I am getting pop-ups at regular short intervals, even when i am not browsing through IE. I also noticed that the realtime scan service is of my trend micro officescannt 5.06 is unable to start. For the time being i have installed NAV 2005 but its just a temp thing.
The HJT log file is as below , kindly help me
Logfile of HijackThis v1.99.1
Scan saved at 6:18:08 PM, on 11/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\ESM\AlertMan\PROGRAM\AMVMain.exe
C:\WINNT\System32\esmami.exe
C:\WINNT\System32\ESMCMN.EXE
C:\WINNT\System32\esmfs.exe
C:\WINNT\System32\esmmlxsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\esmstrg.exe
C:\WINNT\System32\nvramsrv.exe
C:\WINNT\System32\svchost.exe
C:\ESM\AlertMan\EXPC\PROGRAM\EXWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\imejpmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\tcpsvcs.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\icem\flexlm-8.3\lmgrd.exe
C:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe
C:\WINNT\System32\svchost.exe
C:\icem\flexlm-8.3\icem.exe
C:\Program Files\UGS\Imageware Licensing\12.00.000\bin\iwlmd.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\icem\icemsurf-4.4.0\surf\bin_nt\ICEMSurf.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\uim.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\SurfCmdUrl.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surflst.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
C:\icem\icemsurf-4.4.0\surf\bin_nt\surfbin.exe
D:\Alok\HijackThis.exe
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
O18 - Protocol hijack: cdo - >IT00H20MH8IH5-1HT1G8IT{-H0N0HFIH62PH}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\fpj6031se.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Alert Manager ALIVE(S) Service (AlertManagerALIVESendService) - NEC Corporation - C:\ESM\AlertMan\PROGRAM\AMVALVS.EXE
O23 - Service: Alert Manager Main Service (AlertManagerMainService) - NEC Corporation - C:\ESM\AlertMan\PROGRAM\AMVMain.exe
O23 - Service: Alert Manager Socket(S) Service (AlertManagerSocketSendService) - NEC Corporation - C:\ESM\AlertMan\PROGRAM\AMVSCKS.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ESM AMI Service (ESMAMIService) - NEC Corporation - C:\WINNT\System32\esmami.exe
O23 - Service: ESMCommonService - NEC Corporation - C:\WINNT\System32\ESMCMN.EXE
O23 - Service: ESM DMI Component Provider Service (EsmDmiCPService) - Unknown owner - C:\DMI\WIN32\bin\esmdmicp.exe
O23 - Service: ESMFSService - NEC Corporation - C:\WINNT\System32\esmfs.exe
O23 - Service: ESM Mylex Service (ESMMylexService) - NEC Corporation - C:\WINNT\System32\esmmlxsv.exe
O23 - Service: ESM Storage Service (ESMStorageService) - NEC Corporation - C:\WINNT\System32\esmstrg.exe
O23 - Service: ESRAS Utility Service (ESRAS_Utl) - NEC Corporation - C:\WINNT\System32\nvramsrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Express PC Report (ExpressPCReport) - NEC Corporation - C:\ESM\AlertMan\EXPC\PROGRAM\EXWatch.exe
O23 - Service: i - Macrovision Corporation - C:\icem\flexlm-8.3\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imageware 12 License Manager - GLOBEtrotter Software Inc. - C:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: theorem - Macrovision Corporation - C:\icem\flexlm-8.3\lmgrd.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
Please help!
regards
rimjhim