Welcome to BC
Please download Dr.Web CureIt
, the free version & save it to your desktop. DO NOT perform a scan yet.
Reboot your computer in "Safe Mode
" using the F8
method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt
- Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
- Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
- The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
- If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
- If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
- When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
- Now put a check next to Complete scan to scan all local disks and removable media.
- In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
- Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
- When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
- Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
- In the top menu, click file and choose save report list.
- Save the DrWeb.csv report to your desktop.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
================================We Need to check for Rootkits with RootRepeal
- Download RootRepeal from the following location and save it to your desktop.
- Direct Download (Recommended)
- Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
- Rar Mirrors - Only if you know what a RAR is and can extract it.
- Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
- Open on your desktop.
- Click the tab.
- Click the button.
- Check all seven boxes:
- Push Ok
- Check the box for your main system drive (Usually C:), and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High
Also try: right-click on rootrepeal.exe and rename it to tatertot.scr
Please download Win32kDiag.exe
by AD and save it to your desktop.alternate download 1alternate download 2
- This tool will create a diagnostic report
- Double-click on Win32kDiag.exe to run and let it finish.
- When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
- A file called Win32kDiag.txt should be created on your Desktop.
- Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
, then copy and paste this command into the open box: cmd
At the command prompt C:\>
, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt
should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.