\Program Files\pcANYWHERE\awhost32.exe <<== YOU DECIDE ==
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\system32\mfcmu32.exe (file missing)
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
Clean everything in your Temp directory, your temp. internet files, all your cookies etc.
Boot back in normal.