Something put this back.
Remove these with HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ]http://home.alot.com/?client_
O4 - HKLM\..\Run: [Bar] C:\DOCUME~1\melina\LOCALS~1\Temp\mirasnet.tmp
O4 - HKLM\..\RunOnce: [SpybotDeletingA7060] command /c del "C:\WINDOWS\system32\ybtavrwa.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9897] cmd /c del "C:\WINDOWS\system32\ybtavrwa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB827] command /c del "C:\WINDOWS\system32\ybtavrwa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD410] cmd /c del "C:\WINDOWS\system32\ybtavrwa.dll_old"
O20 - AppInit_DLLs: ifovof.dll
Please download ATF Cleaner by Atribune to your desktop.
- This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Drag Combofix to the trash and grab a fresh copy as its updated on a regular basis.
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
Code:
File::
C:\WINDOWS\system32\prunnet.exe
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Then run Malwarebytes again and let me know how it came out, post the log if it found anything