Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"dname" nameserver hi jack, cannot remove, redirec

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"dname" nameserver hi jack, cannot remove, redirec

Unread postby oppressed » August 20th, 2005, 5:44 pm

Hey, I have been working on this problem for a while now, everytime I connect to the Internet via Windows Dial Up something is adding its own nameserver to redirect me to [bleep], casino and search sites. The culprit in the below Hi Jack This log is #017. It recreates it self everytime I dial into the Internet. If i delete the key while connected to the net I can't resolve any domain names. I even tried connecting to the Internet via NetZero Account & NetZero dial up software, when I ran HJT while connected with NetZero's software the 017 entry displayed NetZero's correct nameservers but the redirects still happened. So I am really confused on this one.

Any help would be greats, Thanks

Shawn

Logfile of HijackThis v1.99.1
Scan saved at 5:09:21 PM, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Hardware\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Tools\ProcessGuard\pgaccount.exe
C:\Program Files\Stardock\CursorXP\CursorXP.exe
C:\Program Files\Tools\ProcessGuard\procguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OPPressed\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\notepad.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Utilities\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Network\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\Tools\ProcessGuard\pgaccount.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\Tools\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Utilities\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Utilities\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B79E2AC-58D5-4DB4-BC50-C965AE96BD56}: NameServer = 69.50.184.86 85.255.112.9
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\2l20a.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Network\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
oppressed
Active Member
 
Posts: 3
Joined: August 20th, 2005, 5:43 pm
Advertisement
Register to Remove

Unread postby NikkJ » August 20th, 2005, 6:40 pm

Hi
You have some items that need to be fixed

Please read these directions throroughly before executing them. It may help to print them out.

  • Please set your system to show all files
    • Click Start.
    • Open My Computer
    • SelectTools menu
    • Click Folder Options.
    • Select the View Tab.
    • Select Show hidden files and foldersin the Hidden files and folders section.
    • Uncheck Hide protected operating system files (recommended) option.
    • Uncheck the Hide file extensions for known file types option.
    • Click Yes.
    • Click OK.

  • Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

    O1 - Hosts: localhost 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B79E2AC-58D5-4DB4-BC50-C965AE96BD56}: NameServer = 69.50.184.86 85.255.112.9
    O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\2l20a.dll


    Click on Fix Checked when finished and exit HijackThis.
  • Reboot into Safe Mode
    • Reboot the machine and wait for the beep.
    • Rapidly press the F8 key until a menu of boot options appears
    • Select Safe Mode
    • If your keyboard has a soft F lock remember to press it to enable the F8 key first.
  • Using Windows Explorer, locate the following files/folders, and delete them:

    C:\WINDOWS\SYSTEM32\2l20a.dll
  • Exit Explorer, and reboot as normal afterwards.
  • Run an online antivirus scan using
    Trend Micros Housecall
    • Select all available drives.
    • Check(tick) "Auto Clean".
    • Click "Scan".

    When it's finished post the names (including the complete path) of files that show up as being problematic.
    Next it would be useful if you could post a list of rogue/unrecognised installed programs -


    Post back a fresh HijackThis log and we will take another look.
User avatar
NikkJ
MRU Honors Grad Emeritus
 
Posts: 413
Joined: June 16th, 2005, 12:26 pm
Location: London

didn't work

Unread postby oppressed » August 20th, 2005, 7:22 pm

I removed the dll file and the entrys but after rebooting and dialing back into the Internet the 017 entry is back and the redirects are back sending me to sites like http://www.search-contact.com/inse.php?id=dname.
oppressed
Active Member
 
Posts: 3
Joined: August 20th, 2005, 5:43 pm

not working

Unread postby oppressed » August 21st, 2005, 1:38 am

I ran Spybot, Ad Aware, the online virus scan you suggested. And still no progress. None of the above programs found anything wrong.

Logfile of HijackThis v1.99.1
Scan saved at 1:36:32 AM, on 21/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\srvany.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Hardware\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Tools\ProcessGuard\pgaccount.exe
C:\Program Files\Stardock\CursorXP\CursorXP.exe
C:\Program Files\Tools\ProcessGuard\procguard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Network\X-Chat 2\xchat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OPPressed\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Utilities\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Network\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\Tools\ProcessGuard\pgaccount.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\Tools\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Utilities\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Utilities\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4573556906
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B79E2AC-58D5-4DB4-BC50-C965AE96BD56}: NameServer = 69.50.184.86 85.255.112.9
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Network\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
oppressed
Active Member
 
