Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Geeks to Go.
I'm
Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select
Run as Administrator.
The Operating System in use comes with a inbuilt utility called
User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option
Allow.
Before we start:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Next:Now please go to
Start(Windows 7 Orb) >>
Control Panel >>
Programs and Features and remove the following (if present):
Adobe Reader 9.4.4 MUI <-- We will update this in due course
HiJackThis <-- Not 64 bit compatible.
YouTube Downloader - Accelerator Pro 1.0 <-- Has undesirable characteristics.
IMVU Inc Toolbar <-- As above.
To do so click once on each of the above and click on
Uninstall/Change and follow the prompts
Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.- Please go here and download ERUNT.
- ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
- Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
- Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
- Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
- Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
- Make sure that at least the first two check boxes are selected.
- Click on OK
- Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start
ERDNT.exeCustom OTL Script:- Right-click OTL.exe and select Run as Administrator to start the program.
- Copy the lines from the quote-box(do not include the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O4 - HKCU..\Run: [FocoLink] File not found
O4 - HKCU..\Run: [NTServiceManager] File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\RP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
[2011/05/18 13:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/18 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/18 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{BCCB4F1A-8240-4EA5-9A49-B7ED2ADE0461}
[2011/05/18 12:30:39 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{4CE2C915-162B-4C55-A2E0-93C8461189F2}
[2011/05/18 09:15:21 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Roaming\PlayFirst
[2011/05/17 23:50:07 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{DC16DCEB-6AD3-4B84-97DE-B9AA40198DD1}
[2011/05/15 20:36:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTubeDownloaderAccPro
[2011/05/15 20:36:06 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube Downloader - Accelerator Pro
[2011/05/15 13:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2011/05/15 13:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube Downloader
[2011/05/15 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{BD190144-717A-46AE-87FC-C856B860B91F}
[2011/05/13 20:44:24 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{E64F2C2E-3667-4953-964D-C7BD76184BF3}
[2011/05/12 20:52:39 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{85036BE6-41B0-46CC-B780-71CA0E059570}
[2011/05/12 06:09:45 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{D50C2753-C06B-4A8E-9E61-AB93694A5A3E}
[2011/05/08 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{CA057302-8C1A-47DF-9DEC-C60D6AA1B139}
[2011/05/07 20:21:13 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{D045A05F-7147-43CC-888E-0E826ABB0ADE}
[2011/05/06 21:27:47 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{85EFE847-4BD6-408C-B49C-BB2B7810FD77}
[2011/05/06 06:24:07 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{C46F6770-9ADD-47CE-9111-ECA06F2C378B}
[2011/05/05 06:48:36 | 000,000,000 | ---D | C] -- C:\289bb745c63793052b
[2011/05/05 06:24:17 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{3C6A255B-C614-4F5D-8D1E-BE9BA5BEAB38}
[2011/05/01 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{078951CA-C567-4348-981E-EC1C66E2C453}
[2011/04/28 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{FD0C3738-A3E4-4943-B5D7-E3621C614EA5}
[2011/04/27 09:12:22 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{A036FB8E-8517-452F-A1B6-C41558EA0702}
[2011/04/26 10:14:19 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{23C06D62-AB4A-41E5-B95E-6897562FBCB9}
[2011/04/25 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{20658051-405C-49DA-A896-6BD5A5C08A1D}
[2011/04/24 22:03:46 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{78CC6204-EF50-4B25-888F-24D323DA466C}
[2011/04/23 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{9F658E07-F927-4BDC-BA31-8D90786BF55B}
[2011/04/23 06:44:43 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{3DDC9F32-0F3F-4A93-9C83-0879A5E19A9C}
[2011/04/21 19:34:06 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{FF69ED4F-3670-4A4D-A538-F9ACF71CDA72}
[2011/04/20 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{CE667516-8572-4D59-95CE-A84615C16E77}
[2011/04/20 06:41:58 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{28738B7F-F0CA-4D62-963E-ADCA85690342}
[2011/04/19 11:54:23 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{B7D62BC4-8B80-4776-B6F7-D0C53829A7B2}
[2011/04/19 09:13:27 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{BD601ACF-0B45-45F1-9B07-6605AD41682E}
[2011/04/18 21:12:50 | 000,000,000 | ---D | C] -- C:\Users\RP\AppData\Local\{BB047B94-9C2C-4E88-B17A-BB6722E63011}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2011/05/18 13:10:37 | 000,002,961 | ---- | C] () -- C:\Users\RP\Desktop\HiJackThis.lnk
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\YoutubeDownloader.org
:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
- Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
- Then click the red Run Fix button.
- Let the program run unhindered.
- If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located
C: >>
_OTL >>
MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Malwarebytes Anti-Malware: Note: Remember to right click MBAM and select Run As Administrator.
- Launch the application, Check for Updates >> Perform quick scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed the above, please post back the following in the order asked for:
- How is your computer performing now, any further symptoms and or problems encountered?
- OTL Log from the Custom Script.
- Malwarebytes Anti-Malware Log.