Although I don't see any signs in your HijackThis log, we will go through the fix since you did mention mssearchnet.
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
I would like you to download a few tools, don't use them until you are instructed to do so.
- Download Hoster to your Desktop or to your usual Download Folder.
http://www.funkytoad.com/download/hoster.zip
Unzip it to your Desktop. - Please download SmitRem.exe to your Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double-click the smitRem.exe and it will extract the files to a smitRem folder on your Desktop.
______________________________
Please start and update Ewido to the latest definitions:
- On the left-hand side of the main screen click the Update Button.
- Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________
Disable Microsoft AntiSpyware- Open Microsoft AntiSpyware.
- Click on Tools, Settings.
- In the left pane, click on Real-time Protection.
- Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
- Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
- After you unchecked these, click on the Save button and close Microsoft AntiSpyware.
- Right click on the Microsoft AntiSpyware Icon on the taskbar and select Shutdown Microsoft AntiSpyware.
______________________________
Make sure that you can see hidden files.- Click Start.
- Click My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Uncheck the Hide file extensions for known file types.
- Click OK.
______________________________
In the next step we are going to stop a and remove the following Service:Click
Start then
Run Type in
services.msc Click
OkScroll down and double click on the service called
Loading Outpost ConnectionsClick
Stop and then set the
Startup Type to
Disabled.
Now we will remove the Service from the Registry. Maybe all of the following entries wont be present. If you don't find a key, proceed to the next key.
Click
Start then
Run Type in
regedit Click
Ok.
In left pane of registry editor, Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
KDEIf
KDE exists , right click on it and choose Delete from the menu.
Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_ KDE If
LEGACY_KDE exists then right click on it and choose Delete from the menu.
If you have trouble deleting a key, click once on the
key name to highlight it and click on the
Permission menu option under
Edit.
Uncheck Allow inheritible permissions and press
copy. Click on
everyone and put a
checkmark in
full control, press
apply and
ok and attempt to delete the key again.
Repeat the above procedure for
ControlSet001,
002 although you might not find the service listed in those keys.
______________________________
Reboot your computer in
Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
______________________________
Run HijackThis, click on
None of the above, just start the program, click on
Scan. Put a
check in the box on the left side of the following items if still present.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
Close
ALL windows and browsers
except HijackThis and click
Fix Checked.
Using
Windows Explorer,
Search and
Delete these
Files if listed:
C:\WINDOWS\System\svchost.exe <--- Watch out, there is a legitimate file called svchost.exe in your C:\WINDOWS\System32 Folder, don't delete that one
C:\WINDOWS\System32\cmdtel.exeIf you get an error when deleting a file,
right click on the file and check to see if the
read only attribute is checked. If it is
uncheck it and try again.
______________________________
Open the smitRem Folder, then double-click the
RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named
smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Close
ALL open Windows / Programs / Folders. Please start
Ewido Security Suite, and run a full scan.
- Click on Scanner
- Click on Settings
- Under How to scan all boxes should be checked
- Under Unwanted Software all boxes should be checked
- Under What to scan select Scan every file
- Click on Ok
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says
Perform action on all infections, then choose clean and click Ok.
Once the scan has completed, there will be a button located on the bottom of the screen named
Save Report.
- Click Save Report button
- Save the report to your Desktop
Close Ewido
______________________________
Navigate to
C:\Windows\PrefetchClick
Edit, click
Select All, press the DELETE key, and then click
Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to
C:\Windows\TempClick
Edit, click
Select All, press the DELETE key, and then click
Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to
C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\TempClick
Edit, click
Select All, press the DELETE key, and then click
Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your
Temporary Internet files. Procede like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Next Click
Start, click
Control Panel and then double-click
Display. Click on the
Desktop tab, then click the
Customize Desktop button. Click on the
Web tab. Under
Web Pages you should see an checked entry called
Security info or something similar. If it is there, select that entry and click the
Delete button. Click
Ok then
Apply and
Ok.
Empty the Recycle Bin by right-clicking the
Recycle Bin icon on your Desktop, and then clicking
Empty Recycle Bin.
______________________________
Reboot your computer in
Normal Mode.
Locate
Hoster.exe and double-click on it.
Click on
Restore Original Hosts.
Close the program.
______________________________
Run this online virus scan:
ActiveScan. Save the results from the scan!
______________________________
Go here to run the
Kaspersky Online Scanner
http://www.kaspersky.com/service?chapter=161739400
Hit
Online Scanner
You will need to allow ActiveX install.
Once the scanner is installed...
Hit
Online Scanner again
Click
Start
Click
Scan options
Check
extended databases
Leave the other 2 checked.
Disable your own AV before starting scan to prevent conflicts.
On the online scanner choose to scan
My Computer
Let the scan run. It will take a while. (couple hours)
Don't be browsing unknown sites or fiddling with email...you have no resident protection right now.
Once scan is done...click the
save as test button
That creates log of scan results.
Remember where you saved it.
Turn your Trend back on.
______________________________
Post a new
HijackThis log along with the results from
ActiveScan, the
Kaspersky Scan, the
Ewido log and the
smitfiles.txt.
You might need several replies to post the logs, otherwise they could get cut off.
Kim