You have a DNS Changer malware infection along with a possible Rootkit.
It appears that at some point, you or someone else who uses the computer
may have attempted to download the MVPS Hosts here:
http://mvps.org/winhelp2002/hosts.htm. But it wasn't done correctly and now the hosts files have been hijacked.
Please reopen HijackThis to
'do system scan only.' Check each of the following entries, if present. (It is possible that you won't see all of these entries now- but you should check
all of the
01- Hosts entries) NOTE: Do not click on 'Fix Checked' until you have checked all of the entries:
O1 - Hosts: copyright (c) 1993-1999 microsoft corp.
O1 - Hosts: this is a sample hosts file used by microsoft tcp/ip for windows.
O1 - Hosts: this file contains the mappings of ip addresses to host names. each
O1 - Hosts: entry should be kept on an individual line. the ip address should
O1 - Hosts: be placed in the first column followed by the corresponding host name.
O1 - Hosts: the ip address and the host name should be separated by at least one
O1 - Hosts: space.
O1 - Hosts: additionally, comments (such as these) may be inserted on individual
O1 - Hosts: lines or following the machine name denoted by a '
O1 - Hosts: for example:
O1 - Hosts: 102.54.94.97 rhino.acme.com
O1 - Hosts: 38.25.63.10 x.acme.com
O1 - Hosts: localhost name resolution is handled within dns itself.
O1 - Hosts: ::1 localhost
O1 - Hosts: 78.46.17.80 l2authd.lineage2.com
O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com
O1 - Hosts: 78.46.17.80 nprotect.lineage2.com
Close all Windows except HJT and click on
"Fix Checked."
Print out the following directions so that you can follow each step: DNS Changer
You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type
ipconfig /flushdns (note space before the /)
Exit the Command prompt when finished and shut the system down.-
[1]. Shut down your computer, and any other computer connected to your router.
[2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
[3]. Unplug the router. Wait sixty seconds.
[4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
[5].With the router unplugged, start your computer. Run MBAM again.
[6].Connect to the router again. The turn the router back on.
[7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
[8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
Rescan with HijackThis after completing the above. Leave the new Mbam log and new HijackThis log in your next reply.
I will have you reset the Hosts files correctly when we're finished.