Is your computer able to run at all?
If so, please do the following:
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {a96bcc63-40fd-402c-9b9f-4909a30d1c38} - (no file)
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O2 - BHO: (no name) - {eeea7df5-983d-4519-a80e-f576b6d6b221} - (no file)
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\winlognn.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [z2m0z66rj1jcdf9luoh] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\itnm86silg.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [nt2h43rqwj1rpm9hw0tebbjor7pebssyb7siaud6nr] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\i4pxqur.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [b19mn21g0unygi8ctkk9w4oh9af84ek1cx7t] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\rhpkutjmjw.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [e9f3p78dpznr3ftgicgqg7z6g9cm876v] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\q0fotu35.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [o6xv0aplwwdu7ek22gnf] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\asa98nl2.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ylpqnc0e1gzq3dls7t2jgz7b9eg60rgmajj21y8t3zhapn0m1] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\b2f7z45dm.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [system tool] C:\WINDOWS\sysguard.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [c7px2kk2nl1q4mpm7wf3fo7hwavmhu] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\vqwpshtkrz.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [phk3m5jddtntqi2] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\qb1x3g8m.exe (User 'Alex~Lucas~Zachary')
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O20 - AppInit_DLLs: C:\WINDOWS\system32\davuhano.dll yyzlmx.dll c:\windows\system32\hagatogo.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: nwdmoihl - skutwek.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
Now
close all windows other than HijackThis, then click Fix Checked. Close HijackThis.
Please reboot your computer.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these
files (if present):
C:\WINDOWS\system32\davuhano.dll
c:\windows\system32\hagatogo.dll
c:\windows\system32\yyzlmx.dll
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\winlognn.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\itnm86silg.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\i4pxqur.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\rhpkutjmjw.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\q0fotu35.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\asa98nl2.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\b2f7z45dm.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\sysguard.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\vqwpshtkrz.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\qb1x3g8m.exePlease reboot your computer, and post a new HijackThis log here in your next reply.
==
There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
- Back up all important data on the machine.
- If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account umbers.
- From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
- DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
- Take any other steps you think appropriate for an attempted identity theft.
==
If you are able to post the HJT log, go ahead. If not, please let me know.