The computer is running Windows 2000 with service pack 3 and I cannot get rid of a small red bubble with a white "X" through it similar to the windows error icon that sits in the tray. it brings up [bleep] pop-ups and I have noticed it talks about "Specialgood.com" a lot.
I ran everything I know so far and all I have left is a Hijackthis log file for you to read:
--------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:25:24 PM, on 5/23/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\ofcdog.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Promise\FastTrak\RAIDeUtility.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\DDwin\DDHLSRV.EXE
D:\My Documents\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgo...info/ad/ad0195/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Promise Tech.] "C:\Program Files\Promise\Utility\pam.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Automation Manager.LNK = C:\WINNT\system32\AUTMGR32.EXE
O4 - Startup: DDStart.LNK = ?
O4 - Global Startup: FastCheck Monitoring Utility.lnk = C:\Program Files\Promise\FastTrak\RAIDeUtility.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RamadaFargo.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D1F302B-132F-40EE-B2E1-33A5C5D93E19}: NameServer = 192.168.1.100,192.168.1.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RamadaFargo.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RamadaFargo.local
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Promise FastTrak DMI Service (FastTrakDMISvc) - Unknown owner - C:\Program Files\Promise\FastTrak\ftdmisvc.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\Program Files\Promise\FastTrak\FtrakSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
--------------------------------------------------------------------------
Help would be much appreaciated...
Edited by NecroCom, 23 May 2005 - 03:18 PM.
Sign In
Create Account
