Welcome to Bleeping Computer.
Sorry for the delay, the forums are very busy.
Before we start cleaning malware, I need to ask a few questions.
I downloaded and ran ATF Cleaner, did System Restore after that,then ran AVG Anti-Spyware.
Did you actually restore the system to an earlier date? Or did you disable System Restore?
Then did Windows updates. Ran Reboot Test.
What is the Reboot Test?
And finally, what type of video display adapter is installed in this computer? Click Start
, right click My Computer
, and select Properties
. Click Hardware
tab, then click Device Manager
. click the "+" next to Display Adapters
, and note what is listed. I need that information, because your HJT log shows files associated with three different graphics cards.
Full disclosure -- you have already done a lot, but there's quite a bit left to do. Please don't quit as soon as the machine seems to be working all right, we need to make sure it's clean so the baddies won't come back. Your dad has quite a collection of malware on his machine.
Since Panda has found a Smitfraud file, we'd better start with that.SmitfraudFix Scan
Please download SmitfraudFix
. Save the .zip file to your desktop.
Right click the file icon and Extract the content (a folder named SmitfraudFix
) to your Desktop.
Open the SmitfraudFix
folder and double-click smitfraudfix.cmd
Select option #1 - Search
by typing 1
and press <Enter>
; a text file will appear, which lists infected files (if present).
Please save that file and copy/paste the content of that report into your next reply.Do not run any other option until you are instructed to do so.Note
: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmFresh hijackThis scan, and get back to me
Open HiJackThis and run a fresh scan. Post that log, along with the Smitfraudfix log, to a reply here. Let me know if you encountered any problems. Also please answer my questions.