Tech Support Forum - View Single Post - Hijack Log File

**POADB** · 04-21-2006, 03:19 PM

LMAO.. no that one is fine.

This new 017 is different:

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C9420E6-EF75-4778-B520-FE1D7461AA0D}: NameServer = 62.241.163.200 62.241.162.201

^ Comes back to us here in the UK

The previous bad guy:

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C9420E6-EF75-4778-B520-FE1D7461AA0D}: NameServer = 85.255.113.134 85.255.112.104

Part of a WareOut infection, routes back to Belarus!

Lets continue.

Please download CleanUp! and install it. Do not run it yet!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Set the slider to "Standard CleanUp!"
Uncheck the following:
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
- Scan local drives for temporary files
Click OK

Press the CleanUp! button to start the program. Do NOT Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep that are stored in these locations; Move Them Now!!!

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.

Click on see report. Then click Save report

Please post that log in your next reply.

04-21-2006, 03:19 PM	#7 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	LMAO.. no that one is fine. This new 017 is different: O17 - HKLM\System\CCS\Services\Tcpip\..\{5C9420E6-EF75-4778-B520-FE1D7461AA0D}: NameServer = 62.241.163.200 62.241.162.201 ^ Comes back to us here in the UK The previous bad guy: O17 - HKLM\System\CCS\Services\Tcpip\..\{5C9420E6-EF75-4778-B520-FE1D7461AA0D}: NameServer = 85.255.113.134 85.255.112.104 Part of a WareOut infection, routes back to Belarus! Lets continue. Please download CleanUp! and install it. Do not run it yet! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Set the slider to "Standard CleanUp!" Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files Click OK Press the CleanUp! button to start the program. Do NOT Reboot/logoff when prompted. WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep that are stored in these locations; Move Them Now!!! Perform an online scan with Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Check Now** & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Scan Now* ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. Click on see report. Then click Save report Please post that log in your next reply. __________________