This computer is at my place of work since i provide internet services.
Joke or no joke, the IT person at work is the one who
should be addressing this.
I had to chase this one around! From ArinWhIs to the RIPE Network to Afrnic:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2A4C6B6-FB37-4A3F-96D6-5A6C103E9363}: NameServer = 212.49.70.22,212.49.70.23
This IP belongs to:
netname: KE-TKLJAMBONETNOC-07
descr: BLOCK ASSIGNED TO TELKOM KENYA LTD-JAMBONET CORE NETWORK
country: KE
FOR JAMBONET NETWORK
Is this
IP 212.49.70.22 for either your ISP or that of your company?
You have some orphan files for McAfee and AVG, plus you're running Avast. So we need to clean up the system:
McAfee Removal: http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS100507
AVG Removal: You may have to install AVG in order to uninstall it:
AVG: http://www.avg.com/download-tools
Your HijackThis log does not look like a full log- some of the 'normal' entries are missing. You don't have any homepage set up either.
I'd like you to take Malwarebytes and Superantispyware off of Startup: This does not remove them- I'll have you do that later. They don't need to be running in the background.
Start> Run> type in msconfig> enter> Selective Startup> Startup tab> uncheck all entries for:
Malwarebytes: you might see these> mbamgui.exe, mbam.exe, runcleanupscript
Superantispyware: SUPERAntiSpyware.exe
This may be your new "graphic":
O4 - HKUS\S-1-5-21-1957994488-436374069-1060284298-1004\..\Run: [bce43d40] rundll32.exe "C:\DOCUME~1\Client\LOCALS~1\Temp\ntqjohly.dll",b (User 'Client')[/]
Since it's a temp file, you may be able to delete it using this:
TFC (Temp File Cleaner)
Download TFC HERE and save to your desktop. (the link should be good- my colors aren't working)
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
After removing the orphan AV entries and after running the TFC:
Please download VundoFix.exe HERE] and save to your desktop:
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the ‘Fix Vundo’ button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
Please attach the C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Also, please run a full system scan with Avast. Save the log and attach to next reply.
Summary:
1. Answer question about IP
2. Run TFC
3. Run Vundofix. Attach log
4. Rescan with HijackThis. Attach new log.
5. Run AV scan. Attach log.