1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google, Facebook, Yahoo redirect to Yahoo Developer Page

Discussion in 'Virus & Other Malware Removal' started by StoopidMonkey, Feb 10, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. StoopidMonkey

    StoopidMonkey Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    2
    Hi Folks,

    I have had a recurring issue with my Windows 7 computer redirecting Google, Yahoo, and sometimes Facebook to a Yahoo Developer page (or a generic error page on iPhones and iPads on the network). Once it starts, it sometimes stops on its own after a couple minutes, sometimes it requires a power cycle of all networked devices (modem, router, a printer, 2 iPhones, and iPad and my PC).

    I've had Norton continuously since purchasing the computer, run anti-malware bytes and SuperAntispyware, and none of them have been able to locate an issue.

    I even tried re-installing Windows 7, but I think perhaps because I have an upgrade disk rather than the original I didn't get a full purge and the problem continued before I returned any backed up files onto it..

    I also removed my PC from the network for about a month and never experienced the problem with my other devices. I'm fairly positive it's the PC, but I can't figure out the issue and am hoping someone here can help.

    Per Cookiegal's instructions, here is my Hijack This log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:55:47 PM, on 2/9/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Users\Robbs\Downloads\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 6979 bytes


    Here is the dds log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
    Run by Robbs at 16:58:36 on 2013-02-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.4370 [GMT -8:00]
    .
    AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Robbs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Robbs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Robbs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Robbs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Robbs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    TCP: NameServer = 192.168.1.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{42504651-0530-478C-8767-034EFDE2F24A} : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
    SSODL: WebCheck - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604010.00E\symds64.sys [2013-2-5 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604010.00E\symefa64.sys [2013-2-5 1129120]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys [2013-2-5 167072]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130208.004\IDSviA64.sys [2013-2-8 513184]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\ironx64.sys [2013-2-5 190072]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\symnets.sys [2013-2-5 405624]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-20 676936]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe [2013-2-5 138272]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-29 25928]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 2061856]
    R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-15 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-15 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-17 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-07 03:36:56 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-07 03:36:56 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-06 03:41:42 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0604010.00E\symds64.sys
    2013-02-06 03:41:42 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0604010.00E\symnets.sys
    2013-02-06 03:41:42 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\srtspx64.sys
    2013-02-06 03:41:42 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\symefa64.sys
    2013-02-06 03:41:41 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\srtsp64.sys
    2013-02-06 03:41:41 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0604010.00E\ironx64.sys
    2013-02-06 03:41:41 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys
    2013-02-06 03:41:19 -------- d-----w- C:\Windows\System32\drivers\N360x64\0604010.00E
    2013-02-03 05:52:38 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-25 03:12:02 -------- d-----w- C:\Users\Robbs\AppData\Roaming\Unity
    2013-01-25 02:21:38 -------- d-----w- C:\Users\Robbs\AppData\Local\Unity
    2013-01-25 00:38:47 -------- d-----w- C:\Users\Robbs\AppData\Roaming\WB Games
    2013-01-25 00:37:07 453456 ----a-w- C:\Windows\SysWow64\d3dx10_41.dll
    2013-01-25 00:37:07 1846632 ----a-w- C:\Windows\SysWow64\D3DCompiler_41.dll
    2013-01-25 00:37:06 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
    2013-01-25 00:37:06 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
    2013-01-25 00:37:05 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
    2013-01-25 00:37:04 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
    2013-01-25 00:37:03 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
    2013-01-25 00:37:03 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
    2013-01-25 00:37:02 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
    2013-01-25 00:25:47 -------- d-----w- C:\Program Files (x86)\WB Games
    2013-01-23 04:39:46 83968 ----a-w- C:\Windows\System32\E_YD4BHWA.DLL
    2013-01-23 04:39:46 120320 ----a-w- C:\Windows\System32\E_YLMHWA.DLL
    2013-01-23 02:53:42 -------- d--h--w- C:\Windows\AxInstSV
    2013-01-20 17:27:35 -------- d-----w- C:\Program Files\iPod
    2013-01-20 17:27:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-20 17:27:32 -------- d-----w- C:\Program Files\iTunes
    2013-01-16 21:04:34 -------- d-----w- C:\Users\Robbs\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-16 21:04:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2013-01-16 21:04:25 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-01-16 01:50:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-01-16 01:50:47 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-01-16 01:50:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-01-16 01:50:45 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-01-16 01:50:45 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-01-16 01:50:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-01-16 01:50:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-01-16 01:50:45 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-01-16 01:50:45 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-01-16 01:24:54 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-16 01:24:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-16 01:21:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-01-16 01:20:26 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-01-16 01:18:23 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-16 01:18:21 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-16 01:18:18 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-16 01:18:17 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-16 01:13:46 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2013-01-16 01:13:44 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2013-01-16 01:13:29 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-16 01:13:27 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-16 01:13:11 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-16 01:13:09 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-16 01:12:05 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2013-01-16 01:10:59 55296 ----a-w- C:\Windows\System32\cero.rs
    2013-01-16 01:10:59 51712 ----a-w- C:\Windows\System32\esrb.rs
    2013-01-16 01:10:59 43520 ----a-w- C:\Windows\System32\csrr.rs
    2013-01-16 01:10:59 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2013-01-16 01:10:59 15360 ----a-w- C:\Windows\System32\djctq.rs
    2013-01-16 01:10:54 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2013-01-16 01:01:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-01-16 00:58:50 -------- d-----w- C:\Windows\pss
    2013-01-16 00:57:53 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-16 00:57:30 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-12 21:27:53 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2013-01-12 21:20:41 -------- d-----w- C:\Users\Robbs\AppData\Local\Programs
    .
    ==================== Find3M ====================
    .
    2013-02-03 05:52:29 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-02-03 05:52:29 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    ============= FINISH: 16:59:28.58 ===============

