Reply to thread

Message: <blockquote data-quote="Jack" data-source="post: 58753" data-attributes="member: 1">1.Ok,ets try to run again this OTL fix.If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.Also you should temporarily disable your antivirus.<>To disable MBAM</>Open the scanner and select the <>Protection</> tab.Remove the tick from <>Start protection module with Windows</>.Reboot and then run OTL.<img src="http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg" alt="Posted Image" /><ol>    <li>Please reopen <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/otlicon.png" alt="Posted Image" /> on your desktop.</li>    <li><>Copy</> and <>Paste</> the following code into the <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/customscanfix.png" alt="Posted Image" /> textbox.[code]:OTLMOD - [2012/06/26 01:22:53 | 000,442,368 | ---- | M] () -- C:\Users\Paulgun\AppData\Local\zgmguisgzf.exeO4 - HKLM..\Run: []  File not foundO4 - HKCU..\Run: [DW6]  File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O33 - MountPoints2\{e330de2a-e90b-11de-9c8c-00197ee642d9}\Shell\AutoRun\command - "" = F:\WDSetup.exeO33 - MountPoints2\{f59e8bd1-3313-11dc-b3c6-00197ee642d9}\Shell - "" = AutoRunO33 - MountPoints2\{f59e8bd1-3313-11dc-b3c6-00197ee642d9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -aO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe[1 C:\Users\Paulgun\Desktop\*.tmp files -> C:\Users\Paulgun\Desktop\*.tmp -> ][2012/06/26 01:32:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%[2012/06/26 01:23:30 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{50904225-4dab-82b5-0359-4c2b153d91d0}\U\800000cb.@[2012/06/26 01:23:30 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{50904225-4dab-82b5-0359-4c2b153d91d0}\U\80000000.@[2012/06/26 01:23:30 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{50904225-4dab-82b5-0359-4c2b153d91d0}\U\00000001.@:filesC:\Users\Paulgun\AppData\Local\zgmguisgzf.exeipconfig /flushdns /c:Commands [createrestorepoint][resethosts] [emptytemp] [/code]</li><li><>Push </><img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/runfix.png" alt="Posted Image" /></li>    <li><>OTL may ask to reboot the machine. Please do so if asked.</></li>    <li><>Click </>the <>OK</> button.</li>    <li>A report will open. <>Copy</> and <>Paste</> that report in your next reply.</li>    <li>If the machine reboots, the log will be located at C:\_OTL\MovedFiles\<>mmddyyyy_hhmmss.log</>, where mmddyyyy_hhmmss is the date and the time of the tool run.</li></ol><hr />2.Next,Let's repair some stuff that can be damaged by malware.Download <><a title="External link" href="http://www.tweaking.com/content/page/windows_repair_all_in_one.html" rel="external">Windows Repair by Tweaking.com</a></> to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com<ol>    <li>Double-click <>tweaking.com_windows_repair_aio.zip</> and extract the <>Tweaking.com - Windows Repair</> folder to your desktop.</li>    <li>Now open this folder and double-click <>Repair_Windows.exe</>.</li>    <li>Click the <>Start Repairs</> tab on the far right.</li>    <li>Click the <>Start</> button (bottom right)Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.</li>    <li>Click <>Unselect All</></li>    <li>Put a checkmark in the following items:<ul>    <li>Repair Windows Firewall</li><li>Repair Hosts File</li><li>Repair Temp Files</li>    <li>Remove Policies Set By Infections</li>    <li>Set Windows Services To Default Startup</li></ul>Note: Leave everything else unchecked</li>    <li>Put a checkmark in <>Restart System When Finished</></li>    <li>Now click the <>Start</> button (bottom right)</li></ol></blockquote>

Verification

Top