Could I get the answers to these questions please?
Let's get some more information, when you go on the internet - are you getting redirected? Popups? If so to where or what sort of popups?
Can you even connect to the internet still?
Also answer if you have already run HostsXpert and tell me how are you accessing this site?I still don't see anything that could be causing this.
Start
OTScanIt. Copy/Paste the information in the Code box below into the pane where it says
"Paste fix here" and then click the Run Fix button.
[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> lphc5ucj0etel -> %SystemRoot%\system32\lphc5ucj0etel.exe [C:\WINDOWS\system32\lphc5ucj0etel.exe]
YN -> services -> %SystemRoot%\services.exe [C:\WINDOWS\services.exe]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found.
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found.
YN -> .[msn] -> My Computer
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> blphc5ucj0etel.scr -> %SystemRoot%\System32\blphc5ucj0etel.scr
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> phc5ucj0etel.bmp -> %SystemRoot%\System32\phc5ucj0etel.bmp
NY -> 14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> @Alternate Data Stream - 26 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> NOS -> %AllUsersProfile%\Application Data\NOS
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.zip:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.zip:Zone.Identifier
NY -> @Alternate Data Stream - 88 bytes -> %UserProfile%\Desktop\SD-FIX.exe:SummaryInformation
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\SD-FIX.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
NY -> NOS -> %ProgramFiles%\NOS
[Empty Temp Folders]
[Start Explorer]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back hereI would like to give combofix a shot as it covers a wide range of Malware...
Please go
here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!Now please download combofix from
here or
here. It is important that you save this file to your desktop.
Double click
combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a
Hijack This log in your next reply.
A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.