Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

random popups please help, HJT log attached

Started by rimjhim , Nov 18 2005 03:24 AM

  • Please log in to reply

#1
rimjhim
Posted 18 November 2005 - 03:24 AM

rimjhim

    New Member

  • Member
  • Pip
  • 1 posts
hi!
I am getting pop-ups at regular short intervals, even when i am not browsing through IE. I also noticed that the realtime scan service is of my trend micro officescannt 5.06 is unable to start. For the time being i have installed NAV 2005 but its just a temp thing.

The HJT log file is as below , kindly help me

Logfile of HijackThis v1.99.1
Scan saved at 6:18:08 PM, on 11/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\ESM\AlertMan\PROGRAM\AMVMain.exe
C:\WINNT\System32\esmami.exe
C:\WINNT\System32\ESMCMN.EXE
C:\WINNT\System32\esmfs.exe
C:\WINNT\System32\esmmlxsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\esmstrg.exe
C:\WINNT\System32\nvramsrv.exe
C:\WINNT\System32\svchost.exe
C:\ESM\AlertMan\EXPC\PROGRAM\EXWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\imejpmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\tcpsvcs.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\icem\flexlm-8.3\lmgrd.exe
C:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe
C:\WINNT\System32\svchost.exe
C:\icem\flexlm-8.3\icem.exe
C:\Program Files\UGS\Imageware Licensing\12.00.000\bin\iwlmd.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\icem\icemsurf-4.4.0\surf\bin_nt\ICEMSurf.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\uim.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\SurfCmdUrl.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surflst.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
D:\Alok\HijackThis.exe

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
O18 - Protocol hijack: cdo - >IT00H20MH8IH5-1HT1G8IT{-H0N0HFIH62PH}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\fpj6031se.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Alert Manager ALIVE(S) Service (AlertManagerALIVESendService) - NEC Corporation - C:\ESM\AlertMan\PROGRAM\AMVALVS.EXE
O23 - Service: Alert Manager Main Service (AlertManagerMainService) - NEC Corporation - C:\ESM\AlertMan\PROGRAM\AMVMain.exe
O23 - Service: Alert Manager Socket(S) Service (AlertManagerSocketSendService) - NEC Corporation - C:\ESM\AlertMan\PROGRAM\AMVSCKS.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ESM AMI Service (ESMAMIService) - NEC Corporation - C:\WINNT\System32\esmami.exe
O23 - Service: ESMCommonService - NEC Corporation - C:\WINNT\System32\ESMCMN.EXE
O23 - Service: ESM DMI Component Provider Service (EsmDmiCPService) - Unknown owner - C:\DMI\WIN32\bin\esmdmicp.exe
O23 - Service: ESMFSService - NEC Corporation - C:\WINNT\System32\esmfs.exe
O23 - Service: ESM Mylex Service (ESMMylexService) - NEC Corporation - C:\WINNT\System32\esmmlxsv.exe
O23 - Service: ESM Storage Service (ESMStorageService) - NEC Corporation - C:\WINNT\System32\esmstrg.exe
O23 - Service: ESRAS Utility Service (ESRAS_Utl) - NEC Corporation - C:\WINNT\System32\nvramsrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Express PC Report (ExpressPCReport) - NEC Corporation - C:\ESM\AlertMan\EXPC\PROGRAM\EXWatch.exe
O23 - Service: i - Macrovision Corporation - C:\icem\flexlm-8.3\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imageware 12 License Manager - GLOBEtrotter Software Inc. - C:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: theorem - Macrovision Corporation - C:\icem\flexlm-8.3\lmgrd.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe

Please help!

regards

rimjhim
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP