[xyz3210]

Dell Optiplex 380
W7 Pro SP1

avast reports MBR:Alureon-K [Rtk] in Disk 0 Partition 4

No symptoms from machine so far - no issues surfing, pop-ups, etc

We tried booting from Win 7 CD and running bootrec.exe with /fixmbr then /fixboot then /rebuildbcd per instructions in another forum without any change - avast still reports Alureon there. avast also requests a boot-time scan, which we let it do, and this found nothing.

We have placed this hard drive in another machine and scanned using latest definitions with Malwarebytes and Kaspersky Endpoint Solution. Both found 0.

Grateful for any help anyone can provide!

Following is OTL report:

OTL logfile created on: 3/20/2013 9:12:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\patches
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.16% Memory free
5.93 Gb Paging File | 4.93 Gb Available in Paging File | 83.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.57 Gb Total Space | 82.90 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive E: | 3.66 Gb Total Space | 1.59 Gb Free Space | 43.28% Space Free | Partition Type: FAT32

Computer Name: WS-22 | User Name: user12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/20 09:10:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\patches\OTL.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user12\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 22:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/05/25 02:33:56 | 000,648,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
PRC - [2012/05/25 02:32:46 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
PRC - [2012/05/18 13:40:18 | 000,029,592 | ---- | M] (Gladinet, INC) -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
PRC - [2012/05/18 13:08:10 | 000,145,304 | ---- | M] () -- C:\Program Files\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
PRC - [2011/07/06 13:47:16 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/07/06 13:45:32 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2011/07/06 12:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/21 17:01:38 | 000,147,840 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/06/22 12:33:38 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/03/29 13:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/08/26 13:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/07/30 20:56:26 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 09:50:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 09:59:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 09:51:38 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 09:51:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 09:51:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 09:51:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 09:50:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/07/06 13:46:14 | 000,125,288 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2011/07/06 13:46:12 | 000,020,840 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2011/07/06 13:45:56 | 000,042,344 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2011/07/06 13:45:38 | 000,268,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/07/06 13:45:38 | 000,176,488 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2011/07/06 13:45:36 | 000,346,984 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2010/09/30 00:23:10 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll
MOD - [2010/09/30 00:23:10 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/03/02 13:46:38 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2010/01/19 13:44:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll


========== Services (SafeList) ==========

SRV - [2013/03/13 12:33:18 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/25 02:32:46 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2012/05/18 13:40:18 | 000,029,592 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2011/07/06 12:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/10/26 19:17:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/29 13:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/02/03 18:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/07/30 20:56:26 | 000,435,488 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\user12\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 18:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/19 13:46:44 | 000,229,888 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/11/16 19:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/06/20 08:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/06/10 17:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 12:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0EB2125F-413C-427D-9026-705E6A492363}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS409
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 09:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/28 18:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user12\AppData\Roaming\mozilla\Extensions
[2012/06/21 14:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user12\AppData\Roaming\mozilla\Firefox\Profiles\2yuupriu.default\Extensions
[2011/11/03 14:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/28 09:36:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/28 09:36:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\user12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\user12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\user12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InboxMonitor] C:\Program Files\Nuance\PDF Professional 8\InboxMonitor.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PDF8 Registry Controller] C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user12\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with Nuance PDF Converter 8 - C:\Program Files\Nuance\PDF Professional 8\cnvres_eng.dll (Nuance Communications, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: uscourts.gov ([ecf.flmb] https in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://nt1.norris.l...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://nt1.norris.l...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://nt1.norris.l...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Norris.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85046882-A142-44A7-AA6B-56F44C4346F2}: DhcpNameServer = 10.0.0.5
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\tmtbim - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/15 20:43:27 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/15 20:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/15 20:43:26 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/15 20:43:25 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/15 20:43:25 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/03/15 20:43:24 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/15 20:43:21 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/03/15 20:43:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/15 20:42:31 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/15 20:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/15 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/15 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\user12\AppData\Local\Programs
[2013/03/15 14:15:00 | 000,000,000 | ---D | C] -- C:\Users\user12\AppData\Roaming\Malwarebytes
[2013/03/15 14:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/15 14:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/15 14:14:54 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/15 14:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/15 13:02:54 | 004,853,248 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf450.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/20 08:52:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 08:38:58 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 08:38:58 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 08:37:50 | 000,707,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/20 08:37:50 | 000,135,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/20 08:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 08:22:29 | 000,000,000 | ---- | M] () -- C:\Users\user12\AppData\Local\WavXMapDrive.bat
[2013/03/20 08:22:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 08:17:11 | 2387,329,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 21:08:27 | 000,000,616 | ---- | M] () -- C:\Windows\ricdb.ini
[2013/03/18 07:40:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/15 20:43:27 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/15 20:43:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/03/15 14:16:19 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/15 13:03:29 | 000,001,111 | ---- | M] () -- C:\Users\user12\Desktop\PCLaw®.lnk
[2013/03/14 18:54:11 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/14 15:14:14 | 000,000,032 | ---- | M] () -- C:\Windows\PWresize.ini
[2013/03/14 15:14:14 | 000,000,032 | ---- | M] () -- C:\Windows\Conv.INI
[2013/03/14 12:21:55 | 000,000,032 | ---- | M] () -- C:\Windows\pdLoader.INI
[2013/03/13 17:21:57 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/06 18:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/06 18:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/06 18:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/03/01 09:58:01 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\DoubleTime 6.0.1.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/15 20:43:27 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/15 20:43:24 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/15 20:43:23 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/15 14:16:19 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/15 13:34:45 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/01 09:58:01 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\DoubleTime 6.0.1.lnk
[2012/12/10 12:41:32 | 000,000,616 | ---- | C] () -- C:\Windows\ricdb.ini
[2012/11/06 12:09:40 | 000,000,112 | ---- | C] () -- C:\Windows\gpresize.ini
[2012/05/21 10:34:45 | 000,000,032 | ---- | C] () -- C:\Windows\PWresize.ini
[2012/05/21 10:34:45 | 000,000,032 | ---- | C] () -- C:\Windows\Conv.INI
[2012/05/21 10:29:35 | 000,000,032 | ---- | C] () -- C:\Windows\pdLoader.INI
[2012/05/21 10:28:04 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/11 18:10:55 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/12/22 10:17:39 | 000,000,000 | ---- | C] () -- C:\Users\user12\AppData\Local\WavXMapDrive.bat
[2011/11/14 17:28:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/20 17:12:16 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/06/02 16:06:12 | 000,000,450 | ---- | C] () -- C:\Windows\dsi.ini
[2011/06/02 16:05:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\encodr32.dll
[2010/10/26 12:51:16 | 000,004,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/22 10:17:49 | 000,000,000 | ---D | M] -- C:\Users\user12\AppData\Roaming\Broadcom
[2012/06/21 14:06:54 | 000,000,000 | ---D | M] -- C:\Users\user12\AppData\Roaming\Nuance
[2011/12/22 10:17:49 | 000,000,000 | ---D | M] -- C:\Users\user12\AppData\Roaming\Wave Systems Corp
[2012/06/21 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\user12\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >

[Advertisements]

Hello xyz3210

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[gringo_pr]

Hello xyz3210

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[xyz3210]

Thank you very much for your reply. I am not presently in the same physical location as this computer and am not sure what day I will be back there, but I will post again when I have opportunity to take these steps (may require starting a new thread I realize).

[gringo_pr]

I will check on you in a couple of days


gringo

[gringo_pr]

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[gringo_pr]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.