Jump to content

Problems


TheLeader

Recommended Posts

I've had a few pop-ups recently, some a bit annoying, what could this be?

 

 

 

HYT below

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 22:34:23, on 19/06/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\WINDOWS\system32\LEXPPS[Caution: Executable File]

 

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File]

 

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File]

 

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: Executable File]

 

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: Executable File]

 

C:\WINDOWS\system32\slserv[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\WINDOWS\system32\atmclk[Caution: Executable File]

 

C:\WINDOWS\system32\dcomcfg[Caution: Executable File]

 

C:\WINDOWS\system32\igfxtray[Caution: Executable File]

 

C:\WINDOWS\system32\drivers\STDSB[Caution: Executable File]

 

C:\WINDOWS\system32\drivers\Icon[Caution: Executable File]

 

C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: Executable File]

 

C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

C:\WINDOWS\SOUNDMAN[Caution: Executable File]

 

C:\Program Files\Real\RealPlayer\RealPlay[Caution: Executable File]

 

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]

 

C:\Apps\Powercinema\PCMService[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Program Files\QuickTime\qttask[Caution: Executable File]

 

C:\Program Files\Lexmark X1100 Series\lxbkbmgr[Caution: Executable File]

 

C:\Program Files\Lexmark X1100 Series\lxbkbmon[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\Program Files\WinZip\WZQKPICK[Caution: Executable File]

 

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

 

C:\PROGRA~1\WINZIP\winzip32[Caution: Executable File]

 

C:\WINDOWS\system32\NOTEPAD[Caution: Executable File]

 

C:\Documents and Settings\Toms Account\Local Settings\Temp\wz1e0a\HijackThis[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

 

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

 

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32

 

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC

 

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: Executable File]

 

O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\system32\drivers\STDSB[Caution: Executable File]

 

O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\drivers\Icon[Caution: Executable File]

 

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: Executable File]

 

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: Executable File]

 

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: Executable File] SYSTEMBOOTHIDEPLAYER

 

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: Executable File]"

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]"

 

O4 - HKLM\..\Run: [urlLSTCK[Caution: Executable File]] C:\Program Files\Norton Internet Security\UrlLstCk[Caution: Executable File]

 

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService[Caution: Executable File]"

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr[Caution: Executable File]"

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: Executable File] /Consumer

 

O4 - HKCU\..\Run: [CTFMON[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

 

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: Executable File]

 

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: Executable File]

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3498810513

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: Executable File]

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File]

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File]

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: Executable File]

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: Executable File]

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: Executable File]

 

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv[Caution: Executable File]

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

Merry Crimbo!

signatureof0.gif

Click on my signature to see my NEW blog!

Clicky here to see my YouTube videos! http://www.youtube.com/volkswagen99videos

Link to comment
Share on other sites

The two processes that are causing the adverts are atmclk.exe and dcomcfg.exe. Either you can terminate them and remove their automatic startup links or you can get spybot search & destroy which should do it for you.

Some people are changed by being a moderator. I wouldn't be.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.