1. In Safe Mode, right click the SDFix.zip folder and choose Extract All,
2. A new folder will be extracted to your %systemdrive%, typically C:\SDFix
3. Open the extracted folder and double click RunThis.bat to start the script.
4. Type Y to begin the script.
5. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
6. Press any Key and it will restart the PC.
7. Your system will take longer that normal to restart as the fixtool will be running and removing files.
8. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
9. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.

Link 1
Link 2
Link 3

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  c:\windows\system32\chg.exe
  c:\windows\is-QGESV.exe
  c:\windows\is-QGESV.msg
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

• Click Start, then Run
• Type notepad.exe in the Run Box.

• VirScan.org
• Combofix.txt
• A new HijackThis log.

• Save it to your Desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  
  CODE
  :processes
  explorer.exe
  
  :files
  c:\windows\U2VkZXJzdHJvbQ
  c:\windows\system32\sX3i02
  c:\windows\system32\prt
  c:\windows\system32\db
  c:\windows\system32\AX5
  c:\temp\PRE45
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]
  
  
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the ActiveX control to install
4. Click Start
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
6. Click Scan
   Wait for the scan to finish
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
8. Copy and paste that log as a reply to this topic

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
  Please note that the space between combofix and /u is needed
  
  

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread