0000135 %hs missing

Hi.

Are you able to follow any of these instructions?

READ & RUN ME FIRST - Malware Removal Guide

 

Can you make sure when running MGTools that antivirus is temporarily disabled, that you run it as admin, and that you have indeed got UAC turned off.

Try again please, it's the most important set of logs to review.

 

There should be many more logs than that in the MGlogs.zip, can you please attach the MGlogs.zip as is? There's no need to seperate the logs from out of the compressed folder.

 

Uninstall the below softwares:

• SaveAs 1.66
• SaveAs
• SaveShare 1.74
• Search Assistant 1.74

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O20 - AppInit_DLLs: c:\progra~2\saveas\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll c:\progra~2\savesh~1\sprote~1.dll
• O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Unknown owner - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (file missing)

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix exit HJT.




Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

:files
C:\ProgramData\SaveAs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
C:\Program Files (x86)\SaveAs
C:\Program Files (x86)\SaveShare
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\WebSearch
C:\Program Files (x86)\Common Files\Spigot
C:\Windows\SysWOW64\ntoskrnl(51).exe
C:\Windows\SysWOW64\user(56).exe
C:\Windows\SysWOW64\wow32(57).dll
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\Driver Robot.job
c:\progra~2\websea~1\sprote~1.dll

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Re run Hitman and have it delete the Potential Unwanted Programs.
Re run RogueKiller, just a scan and attach the log.
Does MBAM find anything else when you rescan with it?
Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Can you run FRST again please and attach the log.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

-----------------

Any better?

 

Certainly.

I gave you some instructions, which part are you struggling with?

 

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

 

This was already done which is how the snapshot was obtained. The Command Prompt needs to be selected just like what was done when the first post in the thread was attached with the first FRST log which was run from the Recover Environment. The second FRST log in this thread was not run from the Recovery Environment. It was run from Normal Startup.

 

I am beginning to think that you will have to post about this in the software forum. Before you do, please run FRST again. No fix, just run it normally. (like you did the very first time) and attach it's log.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt > Save fixlist.txt to your desktop. Also save a copy of FRST64.exe on your desktop.


Double click FRST64 to run it.
Click on the FIX button.
Logs should be produced on your desktop.
Attach them please.

 

Our progress is being hindered by the system restores. I understand you have used it so that you can indeed follow some of my instructions but it's now messy, and I believe you have problems which ought to be resolved in the software forum. Then you can return here afterwards. Hang in there, I am seeking advice about all this in the background.

Thanks for your patience.

 

Hi there. Can you please go thru what you can of the R&R again. And attach the requested logs. I want a fresh look at what's going on.

 

SaveAs <--- uninstall this rubbish.


Re run Hitman and have it delete all Potential Unwanted Programs.


Delete these if you see them:

• C:\ProgramData\CloudSoft
• C:\ProgramData\SaveAs
• C:\Program Files (x86)\Conduit
• C:\Windows\SysWOW64\ntoskrnl(51).exe
• C:\Windows\SysWOW64\user(56).exe
• C:\Windows\SysWOW64\wow32(57).dll

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchingissme.info/?unqvl=23
• O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Unknown owner - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (file missing)

After clicking Fix exit HJT.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode


SaveAs <--- uninstall this garbage using Revo Uninstaller.


Delete these:

• C:\Windows\SysWOW64\ntoskrnl(51).exe
• C:\Windows\SysWOW64\user(56).exe
• C:\Windows\SysWOW64\wow32(57).dll
• C:\Windows\tasks\AutoKMS.job

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.


How are things running?

 

Clearly, it's still left a mess across your machine and you can see it's entry listed in the newfiles.txt along with all the other installed programs.


Download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

You will have to ask about that in the software forum. Did you back anything up at all?

 

You are most welcome.