- Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
This may be a wmi virus from what I've read so it may help to shutdown Windows Management Instrumentation service: Search for
Scroll down to Windows Management Instrumentation and right click and change the Startup Type: to Disabled. Apply then STOP the service. You will get a warning tell it to stop the service anyway. If it won't stop Reboot.
RogueKiller is supposed to be good at WMI viruses.
Choose the one that is right for your system:
Portable 32 bits
Portable 64 bits
If you don't know then try the installer:
Installer 32/64 bits
Download and Save.
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe) and Run As admin
Will take about 20 minutes to complete.
Export TXT (save it to your desktop as rk) Save
Do not let Rogue Killer remove anything until you hear from me. Leave Rogue Killer up (but minimized) so you won't have to rescan.
Open rk.txt and copy and paste it to your next Reply.