You have malware in the restore point s so don't do a System Restore while cleaning. We'll remove the old restore point after cleaning.
You had the DNS Changer malware which means you need to reset the router as follows:
Start> Run> type
cmd> enter> at the C prompt type
ipconfig /flushdns (note space before the /)
Exit the Command prompt when finished and shut the system down.-
[1]. Shut down your computer, and any other computer connected to your router.
[2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
[3]. Unplug the router. Wait sixty seconds.
[4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
[5].With the router unplugged, start your computer. Run MBAM again.
[6].Connect to the router again. The turn the router back on.
[7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
[8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
You have malware in temp file and they need to be deleted:
Download
TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
FC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. . TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
Download
TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Run Eset NOD32 Online AntiVirus Scanner HERE
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Please reopen Hijack This to
"do system scan only"
Check the following entries of present. Note: Do not click on Fix Checked until; all in the list have been checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn;*.local
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
Close all Windows except HijackThis and click on "Fix Checked
To summarize:
[1] Reset router, running Mbam as instructed.
[2] Run TFC
[3] Do online scan with Eset Nod32
[4] Remove HijackThis entries
Attach logs and report for #1, 2 and do a rescan with HJ and include new log.
I will give you instructions for complete removal of WeatherBug, which includes the MyWebSearch Toolbar in the next reply.
