Hi there,
my name is Marius and I will assist you with your malware related problems.
Before we move on, please read the following points carefully.
- First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
- Perform everything in the correct order. Sometimes one step requires the previous one.
- If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
- Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
- Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
- If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
- Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Let´s see:
Scan with FRST in normal mode
Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
- Run FRST.
- Don´t change one of the checkboxes and hit Scan.
- Logfiles are created on your desktop.
- Poste the FRST.txt and (after the first scan only!) the Addition.txt.
Scan with Gmer rootkit scanner
Please download Gmer from here by clicking on the "Download EXE" Button.
- Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
- Leave everything else as it is.
- Close all other running programs as well as your Browser.
- Click the Scan button & wait for it to finish.
- Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop.
- Please post the content of the ark.txt here.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries