Don't tell someone they have a mess and not identify it! And it would be appreciated if you took time to put in the link to the Virus and Malware thread!
dbhojwani, your hosts files have been hijacked. Your searched are all being directed to Poland. It looks like a DNS Changer infection.
I'd like you to follow this order please:
- Please download Malwarebytes' Anti-Malware from from HERE
- Double-click mbam-setup.exe and follow the prompts to install the program.
- Be sure a checkmark is placed next to
[o] Update Malwarebytes' Anti-Malware
[o] and Launch Malwarebytes' Anti-Malware
- Click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform Quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach this as LOG 1 with your reply
[o] If you accidently close it, the log file is saved here and will be named like this:
[o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt[/b]
You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type
ipconfig /flushdns (note space before the /)
Exit the Command prompt when finished and shut the system down.-
[1]. Shut down your computer, and any other computer connected to your router.
[2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
[3]. Unplug the router. Wait sixty seconds.
[4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
[5].With the router unplugged, start your computer. Run MBAM again.
[6].Connect to the router again. The turn the router back on.
[7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
[8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
Please reopen HijackThis to
'do system scan only'. Check the following entries if found> don't click on Fix Checked until you have completed checking all:
O1 - Hosts: 89.149.210.61 www.google.de
O1 - Hosts: 89.149.210.61 www.google.fr
O1 - Hosts: 89.149.210.61 www.google.co.uk
O1 - Hosts: 89.149.210.61 www.google.com.br
O1 - Hosts: 89.149.210.61 www.google.it
O1 - Hosts: 89.149.210.61 www.google.es
O1 - Hosts: 89.149.210.61 www.google.co.jp
O1 - Hosts: 89.149.210.61 www.google.com.mx
O1 - Hosts: 89.149.210.61 www.google.ca
O1 - Hosts: 89.149.210.61 www.google.com.au
O1 - Hosts: 89.149.210.61 www.google.nl
O1 - Hosts: 89.149.210.61 www.google.co.za
O1 - Hosts: 89.149.210.61 www.google.be
O1 - Hosts: 89.149.210.61 www.google.gr
O1 - Hosts: 89.149.210.61 www.google.at
O1 - Hosts: 89.149.210.61 www.google.se
O1 - Hosts: 89.149.210.61 www.google.ch
O1 - Hosts: 89.149.210.61 www.google.pt
O1 - Hosts: 89.149.210.61 www.google.dk
O1 - Hosts: 89.149.210.61 www.google.fi
O1 - Hosts: 89.149.210.61 www.google.ie
O1 - Hosts: 89.149.210.61 www.google.no
O1 - Hosts: 89.149.210.61 search.yahoo.com
O1 - Hosts: 89.149.210.61 us.search.yahoo.com
O1 - Hosts: 89.149.210.61 uk.search.yahoo.com
C:\Program Files\Viewpoint\Common\ViewpointService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - *{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL> See Optional 1
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe See Optional 2
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all Windows except HijackThis and click on
"Fix Checked."
Optional 1: Foistware: Viewpoint, Askbar
These programs are not malware but they are foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it.
Optional 2: Rogue Spyware> AdvancedVirusRemover
Some anti-spyware programs are considered 'rogue' for the following reasons:
- They use deceptive means to get the user to buy their program
- The programs give 'false positives' meaning an entry is presented as 'bad' when is usually is not.
- Their scanning techniques are not thorough and their databases may not be current.
- There is no privacy policy
- See DETAILS
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Start> Settings> Add/Remove Programs> highlight and remove all references to :
Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
AskBar
Advanced Virus Remover
Close
Rescan with HijackThis and include new log in new reply
Attach BOTH of the Malwarebytes logs> Log 1 and Log 2
