Posted 23 December 2011 - 02:03 AM
Several months ago my computer was infected with a virus that hid most of my files. I manually "unhid" several files, but I did not know how to restore the start menu. I paid a remote computer repair service to clean and restore the system, but I think they did more harm than good. My genuine Office Products were now not recognized by Microsoft, and the version had mysteriously changed from 2007 to 2003. After several hours and countless phone calls, I gave up and patched things back together as best I could. Things were reasonably functional until a few days ago when I began receiving fake system alerts. My computer shut down, and when it restarted my files were hidden again, and now my search results were being redirected to bogus sites.
I restored what I could and ran a McAfee scan, Malwarebytes, SuperAntiSpyware and Trojan Killer which found and removed several items, but my search results were still being redirected in both IE and Firefox. Then I downloaded Kaspersky Tdsskiller, which found and "cured" Rootkit.boot.pihar.b. Search results are not being redirected anymore, but my start menu is a mess, my computer is running extremely slow, issuing warnings, making system beeps and dings, and running out of memory. I have rebooted several times, and re-run tdsskiller. It finds and "cures" pihar.b every time, so it appears to be re-intsalling every time the system starts up.
Unfortunately, in my frenzy to remove the virus, I had also run a "PC clean", so I was able to retrieve the temp\smtmp files. I downloaded and ran the Winxp script to reset the start menu with minimal results. I also downloaded ComboFix, but I am reluctant to try it without guidance. I may have already done more than I should have. Your help will be greatly appreciated.