BNMQ again

Deltaeagle · Sep 15, 2006

Hey there guys. I already read the two other threads on this and followed all directions in removing it (spybot, adware, virus scan, cleared cache ect.).

Hopefully you guys can help me out on this.

EDIT: I didn't find anything with Spybot, CounterSpy, AdAware, Defender

Deltaeagle · Sep 15, 2006

edit

DavidGP · Sep 16, 2006

also please attach the logs from,

Bitdefender and Panda online scans.

Deltaeagle · Sep 16, 2006

Here. Bitdefender was going to take 7 hours to complete accoridng to it. I don't have that much time.

The defender that found nothing above was Windows Defender.

chaslang · Sep 17, 2006

You need to run this procedure: WareOut Removal

Attach the log from c:\fixwareout\report.txt

Also you need to observe the instructions in step 7 of the READ ME and not use MSconfig to control startup. Please select Normal Startup in MSconfig and then reboot and attach a new HJT log and a new log from ShowNew.

Deltaeagle · Sep 17, 2006

Here you go

chaslang · Sep 18, 2006

You did not run the READ & RUN ME properly.

You are running Spybot - Search & Destroy 1.3 which has not been used in two years. You should have installed the one indicated in the READ ME.

The below two programs should have been uninstalled in step 0:

Viewpoint Manager (Remove Only)

Viewpoint Media Player

Now install the current version of Sun Java from: Sun Java Runtime Environment
Then uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O17 - HKLM\System\CCS\Services\Tcpip\..\{18B53EE7-0CD6-417D-A0FC-12C5288117F7}: NameServer = 85.255.116.116,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC5A28B-CA3E-40DE-9E4B-75E211000D3D}: NameServer = 85.255.116.116,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F708BA-09DC-40A2-AA8E-67A0A20DC578}: NameServer = 85.255.116.116,85.255.112.175
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.116 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.116 85.255.112.175

After clicking Fix, exit HJT.

Now delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Jake\Local Settings\Temp

Now look for and delete the below file if found:
C:\WINDOWS\SYSTEM32\DMGQU.EXE

Now run CCleaner!

Now reboot and attach a new HJT log.

Also tell me how things are working!

Deltaeagle · Sep 18, 2006

It seems to have worked!! I have my error pages back

Thank you so much. You provide a wonderful service for people!

chaslang · Sep 19, 2006

You're welcome.

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

BNMQ again

Deltaeagle Private E-2

Attached Files:

hijackthis.log

Deltaeagle Private E-2

Attached Files:

newfiles.txt

runkeys.txt

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

Deltaeagle Private E-2

Attached Files:

Activescan.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Deltaeagle Private E-2

Attached Files:

hijackthis.log

newfiles.txt

report.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Deltaeagle Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member