Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Please describe the problems you're having with your computer.Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
O1 - Hosts: 89.149.249.195 www.google.com
O1 - Hosts: 89.149.249.195 www.google.de
O1 - Hosts: 89.149.249.195 www.google.fr
O1 - Hosts: 89.149.249.195 www.google.co.uk
O1 - Hosts: 89.149.249.195 www.google.com.br
O1 - Hosts: 89.149.249.195 www.google.it
O1 - Hosts: 89.149.249.195 www.google.es
O1 - Hosts: 89.149.249.195 www.google.co.jp
O1 - Hosts: 89.149.249.195 www.google.com.mx
O1 - Hosts: 89.149.249.195 www.google.ca
O1 - Hosts: 89.149.249.195 www.google.com.au
O1 - Hosts: 89.149.249.195 www.google.nl
O1 - Hosts: 89.149.249.195 www.google.co.za
O1 - Hosts: 89.149.249.195 www.google.be
O1 - Hosts: 89.149.249.195 www.google.gr
O1 - Hosts: 89.149.249.195 www.google.at
O1 - Hosts: 89.149.249.195 www.google.se
O1 - Hosts: 89.149.249.195 www.google.ch
O1 - Hosts: 89.149.249.195 www.google.pt
O1 - Hosts: 89.149.249.195 www.google.dk
O1 - Hosts: 89.149.249.195 www.google.fi
O1 - Hosts: 89.149.249.195 www.google.ie
O1 - Hosts: 89.149.249.195 www.google.no
O1 - Hosts: 89.149.249.195 search.yahoo.com
O1 - Hosts: 89.149.249.195 us.search.yahoo.com
O1 - Hosts: 89.149.249.195 uk.search.yahoo.comImportant: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.***************************************
Download
OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
