also @ TechSpot: Intel confirms a smartwatch is in the pipeline

random popups please help HJT log attached

Discussion in 'Virus and Malware Removal' started by rimjhimrimjhim, Nov 18, 2005.

  1. rimjhimrimjhim Newcomer, in training

    Hi!
    I have tried virtually every spyware malware remover, but i still keep getting random popups even when i am not using IE.
    I somehow feel that this is somekind of a rootkit exploit.
    Please help

    HJT logfile attached

    thanks a ton in advance!

    rimjhim
    rimjhimrimjhim, Nov 18, 2005
    #1

  2. RealBlackStuff Newcomer, in training Posts: 8,165

    You run both PC-Cillin and Norton/Symantec, NOT a very good idea. They will only interfere with each other.
    Get rid of the worst evil-doer: Norton/Symantec bloatware rubbish.
    Can't get info in this ESM stuff, I can't read Japanese.

    First Read: Only use these HJT-instructions when asked!
    /R/ unRegister the xxx.DLL in that line
    Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    These IP-numbers are from your internal network/router, they could interfere with your Internet access.
    You must decide if you want to fix these O17s
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0127B111-1A08-406E-A2E1-87952801D1DA}: NameServer = 192.0.0.3,192.0.0.4
    O18 - Protocol hijack: cdo - >IT00H20MH8IH5-1HT1G8IT{-H0N0HFIH62PH}
    O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
    /R/ O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\fpj6031se.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    ...................................................................................................

    STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com

    See also the Read:.. rootkit post at the top of this forum.
    RealBlackStuff, Nov 18, 2005
    #2

  3. rimjhimrimjhim Newcomer, in training

    I think it worked

    thanks for helping me out !

    I am no longer getting the popups but i am not sure if i am still spyware/malware clean .
    I removed NIS /NAV and also Trend micro officescan nt .
    Office scan nt real time monitor fails to start due to some reason .
    Please have a look at my new hjt log.


    the ESM stuff is some programs from NEC corp as this is a NEC workstation.
    I donot think it is harmful.

    thanks a lot
    regards
    rimjhim
    rimjhimrimjhim, Nov 20, 2005
    #3

  4. RealBlackStuff Newcomer, in training Posts: 8,165

    Log is clean, assuming you agree to those IPs in the O17 group.

    Go to http://free.grisoft.com and get their free AVG antivirus.
    It's madness to not have any AV nowadays.
    RealBlackStuff, Nov 21, 2005
    #4
Topic Status:
Not open for further replies.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.