    Here is the attach Logfile

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/17/2012 8:35:56 PM
    System Uptime: 2/9/2013 2:22:06 PM (2 hours ago)
    .
    Motherboard: Gateway | | RS780
    Processor: AMD Phenom(tm) 9750 Quad-Core Processor | AM2 | 1200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 917 GiB total, 597.066 GiB free.
    D: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&2A700557&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&2A700557&0
    Service: i8042prt
    .
    Class GUID:
    Description: Multimedia Video Controller
    Device ID: PCI\VEN_14F1&DEV_8852&SUBSYS_D57512AB&REV_04\4&371C1E4D&0&0020
    Manufacturer:
    Name: Multimedia Video Controller
    PNP Device ID: PCI\VEN_14F1&DEV_8852&SUBSYS_D57512AB&REV_04\4&371C1E4D&0&0020
    Service:
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&2A700557&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&2A700557&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP49: 1/23/2013 6:55:43 PM - Scheduled Checkpoint
    RP50: 1/24/2013 4:25:03 PM - Installed LEGO® Harry Potter™: Years 1-4
    RP51: 1/27/2013 8:48:56 PM - Windows Update
    RP52: 2/2/2013 9:51:24 PM - Installed Java 7 Update 13
    RP53: 2/6/2013 8:43:17 PM - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Bullzip PDF Printer 4.0.0.463
    Dungeon Defenders
    Epson Connect
    Epson Customer Participation
    Epson Download Navigator
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 545 Series Printer Uninstall
    EpsonNet Print
    Fallout 3
    Google Chrome
    GPL Ghostscript Lite 9.04
    iTunes
    Java 7 Update 13
    Java Auto Updater
    JavaFX 2.1.1
    Legend of Grimrock
    LEGO® Harry Potter™: Years 1-4
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Xbox 360 Accessories 1.2
    Monkey Island 2: Special Edition
    Norton 360 Premier Edition
    OpenOffice.org 3.4.1
    Portal 2
    Portal 2 Authoring Tools - Beta
    Portal 2 Publishing Tool
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Sid Meier's Civilization V
    Spotify
    Steam
    SUPERAntiSpyware
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2013 2:23:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/9/2013 2:22:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041287, 0x0000000000000030, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020913-36722-01.
    .
    ==== End Of File ===========================


    When I ran GMER, I had two crashes., but the third time it completed with a Nothing found message. I don't know if that's suspicious or normal?

    Any help would be of great relief.

    Thank you in advance
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,109
    Hiya and welcome to Tech Support Guy :)

    Are you still having this problem? If so, can you do the following:

    Download Security Check from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.




    Please include the checkup.txt, JRT.txt and adwCleaner[R1].txt in your next reply

    eddie
     
  3. StoopidMonkey

    StoopidMonkey Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    2
    Hi Eddie,

    thanks for the response. Yes, I'm still experiencing it sporadically. Here are the log results:

    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton 360 Premier Edition
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.1
    Java 7 Update 13
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 7%
    ````````````````````End of Log``````````````````````

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.4 (02.16.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Robbs on Sun 02/17/2013 at 8:38:17.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/17/2013 at 8:48:36.84
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v2.112 - Logfile created 02/17/2013 at 09:10:55
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Robbs - ROBBS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Robbs\Downloads\adwcleaner0.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Robbs\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [659 octets] - [17/02/2013 09:10:55]

    ########## EOF - C:\AdwCleaner[R1].txt - [718 octets] ##########

    I ran these yesterday, and had the redirect again this afternoon, *sigh*

    Rhett
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,109
    Oki doki, lets run these now :)


    Please download aswMBR ( 4.5MB ) to your desktop.
    • Double click the aswMBR.exe icon, and click Run.
    • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
    • Click the Scan button to start the scan.
    • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

    -------------------------

    Delete any copies of Combofix that you have.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    ------------

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Select
      All Users
      LOP Check
      Purity Check
    • Under the Standard Registry box change it to All
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      netsvcs
      activex
      msconfig
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %windir%\system32\tasks\*.* /64
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      services.exe
      user32.dll
      ATAPI.SYS
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      CREATERESTOREPOINT
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

      IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089014

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice