Follow these directions carefully:
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {17F59AF6-2B8B-4F0E-95EF-2C63325E87FC} - (no file)
O2 - BHO: (no name) - {36AC279D-F685-487E-98D3-687E8864E2E4} - (no file)
O2 - BHO: (no name) - {41B0038E-894A-410A-8998-3CB5CE8EE81D} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {5C821749-EB0F-4CE1-9BAE-EFDF4BBE4AF6} - (no file)
O2 - BHO: (no name) - {61EC73CD-8F73-4E84-9A13-7C02F22C0B41} - (no file)
O2 - BHO: (no name) - {714CCB98-1E9C-4F8B-85D4-01660E27C410} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {A903C099-E909-4264-86E8-D86E4B87AC42} - (no file)
O2 - BHO: (no name) - {CA2DD0EA-F7EE-489A-81C4-526C80309532} - (no file)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\cguatyus.dll
O2 - BHO: (no name) - {E48E8D74-5ABC-401E-B34A-390EBF5C313D} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {F49ED2B3-08F5-4BA3-8536-2DAEE8C8409B} - C:\WINDOWS\system32\xxyvvuu.dll (file missing)
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\irwkmepa.dll",realset
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1561f3ac...p/RdxIE601.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O20 - Winlogon Notify: xxyvvuu - xxyvvuu.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) RIGHT Click on Start then click on Explore. Locate and delete these items:
(this is very important, this is a very bad file)
C:\WINDOWS\system32\irwkmepa.dll <<< delete that file
6) Use the instructions in the following link to run AVG Anti-Spyware, delete or at least quarantine anything it finds and save the scan report to post:
http://forums.security-central.us/showthread.php?t=3165
7) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post that scan report and a new HJT log. Let me know how the computer is running and add any comments you think will help.
Thanks...Phil