I keep getting critical error messages popping up. It's driving me crazy.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:40 PM, on 11/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\customer\Local Settings\Temporary Internet Files\Content.IE5\FCCI2FI6\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com./
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195771949988
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\mm\mod11\swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7457 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/26/2007 at 06:10 PM
Application Version : 3.9.1008
Core Rules Database Version : 3350
Trace Rules Database Version: 1349
Scan type : Complete Scan
Total Scan Time : 00:26:38
Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 3532
Registry threats detected : 0
File items scanned : 17452
File threats detected : 55
Adware.Tracking Cookie
C:\Documents and Settings\customer\Cookies\customer@csi.valueclick[2].txt
C:\Documents and Settings\customer\Cookies\customer@list[1].txt
C:\Documents and Settings\customer\Cookies\customer@2o7[2].txt
C:\Documents and Settings\customer\Cookies\customer@linksynergy[1].txt
C:\Documents and Settings\customer\Cookies\customer@adrevolver[1].txt
C:\Documents and Settings\customer\Cookies\customer@ad.yieldmanager[1].txt
C:\Documents and Settings\customer\Cookies\customer@01[1].txt
C:\Documents and Settings\customer\Cookies\customer@serving-sys[1].txt
C:\Documents and Settings\customer\Cookies\customer@trafficmp[2].txt
C:\Documents and Settings\customer\Cookies\customer@anad.tacoda[2].txt
C:\Documents and Settings\customer\Cookies\customer@1072735007[2].txt
C:\Documents and Settings\customer\Cookies\customer@www.burstnet[1].txt
C:\Documents and Settings\customer\Cookies\customer@homestore.122.2o7[1].txt
C:\Documents and Settings\customer\Cookies\customer@tacoda[1].txt
C:\Documents and Settings\customer\Cookies\customer@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\customer\Cookies\customer@media.adrevolver[2].txt
C:\Documents and Settings\customer\Cookies\customer@mediaplex[1].txt
C:\Documents and Settings\customer\Cookies\customer@eyewonder[2].txt
C:\Documents and Settings\customer\Cookies\customer@casalemedia[1].txt
C:\Documents and Settings\customer\Cookies\customer@atdmt[2].txt
C:\Documents and Settings\customer\Cookies\customer@apmebf[2].txt
C:\Documents and Settings\customer\Cookies\customer@collective-media[2].txt
C:\Documents and Settings\customer\Cookies\customer@valueclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@advertising[2].txt
C:\Documents and Settings\customer\Cookies\customer@ehg-dig.hitbox[1].txt
C:\Documents and Settings\customer\Cookies\customer@adopt.euroclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@1063670465[1].txt
C:\Documents and Settings\customer\Cookies\customer@anat.tacoda[2].txt
C:\Documents and Settings\customer\Cookies\customer@adrevolver[3].txt
C:\Documents and Settings\customer\Cookies\customer@adopt.specificclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@adlegend[2].txt
C:\Documents and Settings\customer\Cookies\customer@fastclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@sales.liveperson[2].txt
C:\Documents and Settings\customer\Cookies\customer@realmedia[2].txt
C:\Documents and Settings\customer\Cookies\customer@44153975[1].txt
C:\Documents and Settings\customer\Cookies\customer@doubleclick[2].txt
C:\Documents and Settings\customer\Cookies\customer@ads.pointroll[2].txt
C:\Documents and Settings\customer\Cookies\customer@msnportal.112.2o7[1].txt
C:\Documents and Settings\customer\Cookies\customer@adinterax[1].txt
C:\Documents and Settings\customer\Cookies\customer@bs.serving-sys[2].txt
C:\Documents and Settings\customer\Cookies\customer@statcounter[1].txt
C:\Documents and Settings\customer\Cookies\customer@specificclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@cgi-bin[2].txt
C:\Documents and Settings\customer\Cookies\customer@eas.apm.emediate[2].txt
C:\Documents and Settings\customer\Cookies\customer@revsci[1].txt
C:\Documents and Settings\customer\Cookies\customer@questionmarket[1].txt
C:\Documents and Settings\customer\Cookies\customer@adserver[1].txt
C:\Documents and Settings\customer\Cookies\customer@hitbox[1].txt
C:\Documents and Settings\customer\Cookies\customer@ehg-realtytrac.hitbox[2].txt
C:\Documents and Settings\customer\Cookies\customer@www.burstbeacon[1].txt
C:\Documents and Settings\customer\Cookies\customer@zedo[2].txt
C:\Documents and Settings\customer\Cookies\customer@ads.addesktop[1].txt
C:\Documents and Settings\customer\Cookies\customer@centralmediaserver[1].txt
C:\Documents and Settings\customer\Cookies\customer@tribalfusion[2].txt
C:\Documents and Settings\customer\Cookies\customer@adtech[1].txt
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/26/2007 at 06:10 PM
Application Version : 3.9.1008
Core Rules Database Version : 3350
