1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help: computer hacked, slow, need help

Discussion in 'Virus & Other Malware Removal' started by violetz56, Nov 23, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. violetz56

    violetz56 Thread Starter

    Joined:
    Sep 3, 2006
    Messages:
    46
    computer has pc optimizer pro, Gabest Media Player Classic ? W3iIQ5.fraud,:eek::eek: Zango, Yontoo.Pagerage, MyFreeze Toolbar, something that spybot found, it is slow and has pop ups, i downloaded, ran and saved the hijack this file but not the other one, it
    didn't save, and i got an error message instead, i looked for script blocking tools and didn't find any, please help me, thank you
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:48:17 PM, on 11/23/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin

    \avgidsmonitor.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\family\Downloads\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

    = http://start.toshiba.com/g/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://start.iplay.com/?o=shp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

    = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer

    \Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

    LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

    =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

    =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:

    \Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer

    \Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-

    b7d85967a527} - (no file)
    R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-

    5C71E3C153A1} - (no file)
    R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-

    9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!

    \Companion\Installs\cpn0\YTNavAssist.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-

    7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs

    \cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-

    FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

    \ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5

    <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program

    Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-

    4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG

    \AVG10\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-

    206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy

    2\SDHelper.dll
    O2 - BHO: FastestIE BHO - {54404F81-99CC-4FD3-9D29-

    92689B86C2CC} - C:\Program Files (x86)\FastestIE\FastestIE.dll
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-

    00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm

    \roboform.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-

    8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-

    836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live

    \Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

    CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

    \GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-

    B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google

    \GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-

    0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-

    66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-

    BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-

    B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA

    Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-

    0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime

    \YontooIEClient.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-

    86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs

    \cpn0\YTSingleInstance.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a}

    - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-

    009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

    \GoogleToolbar_32.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

    0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs

    \cpn0\yt.dll
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG

    \AVG10\avgtray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search &

    Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX

    Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters

    \Tray\FightersTray.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!

    \Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SearchEngineProtection] C:\Program Files

    (x86)\Gamesbar\SearchEngineProtection.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug

    \Weather.exe 1
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows

    \System32\StikyNot.exe
    O8 - Extra context menu item: Add to TOSHIBA Bulletin Board -

    res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files

    (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files

    (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files

    (x86)\Google\Google Toolbar\Component

    \GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files

    (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files

    (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion

    \companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F}

    - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-

    9654A7003239} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-

    9654A7003239} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer

    \WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

    D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

    \WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live

    \Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-

    491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live

    \Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-

    C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-

    ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-

    C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-

    ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {44D32BD3-31DA-4FD4-A0F4-

    B4782652B97B} - C:\Program Files (x86)\FastestIE\FastestIE.dll
    O9 - Extra 'Tools' menuitem: FastestIE Options - {44D32BD3-31DA-

    4FD4-A0F4-B4782652B97B} - C:\Program Files (x86)\FastestIE

    \FastestIE.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-

    00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4

    -9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-

    4184-87EE-8C4ACA438823} - (no file)
    O9 - Extra 'Tools' menuitem: Add to TOSHIBA Bulletin Board -

    {97F922BD-8563-4184-87EE-8C4ACA438823} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-

    58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy

    2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files

    (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

    \microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

    \microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-

    FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -

    C:\Program Files (x86)\Windows Live\Photo Gallery

    \AlbumDownloadProtocolHandler.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown

    owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:

    \windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files

    (x86)\Common Files\Apple\Mobile Device Support

    \AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program

    Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. -

    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files

    (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) -

    Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) -

    Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program

    Files (x86)\TOSHIBA Games\TOSHIBA Game Console

    \GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc.

    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

    Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin

    \iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows

    \system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:

    \windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200

    (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -

    Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC

    Checkup Application Launcher) - Symantec Corporation - C:\Program Files

    (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) -

    Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine

    \2.0.6.22\ccSvcHst.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows

    \system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300

    (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file

    missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -

    Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) -

    Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer

    Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy

    \SDWinSec.exe
    O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) -

    Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search &

    Destroy 2\SDHookSvc.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) -

    Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search &

    Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) -

    Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search &

    Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) -

    Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search &

    Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP)

    - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) -

    Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) -

    Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files

    (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown

    owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation

    - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation

    - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101

    (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -

    Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown

    owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) -

    Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601

    (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat

    \WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -

    Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110

    (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe

    (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player

    \wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program

    Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:

    \Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 15662 bytes
     

    Attached Files:

  2. violetz56

    violetz56 Thread Starter

    Joined:
    Sep 3, 2006
    Messages:
    46
  3. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.


    Please open notepad --> Format and make sure Word wrap is unticked.



    Download OTL to your Desktop.
    • Double click on the icon to run it.
    • Under the [​IMG] box paste this in
    Code:
    activex
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.manifest /3
    /md5start
    explorer.exe
    regedit.exe
    winlogon.exe
    wininit.exe
    userinit.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    CREATERESTOREPOINT
    
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please post both logfiles in your next reply.



    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please post in your next reply
    OTL.txt
    Extras.txt
    TDSSKiller Log
     
  4. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hello, are you still with us?

    If you do not reply within 24 hours I will unsubscribe this thread and wont be notified about new replies.
     
  5. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Due a lack of response,

    I will now unsubscribe this thread and do not get any notifications about now replies
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028222

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice