TechSpot

random popups please help HJT log attached

By rimjhimrimjhim
Nov 18, 2005
  1. Hi!
    I have tried virtually every spyware malware remover, but i still keep getting random popups even when i am not using IE.
    I somehow feel that this is somekind of a rootkit exploit.
    Please help

    HJT logfile attached

    thanks a ton in advance!

    rimjhim
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You run both PC-Cillin and Norton/Symantec, NOT a very good idea. They will only interfere with each other.
    Get rid of the worst evil-doer: Norton/Symantec bloatware rubbish.
    Can't get info in this ESM stuff, I can't read Japanese.

    First Read: Only use these HJT-instructions when asked!
    /R/ unRegister the xxx.DLL in that line
    Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    These IP-numbers are from your internal network/router, they could interfere with your Internet access.
    You must decide if you want to fix these O17s

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
    O18 - Protocol hijack: cdo - >IT00H20MH8IH5-1HT1G8IT{-H0N0HFIH62PH}
    O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
    /R/ O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\fpj6031se.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    ...................................................................................................

    STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com

    See also the Read:.. rootkit post at the top of this forum.
     
  3. rimjhimrimjhim

    rimjhimrimjhim TS Rookie Topic Starter

    I think it worked

    thanks for helping me out !

    I am no longer getting the popups but i am not sure if i am still spyware/malware clean .
    I removed NIS /NAV and also Trend micro officescan nt .
    Office scan nt real time monitor fails to start due to some reason .
    Please have a look at my new hjt log.


    the ESM stuff is some programs from NEC corp as this is a NEC workstation.
    I donot think it is harmful.

    thanks a lot
    regards
    rimjhim
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Log is clean, assuming you agree to those IPs in the O17 group.

    Go to http://free.grisoft.com and get their free AVG antivirus.
    It's madness to not have any AV nowadays.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...