Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.
Please refrain from making any changes to your system
(scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
- Please go to start => Run => Copy and paste the bold line in the run-box and click OK:
A text file opens up, copy and paste the content to your reply.
- Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
- Click on this link to see a list of programs that should be disabled.
- Disconnect from the Internet and close all running programs.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
- In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
- Drives/Partition other than C:\ drive (C:\ drive should remain checked)
- Show All (this one also should be unchecked)
- Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
- When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
- Save the file as gmer.log and copy/paste the contents in your next reply.
- Open your Malwarebytes' Anti-Malware.
- First update it, to do that under the Update tab press "Check for Updates".
- Under Scanner tab select "Perform Quick Scan", then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the MBAM log.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Edited by farbar, 20 December 2009 - 02:04 PM.
The link is corrected