[joemama12345]

Hey Guys,

My dad accidentally installed some malware and a trojan while trying to download something from a link I sent him (he clicked the "download" button for some ad instead of the "download" button for the .zip file I sent him). I've done my best to clean his computer out, but there might be some stuff left on it.

Thanks for the help.





OTL logfile created on: 7/17/2011 12:29:20 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Sid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 367.47 Mb Available Physical Memory | 36.23% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.85% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.72 Gb Total Space | 35.02 Gb Free Space | 66.43% Space Free | Partition Type: NTFS
Drive D: | 16.36 Gb Total Space | 16.29 Gb Free Space | 99.55% Space Free | Partition Type: NTFS

Computer Name: HAMBURGLAPTOP | User Name: Sid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 12:28:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/13 18:15:04 | 000,499,852 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
PRC - [2010/08/19 18:00:00 | 000,028,672 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0680Mon.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 04:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/04/11 15:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2006/04/06 12:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 14:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/08/11 23:47:14 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/08/09 17:12:14 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 00:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2005/01/26 23:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Modules (SafeList) ==========

MOD - [2011/07/17 12:28:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2007/04/23 04:00:00 | 000,045,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/07/12 00:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/31 11:28:56 | 000,147,040 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/08/24 23:48:02 | 000,231,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0680Afx.sys -- (V0680Afx)
DRV - [2010/08/09 18:00:00 | 000,322,272 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0680Vid.sys -- (V0680Vid)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/03/24 14:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 10:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 07:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 14:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 13:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 15:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/02/13 07:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/09/18 19:25:48 | 000,057,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1E 37 78 0C 05 93 72 4D B2 C9 FD 6E C5 56 1B D0 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://mp3tubetoolba...53f7fb7&subid="

FF - user.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Sid\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 16:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/11 16:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid\Application Data\Mozilla\Extensions
[2011/07/11 20:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid\Application Data\Mozilla\Firefox\Profiles\1w1ltp47.default\extensions
[2011/07/11 20:10:04 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Sid\Application Data\Mozilla\Firefox\Profiles\1w1ltp47.default\extensions\[email protected]
[2011/07/16 18:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/09/27 22:17:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/29 03:13:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Live! Central 3] C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [V0680Mon.exe] C:\WINDOWS\V0680Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [ModemOnHold] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\Quicken\billmind.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE (Intuit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.64.12 68.238.96.12
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\BCMLogon.dll) - C:\WINDOWS\system32\BCMLogon.dll (Broadcom Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 20:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid\Desktop\MarinaPhotos
[2011/07/14 16:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid\My Documents\Roberta's old files
[2011/07/13 18:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid\Application Data\AVG10
[2011/07/13 18:45:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/13 18:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/07/13 18:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/13 18:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/07/13 18:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/11 16:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid\Local Settings\Application Data\Mozilla
[2011/07/11 16:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid\Application Data\Mozilla
[2011/06/29 21:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid\Application Data\Skype
[2011/06/29 21:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/29 21:34:43 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/06/29 21:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/06/27 17:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2011/06/27 17:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid\Application Data\Creative
[2011/06/27 16:51:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/06/27 16:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/06/27 16:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/06/27 16:49:45 | 000,000,000 | ---D | C] -- C:\1d0005186ad983e2404323b0436b
[2011/06/27 16:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Creative
[2011/06/27 16:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Creative

