Hello!
I am doing some spyware/malware cleaning on my friend’s laptop. Is there anything suspicious in these OTL logs?
below are OTL scan results and Hitman pro scan results attached.
I have cleaned temp files with ccleaner and system restore files. Gonna run avast scan and maybe kaspersky rescue disc scan later.
if you need help, follow this and attach the logs
Monitoring… 8)
Here is what avast found, boot time scan. Almost all results seem to be related with Java ???
Also I get this error on every windows startup: http://files.myopera.com/stam1na/files/rundll%20error.gif
it can’t be found because Hitman pro deleted it! Have I messed up something? What should I do with Java? uninstall or update it?
Again, another OTL log. Did not get any Extra.txt log
I’m going to sleep now and continuing this tomorrow.
While I am looking over the OTL log could you please run aswMBR as well and attach that log please? 
Hello again!
Here is avast MBR log:
Hi,
If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.
To disable Malwarebytes
[*]Open the scanner and select the Protection tab
[*]Remove the tick from “Start Protection Module with Windows” as seen below
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM16orgreater.jpg
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{3a93e8f7-c0ff-11e0-bf60-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{3a93e8f7-c0ff-11e0-bf60-001e101f21c1}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{4f2b723d-c104-11e0-8f4a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f2b723d-c104-11e0-8f4a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{6faa5e5c-beab-11e0-b409-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6faa5e5c-beab-11e0-b409-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8aab2eee-3ffe-11e0-8fa4-001eec84c412}\Shell - "" = AutoRun
O33 - MountPoints2\{8aab2eee-3ffe-11e0-8fa4-001eec84c412}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8aab2f20-3ffe-11e0-8fa4-001eec84c412}\Shell - "" = AutoRun
O33 - MountPoints2\{8aab2f20-3ffe-11e0-8fa4-001eec84c412}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{95cd39dc-c109-11e0-8957-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95cd39dc-c109-11e0-8957-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{a3affcc5-6de4-11e1-b10a-001eec84c412}\Shell - "" = AutoRun
O33 - MountPoints2\{a3affcc5-6de4-11e1-b10a-001eec84c412}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{d7f27ebe-4efe-11e0-a360-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f27ebe-4efe-11e0-a360-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d97f428c-bf55-11e0-a545-001eec84c412}\Shell - "" = AutoRun
O33 - MountPoints2\{d97f428c-bf55-11e0-a545-001eec84c412}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
This thread can be closed. I already returned laptop to owner.
Ok…thank for letting me know.