Your server is showing as located in the Ukraine:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.187,93.188.161.76
netname: UA-PROMNETLTD-20080416
descr: Promnet Ltd.
country:
UA (Ukraine)
So you are being sent to the Ukraine when you search. I suspect this isn't your ISP. But I see you have a homepage set for the UK. IF by chance, this IS your ISP, then omit the DNS flush and go on. Otherwise follow the flush direction.
DNS Flush: we may have to reset your router:
In the Control Panel: For Category View> select
Network and Internet Connections
For Classic View> double click on
Network Connections.
Right click on your default connection-LAN for cable and DSL> Properties> Double-click on the
Internet Protocol (TCP/IP)> select
Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks. (That option might not be available on some systems)
Next Go to Start> Run> type
cmd> OK.
On the Command Screen, type the following:
ipconfig /flushdns> Enter> Enter
Note: The space between g and / is needed.
When finish, Exit the Command screen.
There is an entry in the HijackThis log that I cannot specifically identify:
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\Julie\LOCALS~1\Temp\Hlw.exe
All I get for Hlw.exe is 'unspecified malware. There is a program that included the HLW, iTapi, but I do not see that running on your system.
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Important! Save the renamed download to your desktop.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Double click on the setup file on the desktop to run
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
- Query- Recovery Console image
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Do a new scan with HJT when through and attach Combofix report and new HJT log.
Is there a particular reason you don't recommend the Hitman program?
Yes, a few. Based on what I read and the cleaning programs I run. Others may think differetly. The publisher's description is:
Anti-spyware program combines up to six popular engines to maximize removal effectiveness.
Part is personal preference, wanting to maintain control over my system. Hitman is also different in the versions. One main objection is the use of multiple programs that are free on the internet. Depending on the program, it should prevent and/or remove. While the scans with Hitman are free, removal of the malware can only be done within the 30 trial.
Hitman Pro (version 1 and 2) automatically downloads, installs and runs third party anti-spyware and anti-adware programs that are freely available on the Internet:
[*] Eset NOD32 antivirus system (trial, expires in 30 days)
[*] Webroot Spy Sweeper (trial, expires in 7 days)
[*] PC tools Spyware doctor (demo, will not clean anything)
[*] Lavasoft AdAware SE (freeware)
[*] Safer Networking Spybot - Search & Destroy (freeware)
[*] TrendMicro CWShredder (freeware)
[*] JavaCool Software SpywareBlaster (freeware)
[*] McAfee VirusScan SuperDAT (virus signature definition updates, McAfee PrimeSupport license required for qualifying product)
[*] Ewido Micro Scanner (freeware)(AVG)
The scan time was very long, the program used many system resources and errors in the used third party programs could cause system instability
Hitman Pro is using other people’s knowledge without their permission. NOD32 has granted permission to use their software. Software producer Lavasoft is in discussion with Mr. Loman over changes to the program before granting any official permission to implement their software and McAfee says they did not grant permission and claim no knowledge at all of the program with no further comment.[/quote]
Hitman Pro 3 uses a white list that includes Windows system files and other (safe) files that are present on most PCs.
Hitman Pro 3 also requires a license key to remove malware found on a users computer, however it does offer a free 30-day trial.
The new version of Hitman Pro, version 3, uses:
- NOD32 Antivirus
- Avira AntiVir
- Prevx
- G DATA Anti-Virus
- a-squared Anti-Malware
Virus scanners are not installed on the local computer, but in the scan cloud on Internet
Unlimited
free scanning and free
30-day version to remove detected malware
None of these programs- alone or together have the power of a program like Combofix- or other 'intensive' programs. While Hitman may resolve one problem, that does not mean all of the malware has been removed.
Most of the logs I see have multiple malware infections. Some, like the DNS Changer malware, will require a DNS flush and a router reset. If that isn't done, the resolution to the problem is only temporary.
Since Hitman pro doesn't give a log, I can't see what was removed
Not good. What about False Positives? I also think that is can give the user a false sense of security.