Trace Rules Database Version: 1349
Scan type : Complete Scan
Total Scan Time : 00:26:38
Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 3532
Registry threats detected : 0
File items scanned : 17452
File threats detected : 55
Adware.Tracking Cookie
C:\Documents and Settings\customer\Cookies\customer@csi.valueclick[2].txt
C:\Documents and Settings\customer\Cookies\customer@list[1].txt
C:\Documents and Settings\customer\Cookies\customer@2o7[2].txt
C:\Documents and Settings\customer\Cookies\customer@linksynergy[1].txt
C:\Documents and Settings\customer\Cookies\customer@adrevolver[1].txt
C:\Documents and Settings\customer\Cookies\customer@ad.yieldmanager[1].txt
C:\Documents and Settings\customer\Cookies\customer@01[1].txt
C:\Documents and Settings\customer\Cookies\customer@serving-sys[1].txt
C:\Documents and Settings\customer\Cookies\customer@trafficmp[2].txt
C:\Documents and Settings\customer\Cookies\customer@anad.tacoda[2].txt
C:\Documents and Settings\customer\Cookies\customer@1072735007[2].txt
C:\Documents and Settings\customer\Cookies\customer@www.burstnet[1].txt
C:\Documents and Settings\customer\Cookies\customer@homestore.122.2o7[1].txt
C:\Documents and Settings\customer\Cookies\customer@tacoda[1].txt
C:\Documents and Settings\customer\Cookies\customer@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\customer\Cookies\customer@media.adrevolver[2].txt
C:\Documents and Settings\customer\Cookies\customer@mediaplex[1].txt
C:\Documents and Settings\customer\Cookies\customer@eyewonder[2].txt
C:\Documents and Settings\customer\Cookies\customer@casalemedia[1].txt
C:\Documents and Settings\customer\Cookies\customer@atdmt[2].txt
C:\Documents and Settings\customer\Cookies\customer@apmebf[2].txt
C:\Documents and Settings\customer\Cookies\customer@collective-media[2].txt
C:\Documents and Settings\customer\Cookies\customer@valueclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@advertising[2].txt
C:\Documents and Settings\customer\Cookies\customer@ehg-dig.hitbox[1].txt
C:\Documents and Settings\customer\Cookies\customer@adopt.euroclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@1063670465[1].txt
C:\Documents and Settings\customer\Cookies\customer@anat.tacoda[2].txt
C:\Documents and Settings\customer\Cookies\customer@adrevolver[3].txt
C:\Documents and Settings\customer\Cookies\customer@adopt.specificclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@adlegend[2].txt
C:\Documents and Settings\customer\Cookies\customer@fastclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@sales.liveperson[2].txt
C:\Documents and Settings\customer\Cookies\customer@realmedia[2].txt
C:\Documents and Settings\customer\Cookies\customer@44153975[1].txt
C:\Documents and Settings\customer\Cookies\customer@doubleclick[2].txt
C:\Documents and Settings\customer\Cookies\customer@ads.pointroll[2].txt
C:\Documents and Settings\customer\Cookies\customer@msnportal.112.2o7[1].txt
C:\Documents and Settings\customer\Cookies\customer@adinterax[1].txt
C:\Documents and Settings\customer\Cookies\customer@bs.serving-sys[2].txt
C:\Documents and Settings\customer\Cookies\customer@statcounter[1].txt
C:\Documents and Settings\customer\Cookies\customer@specificclick[1].txt
C:\Documents and Settings\customer\Cookies\customer@cgi-bin[2].txt
C:\Documents and Settings\customer\Cookies\customer@eas.apm.emediate[2].txt
C:\Documents and Settings\customer\Cookies\customer@revsci[1].txt
C:\Documents and Settings\customer\Cookies\customer@questionmarket[1].txt
C:\Documents and Settings\customer\Cookies\customer@adserver[1].txt
C:\Documents and Settings\customer\Cookies\customer@hitbox[1].txt
C:\Documents and Settings\customer\Cookies\customer@ehg-realtytrac.hitbox[2].txt
C:\Documents and Settings\customer\Cookies\customer@www.burstbeacon[1].txt
C:\Documents and Settings\customer\Cookies\customer@zedo[2].txt
C:\Documents and Settings\customer\Cookies\customer@ads.addesktop[1].txt
C:\Documents and Settings\customer\Cookies\customer@centralmediaserver[1].txt
C:\Documents and Settings\customer\Cookies\customer@tribalfusion[2].txt
C:\Documents and Settings\customer\Cookies\customer@adtech[1].txt
BitDefender Online Scanner - Real Time Virus ReportBitDefender Online
Scanner - Real Time Virus Report
Generated at: Mon, Nov 26, 2007 - 17:35:37
Scan Info
Scanned Files55939
Infected Files1
Virus Detected
Trojan.Js.Wonka.QJ1
This summary of the scan process will be used by the BitDefender Antivirus
Lab to create agregate statistics about virus activity around the world.
Full Version: help!
Hi DA3dux, Welcome to the forum
Please can you start with an online scanner and post back the log
Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
- Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Extended
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Please then post back the Kaspersky log and a new HijackThis log
Cheers
Andy
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.