1) Have "
HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <
Fix checked> and close"HijackThis".
Please close any open programs before doing this fix.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
2) Next perform a
full scan with malwarebyte antimalware as follows.Make sure it is
updated before performing a scan.
* Open Malwarebyte Antimalware.Under the "
Scanner" tab, select "
Perform Full Scan" and click "
Scan".In the dialog box select all your drives except CD/DVD drives.
* Now click "
Start Scan".
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then
Show Results to view the results.
* Make sure that everything is checked, and click
Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the
Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.
PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.3) Next download
RootRepeal.rar and unzip it to your Desktop. You'll need
WinRAR to extract it
* Double click
RootRepeal.exe to start the program
* Click on the
Report tab at the bottom of the program window
*
Click the
Scan button
* In the Select Scan dialog,
check:
o Drivers
o Files
o Processes
o SSDT
o Stealth Objects
o Hidden Services
*
Click the
OK button
* In the next dialog, select
all drives showing *
Click OK to start the scan
The scan can take some time. DO NOT run any other programs while the scan is running* When the scan is complete, the
Save Report button will become available
*
Click this and save the report to your Desktop as
RootRepeal.txt * Go to
File, then
Exit to close the program
*Attach this log in your next post.4) Download
DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, allow it.
* Double click
DDS.scr to run it and wait for the scan to finish
* When finished
DDS.txt will open
* A small while later, a prompt will open. Answer
Yes * DDS will continue scanning
* When done,
Attach.txt will open
Copy and paste the DDS.txt and attach Attach.txt