Hi there otnot2000 and welcome to GeekPolice!
I am
Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
- Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
- Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
- I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
- Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!
====================We can probably solve your problems if you have a clean PC that you can use to download tools and a USB drive to transfer them to the infected PC.
if you have that, please follow these instructions:
Please download
RKill by
Grinler from Download Mirror #1 and save it to your
desktop (of your infected PC).
Download Mirror #1 (rkill.exe)Download Mirror #2 (rkill.scr)Download Mirror #3 (rkill.com)Download Mirror #4 (WiNlOgOn.exe)Download Mirror #5 (uSeRiNiT.exe)Download Mirror #6 (iExplore.exe)Download Mirror #7 (eXplorer.exe)- Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
- A black screen will briefly flash indicating a successful run.
- If this does not occur please delete that application and try using Mirror #2
- Continue process until the tool runs.
- Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.
====================Please download
OTL by
OldTimer from
here and save it to your
desktop.
- Close all windows and double click OTL.exe.
- The Extra Registry setting should be Use Safelist
- Copy and paste the following text into the Custom Scans/Fixes box:
Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
- Click the Run Scan button and allow it to run.
- It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
- You may need multiple posts to get it all.