G
Guest
Last night I was using my computer and all of a sudden my taskbar is flooded with lots of error messages from Symantec Antivirus. They said something about not being able to send an email to an @yahoo.com address i'd never heard of.
i closed them all and had no problems untill i started it up this morning. when windows boots up an error message comes up saying that there is a problem with the antivirus monitor and that my system must be restarted, as it will not be protected from viruses, in the hope that the program will load properly next time.
i've fixed the restarting problem by using the run>shutdown -a command. i was told my computer could have the blaster or isass viruses. i downloaded the following updates from microsoft, Windows-KB833330-ENU, WindowsXP-KB823980-x86-ENU, WindowsXP-KB824146-x86-ENU
i also downloaded a blaster worm removal tool from Symantec, but when i go to run the tool an error informs me that i do not have the administrator rights to run the tool
a couple of other things i noticed after i got my computer to stop restarting that might help you work out what it is were- the details of my dialup connection had been cleared, msn messenger won't sign in, telling me that the username or password i have entered are incorrect. trust me, correct. i also tried using system restore and recieved another error telling me i did not have proper adminsitrative rights to access it
this is a log file from of a program called hijack this.. it tells you what processes have accessed your computer
here's the log
Logfile of HijackThis v1.97.
Scan saved at 10:31:38 PM, on 20/04/200
Platform: Windows XP SP1 (WinNT 5.01.2600
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106
Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\system32\spoolsv.ex
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.ex
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.ex
C:\WINDOWS\Explorer.EX
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.ex
C:\WINDOWS\System32\taskswitch.ex
C:\Program Files\Common Files\Symantec Shared\ccApp.ex
C:\Program Files\Common Files\Real\Update_OB\realsched.ex
C:\Program Files\Messenger Plus! 2\MsgPlus.ex
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.ex
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb
8.ex
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.ex
C:\WINDOWS\System32\ctfmon.ex
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.ex
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EX
C:\WINDOWS\system32\pctspk.ex
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\System32\Fast.ex
C:\Program Files\Internet Explorer\iexplore.ex
C:\Program Files\GetRight\GETRIGHT.EX
C:\Program Files\GetRight\GETRIGHT.EX
C:\WINDOWS\Explorer.EX
C:\Program Files\Norton AntiVirus\navapsvc.ex
C:\PROGRA~1\NORTON~2\navw32.ex
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.ex
C:\WINDOWS\System32\msiexec.ex
C:\Program Files\MSN Messenger\msnmsgr.ex
E:\My Documents\HijackThis.ex
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.bigpond.co
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra Big Pond Busines
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dl
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O3 - Toolbar: Find - {8D029AEC-E412-4948-84B5-699A740946AE} - %SystemRoot%\System32\iefind.dll (file missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.oc
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Big Pond (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://business.bigpond.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c....CAB?37884.1225
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D28873AE-DEC9-47B4-AC90-BB64A2B042F3}: NameServer = 192.189.54.37 192.189.54.26
i also did a scan with adaware 6. thought it might help. here's the log:
http://www.sleepfield.live.com.au/adawarelog.TXT
sorry about the huge post, but there was a lot to explain. thanks in advance to anyone who can help.
i closed them all and had no problems untill i started it up this morning. when windows boots up an error message comes up saying that there is a problem with the antivirus monitor and that my system must be restarted, as it will not be protected from viruses, in the hope that the program will load properly next time.
i've fixed the restarting problem by using the run>shutdown -a command. i was told my computer could have the blaster or isass viruses. i downloaded the following updates from microsoft, Windows-KB833330-ENU, WindowsXP-KB823980-x86-ENU, WindowsXP-KB824146-x86-ENU
i also downloaded a blaster worm removal tool from Symantec, but when i go to run the tool an error informs me that i do not have the administrator rights to run the tool
a couple of other things i noticed after i got my computer to stop restarting that might help you work out what it is were- the details of my dialup connection had been cleared, msn messenger won't sign in, telling me that the username or password i have entered are incorrect. trust me, correct. i also tried using system restore and recieved another error telling me i did not have proper adminsitrative rights to access it
this is a log file from of a program called hijack this.. it tells you what processes have accessed your computer
here's the log
Logfile of HijackThis v1.97.
Scan saved at 10:31:38 PM, on 20/04/200
Platform: Windows XP SP1 (WinNT 5.01.2600
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106
Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\system32\spoolsv.ex
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.ex
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.ex
C:\WINDOWS\Explorer.EX
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.ex
C:\WINDOWS\System32\taskswitch.ex
C:\Program Files\Common Files\Symantec Shared\ccApp.ex
C:\Program Files\Common Files\Real\Update_OB\realsched.ex
C:\Program Files\Messenger Plus! 2\MsgPlus.ex
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.ex
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb
8.ex
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.ex
C:\WINDOWS\System32\ctfmon.ex
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.ex
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EX
C:\WINDOWS\system32\pctspk.ex
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\System32\Fast.ex
C:\Program Files\Internet Explorer\iexplore.ex
C:\Program Files\GetRight\GETRIGHT.EX
C:\Program Files\GetRight\GETRIGHT.EX
C:\WINDOWS\Explorer.EX
C:\Program Files\Norton AntiVirus\navapsvc.ex
C:\PROGRA~1\NORTON~2\navw32.ex
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.ex
C:\WINDOWS\System32\msiexec.ex
C:\Program Files\MSN Messenger\msnmsgr.ex
E:\My Documents\HijackThis.ex
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.bigpond.co
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra Big Pond Busines
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dl
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O3 - Toolbar: Find - {8D029AEC-E412-4948-84B5-699A740946AE} - %SystemRoot%\System32\iefind.dll (file missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.oc
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Big Pond (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://business.bigpond.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c....CAB?37884.1225
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D28873AE-DEC9-47B4-AC90-BB64A2B042F3}: NameServer = 192.189.54.37 192.189.54.26
i also did a scan with adaware 6. thought it might help. here's the log:
http://www.sleepfield.live.com.au/adawarelog.TXT
sorry about the huge post, but there was a lot to explain. thanks in advance to anyone who can help.