virus detected

You need to attach the other two logs requested in the READ ME:

- GetRunKey
- ShowNew

 

Let's start with the below.

Goto Add/Remove programs and uninstall these:
Paltalk Messenger
RelevantKnowledge
Viewpoint Media Player

Who installed the below? While they may not be malware, in many cases, screen saver stuff like these are spreaders of malware. Many come bundled with malware and that could be where you got the above Paltalk and RelevantKnowledge from.
"DisplayName"="Active Dancer Strip Saver"
"DisplayName"="All American Girls Screensaver"
"DisplayName"="Girls of Bikinicom 4 Screen Saver"
"DisplayName"="Screensavers Installer"
"DisplayName"="Swimsuit Models Screensaver"

After uninstalling the first 3, decide what you are doing with the others and tell me. Then attach a new log from HJT.

 

I can understand that! And he will probably download and install them again or maybe other ones. It is hard to stop them from doing stuff like this especially on their own PCs. Even if you warn teenagers of the potential danger in this kind of software, they ignore the warnings (like everything else you warn them about ). So let's just finish all the cleanup, and see how things are working afterwards.

Now that you have uninstall all that stuff, there should already be an improvement.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYDUUS
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

After clicking Fix, exit HJT.

Now reboot into safe mode

Now use Windows Explorer to locate the below files and delete them if found (let me know what you find. Some may be gone already.)
C:\WINDOWS\ss3unstl.exe
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\components\rlxf.dll

Then goto the below folder and delete all files and subfolders in this Temp folder. Windows will not let you delete a couple from the current date because it will be using them.
C:\Documents and Settings\HP USER\Local Settings\Temp\

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!


Now reboot in normal mode and post a new HJT log.

Also please attach new GetRunKey and ShowNew logs!

Make sure you tell me how things are working now.

 

Not completely true! The first one ( C:\WINDOWS\ss3unstl.exe ) is still showing in your newfiles.txt log. Look for yourself at the log. Thus it is still on your PC and you need to delete it. Make sure you have follow the directions for viewing hidden and system files in the READ ME.


Now install the current version of Sun Java from: Sun Java Runtime Environment

Then uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 2

Your logs are clean (other than the one file mentioned above). If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Let me know what you find and make sure to get started with the How to protect steps. Your son should read some of the information there. It may roll off his back like water on a duck, but maybe some of it will stick.

 

Then you did not do what I said previously in message # 9.

 

You're welcome. No, that is all you need to do!

 

You're welcome. Surf safely!