Malware problems and my bad fix attempt

So I've been having malware problems (search results from Google and Yahoo getting redirected to ad sites, eBay, Walmart, etc.), so all weekend I've been trying to follow the instructions on this site and others for scanning, removal, etc, but no luck. Today I finally worked up the nerve to do a HJT log and then possibly went too far in "fixing" entries myself. Now my (desktop) computer can't connect to the Internet at all. I am attaching my second log, (I thought I had saved the first but I must have saved over it in my panic), and any help would be appreciated. It looks as though HJT made a registry backup from before the edit so hopefully i can restore whatever I mistakenly removed (though i don't know how to open those files, or even look at them..?). I knew it was dangerous to mess around with it myself, but I have to admit I'm still surprised as I went really carefully, checking against the tutorial here on other sources to make sure everything I took out was bad....This is what I remember taking out (I took fairly detailed notes)..I'm sorry if this is idiotic and unhelpful:

R1 There were a few of these, that had addresses I didn't recognize at all...looked like nonsense letters
R3 it said something was missing and I didn't recognize the program

Then the only other thing I removed was 4 O17 entries, that I thought all contained the bad IP addresses: 85.255.115.51, 85.255.112.187 in some form or other with "Name Server". Could some have these have been legitimate domains from my ISP?

So to be really specific, when I try to connect to the internet now (whether via IE or Opera) I get a "Cannot Find Server" message, along with this somthing like this search string along the bottom: auto.search.msn.com/response.asp?MT=www.cbc.ca&srch=3&prov=googl&utf8 . (when I tried to load CBC).

Okay, I guess that's it. I really hope someone can help!

 

removed wareout..i hope! logs clean?

Hello all..I ran fixwareout and I'm hoping someone could cast a learned eyeball over my logs to see if they look clean. Note to moderator: I can't figure out how to delete my posting below or I would do so...

Edit by bjgarrick: Inline logs attached!

 

Re: removed wareout..i hope! logs clean?

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gifWhen you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!