Hello
goostar and welcome to GeeksToGo
I'm
hammerman and I'm going to help you fix your problem.
Before we begin, here are some guidelines which will help us both in fixing your problem.
- I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
- Please do no attach logs or post them in Quote/Code boxes unless requested.
- When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
- Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
- If in doubt about anything, please ask.
Please follow these steps.
-- Step 1 --Please download
exeHelper to your desktop.
Double-click on
exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of
log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).-- Step 2 --To ensure that I get all the information, this log will need to be attached (instructions at the end).
Download
OTS to your Desktop
- Close ALL OTHER PROGRAMS.
- Double-click on OTS.exe to start the program.
- Check the box that says Scan All Users
- Under Additional Scans check the following:
- Reg - Approved Shell Extensions
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - Drivers32
- Reg - File Associations
- Reg - NetSvcs
- Reg - SafeBoot Minimal
- Reg - SafeBoot Network
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
- Under the Custom Scans box at the bottom left paste the following in
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please
attach the log in your next post.
To attach a file, do the following:
- Click Add Reply
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload, then click the green Upload button
- Once it has uploaded, click the Manage Current Attachments drop down box
- Click on to insert the attachment into your post
-- Step 3 --Download
SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).
http://sites.google....rotantirootkit/Unzip it into a folder on your desktop.
Start the Sysprot.exe program.
- Click on the Log tab.
- In the Write to log box select all items.
- Click on the Create Log button on the bottom right.
- After a few seconds a new Window should appear.
- Make sure Scan all drives is selected and click on the Start button.
- When it is complete a new Window will appear to indicate that the scan is finished.
- The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.