Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080310
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [nipufagagi] Rundll32.exe "C:\WINDOWS\system32\hagejuwi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nipufagagi] Rundll32.exe "C:\WINDOWS\system32\hagejuwi.dll",s (User 'NETWORK SERVICE')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O20 - AppInit_DLLs: dtwjdw.dll yodwzp.dll C:\WINDOWS\system32\vuzivavi.dll imseii.dll
Killall:
Snapshot::
File::
C:\WINDOWS\system32\vuzivavi.dll
C:\WINDOWS\system32\imseii.dll
C:\WINDOWS\system32\dtwjdw.dll
C:\WINDOWS\system32\yodwzp.dll
C:\WINDOWS\system32\hagejuwi.dll
Folder::
C:\Program Files\FrostWire
Uninstall File Sharing/P2P Programs
During the cleaning process all File Sharing Programs should be uninstalled
This is to avoid any possible reinfection of any malwares through file sharing
We reserve the right to withdraw our support:
As they are normally set to bypass your Firewall and Anti-Virus software
- If such programs are found in your logs
- Should you not agree to their removal.
Filesharing/P2P Programs serves as a constant threat to your computer