Posts: 3
Joined: August 20th, 2005, 5:43 pm

Unread postby NikkJ » September 4th, 2005, 6:43 am

Please print these instructions before you start. You will need to go into safe mode and may not have access to them otherwise.
Read and follow the following instructions.
Do not run any other programs while you carry out this fix.
Let each process run to completion before starting the next.
If you do not understand anything please ask me before you start

============

  • Download, install, update, configure, and run Ad-Aware SE Personal

    • Download Ad-Aware SE Personal
    • Install Ad-Aware SE Personal

      • Double-click on aawsepersonal.exe to install the program.
      • Follow the default settings for installation.
      • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
    • Update Ad-Aware SE Personal

      • Double-click the Ad-Aware SE Personal icon on your desktop.
      • Click "Check for updates now" then click "Connect".
      • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
    • Configure Ad-Aware SE Personal

      • Click on the Gear button at the top of the window.
      • Click "General" on the left hand side to display the General Settings box.

        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

          • "Automatically save logfile"
          • "Automatically quarantine objects prior to removal"
          • "Safe Mode (always request confirmation)"
          • "Prompt to update outdated definitions" - change to 7 days from the default 14.
      • Click "Scanning" on the left hand side to display the Scan Settings box.

        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

          • "Scan within archives"
          • "Select drives & folders to scan" - select your hard drive(s).
          • "Scan active processes"
          • "Scan registry"
          • "Deep-scan registry"
          • "Scan my IE favorites for banned URLs"
          • "Scan my Hosts file"
      • Click "Advanced" on the left hand side to display the Advanced Settings box.

        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

          • "Move deleted files to Recycle Bin"
          • "Include additional object information"
          • "Include negligible objects information"
          • "Include environment information"
      • Click "Defaults" on the left hand side to display the Default Settings box.

        • Make sure these items have your preferred settings in them.:

          • "Default homepage"
          • "Default searchpage"
      • Click "Tweak" on the left hand side to display the Tweak Settings box.

        • Click the + (plus) sign next to the Log Files section. This will expand the section.
        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

          • "Include basic Ad-Aware settings in log file"
          • "Include additional Ad-Aware settings in log file"
          • "Include reference summary in log file"
          • "Include alternate data stream details in log file"
        • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

          • "Unload recognized processes & modules during scan"
          • "Scan registry for all users instead of current user only"
          • "Obtain command line of scanned processes"
        • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

          • "Always try to unload modules before deletion"
          • "During removal, unload Explorer and IE if necessary"
          • "Let Windows remove files in use at next reboot"
          • "Delete quarantined objects after restoring"
      • Once you are done with these settings, click "Proceed" to save them.
      • This will take you back to the main screen.
    • Run Ad-Aware SE Personal

      • Click the "Start" button.
      • Uncheck the "Search for negligible risk entries" entry.
      • Choose the "Use custom scanning options" scan mode.
      • Click the "Next" button.
      • Ad-Aware will begin to scan for malware residing on your computer.
      • Allow the scan to finish.
      • Right-click on any entry in the list and click "Select All" to select the whole list.
      • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

    • Download CWShredder. Do not use it yet, we'll have you do that later.
    • Please download, install and update Ewido trojan scanner:
      • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
      • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
      • From the main Ewido screen, click on update in the left menu, then click the Start update button.
      • After the update finishes (the status bar at the bottom will display "Update successful") close Ewido. You will run it later during the cleanup process.
    • Download CCleaner and install, but do not run it yet.
    • Please reboot your computer in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear.
    • Select Safe Mode by using the up and down arrows on the keybord and hit the Enter key.
  • Start AboutBuster and let it scan.
    • When the scan is finished exit the program and it will automatically create a log in the same folder.
    • Now you need re-run AboutBuster a second time for it to be fully effective. Any information it generates will be appended to the first log.
  • Start Cwshredder and click FIX
  • Now, run CCleaner.
    • Uncheck "Cookies" under "Internet Explorer".
    • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
    • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
  • Now open Ewido Security Suite
    • Click on the Scanner button in the left menu, then click on the Start button. Please note that a scan can take a long time to run.
    • If Ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    • When the scan finishes, click on "Save Report". This will create a log file.
  • Run HijackThis and do a Scan only. Carefully place a check against each of the following lines:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B79E2AC-58D5-4DB4-BC50-C965AE96BD56}: NameServer = 69.50.184.86 85.255.112.9
    O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll

  • Close ALL other windows and Click on Fix Checked. When finished exit HijackThis.
  • Reboot your system
  • Post a new HiJackThis-log and the log from Ewido and log from AboutBuster which you'll find in the AboutBuster-folder
User avatar
NikkJ
MRU Honors Grad Emeritus
 
Posts: 413
Joined: June 16th, 2005, 12:26 pm
Location: London

Unread postby NonSuch » September 19th, 2005, 11:44 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware