R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page. Unknown owner - C:WINDOWSSystem32msdtc.exe (file missing). I just found out that office is infected and it give an error about pptassit.dll. Claves del registro: 0.%%2 = El sistema no puede encontrar el archivo especificado.
Hello!Im having trouble with my computer: Sometimes a process called 'lsm.exe' (With 'L', not 'capital i') runs all alone. When this happens, the CPU usage goes skyrocket and the temperatures of my components do th same. After forcing it to finish, everything goes back to normal. Sometimes it appears with another names, but the effects are exactly the same. '-12361234.exe' is one of the names. (Notice that the actual name is not this one, is just some numbers with a '-').Thanks for your time and help!Here are the logs.
Hello InternetDudeAt this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.:Run CFScript:Please start by opening Notepad and copy/paste the text in the box into the window:ClearJavaCache:: Save it to your desktop as CFScript.txtReferring to the picture above, drag CFScript.txt into ComboFix.exeThis will let ComboFix run again.Restart if you have to.Save the produced logfile to your desktop.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallNote 2: If you receive an error 'Illegal operation attempted on a registry key that has been marked for deletion.' Please restart the computer'information and logs'. In your next post I need the following. report from Combofix. let me know of any problems you may have had.
How is the computer doing now after running the script?Gringo. Hello InternetDudeI would like you to try and run these next.TDSSKillerPlease download the latest version of TDSSKiller from and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Put a checkmark beside loaded modules. A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Hello InternetDudePlease download and save it to your desktop.Note: You need to run the version compatibale with your system.
If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log ( FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log ( Addition.txt).
Please attach it to your reply.Gringo. Hello InternetDudeI need you to download this script I have made for you -It needs to be saved Next to the 'Farbar Recovery Scan Tool' (FRST) program (If asked to overwrite existing one please allow)Run FRST again but this time press the Fix button just once and wait.When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemGringo.
Hello InternetDudeI would like you to download an updated version of combofix.update combofix. Delete the version of combofix you have now on your desktop and download a new one from here.Note: It is important that it is saved directly to your desktop.1. Close any open browsers.2.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.Note:Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error 'Illegal operation attempted on a registery key that has been marked for deletion.' Please restart the computer.' information and logs'. In your next post I need the following. Log from Combofix. let me know of any problems you may have had.
How is the computer doing now?Gringo. HelloThese logs are looking allot better. But we still have some work to do.Please print out these instructions, or copy them to a Notepad file. GreetingsThese logs are looking very good, we are almost done!!! Just one more scan to go.:Remove unneeded start-up entries:This part of the fix is purely optionalThese are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it.
Hello hiperbolico and Welcome to the CyberTechHelp Forums. Will be helping you fixing your problems.Please take note of some guidelines for this fix:1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short.
Thanks for your understanding.2- Perform everything in the correct order. Sometimes one step requires the previous one.3- Please open as administrator the computer. How is open as administrator (the computer?4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal.
Hi again,Please download and run RogueKiller (32/64 bit to your desktopQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes Close out the program Don't Fix anything!Don't run any other options, they're not all bad!Post back the report which should be located on your desktop.(please don't put logs in code or quotes). Thank you,Please open RogueKiller again.Close all the running processesDouble click the RogueKiller icon to run the program again.Vista/Win7 users should right click the icon and select Run as Administrator.Wait for the Prescan to finish.Make sure only the following lines are checked:-Hidden.From.SCM (X64) HKEYLOCALMACHINESystemCurrentControlSetServic esbmvju (System32driverspufks.sys) - EncontradoHidden.ADSStream C:Windows:netNLSPreferences - EncontradoNow click the Delete button.Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop. Hi again,Thank you.Java update:Updating Java and Clearing Cache:Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.Download the latest version of Java Runtime Environment (JRE) 8 (Version is 8 Update 91Read the License Agreement then select Accept License AgreementClick on the link to download Windows Offline ((86-bit) and save the file.Close any programs you may have running - especially your web browser.this page (for instructions on how to clear java's cache.Go into the Control Panel and double-click the Java Icon. Hello and thanks again.I've done all the steps as you said I just didn't reinstall Acrobat Reader because I dont need it right now.The machine seems ok, no trace remains of the malware nor of the Chinese software and Office has returned to normality but I still feel than the fan works more than it should be.
Hi again,Sorry.I made a wrong. The file should be 64 Bit. Hi there,Please go to: VirusTotal (the page you'll find a 'Choose File' button.Click on the Choose File button.In the Choose File to Upload window which opens, copy and paste this into the File Name box.C:UsersUsuarioAppDataRoamingOfficeAssist.0172.80.1384.exeC:WINDOWShack.iniC:WINDOWSsystem32Driverspufks.sysNext, click the Open button.Then click the 'Scan It!' Button just below.This will scan the file. Please be patient.If you get a message saying File has already been analyzed: click Reanalyze file nowOnce scanned, copy and paste the link to the results page in your next reply.