========== Files - Modified Within 30 Days ==========

[2011/07/17 12:31:07 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DEF99892-3DF1-40FD-8504-36295E2F6D3F}.job
[2011/07/17 12:28:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid\Desktop\OTL.exe
[2011/07/17 12:28:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-852583636-3979923401-3678695311-1007UA.job
[2011/07/17 09:59:06 | 122,570,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/17 00:31:42 | 000,455,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/17 00:31:41 | 000,076,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/17 00:27:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 00:27:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 00:27:27 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 21:28:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-852583636-3979923401-3678695311-1007Core.job
[2011/07/16 18:01:10 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Sid\Desktop\Microsoft Office Outlook 2003.lnk
[2011/07/14 19:29:28 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Sid\Desktop\Google Chrome.lnk
[2011/07/14 19:29:28 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Sid\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 18:44:56 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/13 18:29:19 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/07/13 18:08:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/13 17:59:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sid\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/13 03:19:59 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 03:03:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 16:46:54 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sid\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/11 16:46:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/11 12:05:08 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sid\Desktop\Microsoft Office Word 2003.lnk
[2011/07/07 21:57:32 | 000,133,504 | ---- | M] () -- C:\Documents and Settings\Sid\My Documents\Buster.JPG
[2011/07/07 21:30:32 | 000,009,631 | ---- | M] () -- C:\Documents and Settings\Sid\My Documents\Golden.htm
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/01 18:47:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/01 18:47:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/07/01 18:18:11 | 001,040,228 | ---- | M] () -- C:\Documents and Settings\Sid\My Documents\Final Pages.pdf
[2011/07/01 14:54:23 | 000,667,465 | ---- | M] () -- C:\Documents and Settings\Sid\My Documents\Other Pages.pdf
[2011/07/01 14:43:40 | 002,142,722 | ---- | M] () -- C:\Documents and Settings\Sid\My Documents\Page 2-7.pdf
[2011/07/01 11:37:28 | 000,920,127 | ---- | M] () -- C:\Documents and Settings\Sid\My Documents\Pent 25.pdf
[2011/06/29 21:44:53 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/27 17:07:22 | 000,076,498 | ---- | M] () -- C:\Documents and Settings\Sid\Desktop\110627-170722.jpg
[2011/06/27 17:07:22 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Sid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/17 09:59:06 | 122,570,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/13 18:44:56 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/13 18:29:19 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2011/07/13 18:07:03 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/13 18:07:03 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/13 18:03:58 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DEF99892-3DF1-40FD-8504-36295E2F6D3F}.job
[2011/07/11 16:46:54 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sid\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/11 16:46:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/11 16:46:54 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/07 21:57:32 | 000,133,504 | ---- | C] () -- C:\Documents and Settings\Sid\My Documents\Buster.JPG
[2011/07/07 21:30:32 | 000,009,631 | ---- | C] () -- C:\Documents and Settings\Sid\My Documents\Golden.htm
[2011/07/01 18:47:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/07/01 18:47:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/07/01 16:14:17 | 001,040,228 | ---- | C] () -- C:\Documents and Settings\Sid\My Documents\Final Pages.pdf
[2011/07/01 14:54:20 | 000,667,465 | ---- | C] () -- C:\Documents and Settings\Sid\My Documents\Other Pages.pdf
[2011/07/01 14:43:32 | 002,142,722 | ---- | C] () -- C:\Documents and Settings\Sid\My Documents\Page 2-7.pdf
[2011/07/01 11:37:24 | 000,920,127 | ---- | C] () -- C:\Documents and Settings\Sid\My Documents\Pent 25.pdf
[2011/06/29 21:34:44 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/27 17:07:29 | 000,076,498 | ---- | C] () -- C:\Documents and Settings\Sid\Desktop\110627-170722.jpg
[2011/06/27 16:55:39 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2011/06/27 16:55:00 | 000,004,407 | R--- | C] () -- C:\WINDOWS\VF0680.uns
[2011/06/27 16:54:59 | 000,057,656 | R--- | C] () -- C:\WINDOWS\System32\drivers\V0680PC.bmp
[2011/06/27 16:41:41 | 000,057,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\FilterPC.bmp
[2011/06/27 16:41:41 | 000,024,995 | ---- | C] () -- C:\WINDOWS\System32\drivers\FilterPC.jpg
[2010/04/25 20:03:10 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/04/07 18:32:23 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010/04/07 18:32:22 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2010/04/07 18:32:21 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2010/04/07 18:32:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Inet_BFS.dll
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/08/21 21:24:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/23 08:17:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/09/02 08:10:15 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Sid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/30 15:35:31 | 000,000,233 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/08/30 15:34:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUPREM.DAT
[2006/08/30 15:34:19 | 000,000,396 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/08/30 15:34:18 | 000,000,941 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/30 15:28:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sid\Application Data\wklnhst.dat
[2006/08/30 15:08:16 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sid\Local Settings\Application Data\fusioncache.dat
[2006/08/23 19:45:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/23 19:39:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/23 19:31:24 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/23 19:27:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/23 19:24:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/23 19:20:39 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/08/23 18:52:41 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2006/08/23 18:52:41 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2006/08/23 18:52:41 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2006/08/23 18:52:41 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2006/08/23 18:52:41 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2006/08/23 18:52:41 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2006/08/23 18:52:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2006/08/23 18:52:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2006/08/23 18:52:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/08/23 18:52:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2006/08/23 18:52:40 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2006/08/23 18:52:40 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2006/08/23 18:52:40 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2006/08/23 18:52:40 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjcoms.exe
[2006/08/23 18:52:40 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2006/08/23 18:52:40 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcjih.exe
[2006/08/23 18:52:40 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.exe
[2006/08/23 18:52:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2006/08/23 18:52:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2006/08/23 18:52:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2006/08/23 18:52:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2006/08/23 18:52:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2006/08/23 18:52:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/23 18:52:20 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/23 18:52:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/08/23 18:52:02 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/08/23 18:51:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/08/23 18:50:47 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 12:16:00 | 000,000,618 | ---- | C] () -- C:\WINDOWS\System32\dlcjplc.ini
[2005/01/27 23:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 11:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 10:57:15 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 10:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:51:20 | 000,455,000 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 10:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:51:20 | 000,076,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 10:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 10:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 10:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 10:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/19 17:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/07/13 18:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/03/22 18:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/08/23 19:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/07/13 18:45:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/11/02 22:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2011/07/13 18:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/13 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/08/04 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/08/23 19:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/31 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/10/23 23:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid\Application Data\acccore
[2011/07/13 18:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid\Application Data\AVG10
[2009/08/04 12:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/25 20:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid\Application Data\LimeWire
[2008/08/22 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid\Application Data\MSNInstaller
[2006/08/30 15:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid\Application Data\Template
[2011/07/17 12:31:07 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DEF99892-3DF1-40FD-8504-36295E2F6D3F}.job

========== Purity Check ==========



< End of report >

[Advertisements]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan With RKUnHooker:

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.
• Copy the entire contents of the report and paste it in a reply here.

Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Re-scan with OTL:

• Double-click on OTL.exe to start OTL.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

• How is your Dad's computer performing now, any further symptoms and or problems encountered?
• RKUnHooker Log.
• Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan With RKUnHooker:

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.
• Copy the entire contents of the report and paste it in a reply here.

Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Re-scan with OTL:

• Double-click on OTL.exe to start OTL.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

• How is your Dad's computer performing now, any further symptoms and or problems encountered?
• RKUnHooker Log.
• Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

[Dakeyras]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.