Pretty please with all kinds of nifty computer stuff on top...

Hopefully third time's a charm. I've posted my Hijackthis log on two other sites, and not one reply.

I've gone to Trend Micro, ran AdAware and Spybot, fixed those things I thought might be the problem, but I can't get rid of the 017 Nameserver bit. Every time I have Hijackthis delete it, it just pops up again, (but only shows in the Hijackthis log when I run it while connected to the 'net). I took out the Winlogon (020), thinking that it might be reinstalling it in the registry, and that's stayed out, but the Nameserver keeps coming back. I even dared to go into the registry and take it out myself, but that didn't work, either.

Nearly every program I have wants to connect to those IP's, and the only way I can open up the browser is to allow it to do so. I've shut down everything on my firewall so that permission must be granted before it'll connect. I didn't do any updates on AdAware or Spybot (just downloaded them today) because both those programs ask to connect to the itchy/scratchy IP, 207.69.188.187, 207.69.188.186. Even Windows Help tried to connect to it the other day, as does Zone Alarm (once, which I can't stop), and MSN Messenger tries to connect every hour on the hour, evidently whether I'm connected or not.

Please, please give me some little clue as to what I need to get rid of?


Edit by chaslang: We reply but please follow forum guidelines. Unrequested inline log deleted

 

HJT is not the first step in removing Malware. This log will be removed by a mod. Please follow forum guidelines.


First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs. TIP: Create a folder on your C:\ drive for the tools/utilities you will need to use. For example: Navigate to your Program Files directory, right click on a blank spot in the window > choose New > Folder. Name this folder Spyware Tools. Now you can save the needed tools to this folder and if you prefer, create sub-folders named for each individual utility.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT. All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT


We are very busy here at MajorGeeks.Com PhilliePhan, Chaslang or myself with check back when time permits.!

To Repeat: Please be sure to reply in this thread if you need further assistance or have any questions. Someone WILL be along to help you as soon as they can. You can help us help you by following the above instructions and providing detailed information as to the difficulties you are having and/or continuing to have after you have completed the Basic Spyware, Trojan And Virus Removal tutorial. Just telling us you followed the tutorial does not give us enough information. You need to let us know the results...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

We all recognize that if you are here asking for help you are probably frustrated and maybe even angry that your computer has been taken over by some malicious program. Rest assured, we want to help you but that we get frustrated too when we are not given the requested information or when instructions are not followed. Don't be afraid to ask for additional help if you don't understand something! There is no such thing as a dumb question and we do not expect everyone who comes here to have vast computer knowledge, however you will be more educated and better prepared to prevent re-infestation when you leave here!

Good luck!

 

I apologize for posting the Hijackthis log. The other forums I've visited ask that you post it in the topic, so I guess I didn't read close enough.

I have done most if not all of the steps you require, which I mentioned in my original post.

1. Turned off System Restore
2. Rebooted
3. Went to Trend Micro...clean.
4. Ran Adaware SE...found a few things, mostly dataminers. Deleted what I thought
might be a problem, like any reference to Gator.com, and the usual cookies.
5. Ran Spybot S&D...see above.
6. Ran Hijackthis...the 017 Nameserver item is still there, but only when I'm connected

 

You know what, nevermind. I'll look elsewhere. Thanks.

 

I'm sorry, I'm frustrated and sick on top of it. Yesterday, I hit enter on accident, went to edit/finish my post, only to be locked out of it because it took me longer than five minutes.

I stated most of what I did in the first post, and it just appeared to me that I got a form letter type reply because of my mistake in posting the Hijackthis log. I'm assuming I've got the latest versions of Adaware and Spybot S&D, because when I go to update, ZA asks for permission to access the very IPs I'm concerned about, so I cancel.

Yes, I am on dial-up, and I've done some more research and found that the itchy/scratchy thing may just be Earthlink's proxies, but other info indicates that they may be part of a hijack thing. Since I've never seen the little MSN Messenger window pop up in my tray before (other than when I've had it up and running), I'm assuming it's something that doesn't have my best interests in mind. Until I locked it down in ZA, I'm sure it was connecting without my say-so.

I'm just lost.

 

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT