Pleeezzzzz Help Me.[INACTIVE]

[moontone]

I've tried everything. Norton, AdAware, Spybot (in every setting)....

Attached is my "Hijacthis" log file.

Please let me know what I should do. I'll be your friend for life!

Thanks.

hijackthis.txt

[jwbirdsong]

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Help with unzipping files is HERE

First of all, you will need to print out this post and/or save a copy as a text file in Notepad so that you have a hard copy of these instructions; you can not have IE/Firefox/any browser open during the fix

Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it on your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish. After the fix begins just follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

After your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please run it by clicking Scan Only,

and check the following items:

• O17 - HKLM\System\CCS\Services\Tcpip\..\{12921A99-633D-44D4-A5EF-AA8A0A0C3711}: NameServer = 85.255.115.59,85.255.112.77
  
• O17 - HKLM\System\CCS\Services\Tcpip\..\{77E80864-2A11-41F2-9237-59C4E0E9C95F}: NameServer = 85.255.115.59,85.255.112.77
  
• O17 - HKLM\System\CCS\Services\Tcpip\..\{D6417D93-2333-47BB-95E7-EAA43B1E3935}: NameServer = 85.255.115.59,85.255.112.77
  
• O17 - HKLM\System\CS1\Services\Tcpip\..\{12921A99-633D-44D4-A5EF-AA8A0A0C3711}: NameServer = 85.255.115.59,85.255.112.77
  
• O17 - HKLM\System\CS2\Services\Tcpip\..\{12921A99-633D-44D4-A5EF-AA8A0A0C3711}: NameServer = 85.255.115.59,85.255.112.77
  

Click Fix Checked. Close HijackThis, and click OK to proceed.

Download and run F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml

Run the program, accept statement>next>click> scan>next.

If any items are detected have blacklite rename them except for "wbemtest.exe".

Do not rename "wbemtest.exe" its a windows file. If there are any other files you THINK may be valid don't rename them. Help is available HERE

The tool will ask if you want to reboot (restart) choose yes.

Finally, please post

• the contents of report.txt (it should open; If it does not open or you close it..find a copy in c:\fixwareout folder.)
  
• a new HijackThis log
  
• log from blacklight; log will be named fsbl-<date/time>.log eg. fsbl-20060404134642.log.
  

Note: IF you are having connection problems follow the directions below

(These instruction's are basically for home users.)

Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection service's will require them.

In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.

That option might not be available one some systems

Edited April 24, 2006 by jwbirdsong

[moontone]

Thanks for the effort, but it didn't work. I attached as you requested. Any other ideas?

hijackthis2.txt

report.txt

[jwbirdsong]

Did you run the Blacklight also, there is no log from it.

[jwbirdsong]

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.