[*] Extract the contents of the zipped file to desktop.
[*] Right-click and Run as Administrator GMER.exe. If asked to allow gmer.sys driver to load, please consent .
[*] If it gives you a warning about rootkit activity and asks if you want to run scan…click on NO.
[] In the right panel, you will see several boxes that have been checked. Uncheck the following …
[] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[] Show All (don’t miss this one)
[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “Gmer.txt” or it will save as a .log file which cannot be uploaded to your post.
[*]Save it where you can easily find it, such as your desktop, and attach it in your reply.
Caution
Rootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries.
The only way I could get into Windows was Safe Mode With Networking. Did this, and got GMER, run as administrator, cannot proceed w/ your instructions because bunch of stuff is greyed out pls see attached image.
My main concern right now is How can I possibly load into Windows (not Safe mode)? I have deadlines to meet and not being able to get on my PC is panicking to say the least!
Actually was able to get Windows loaded normally but it is running Verrrrry slowly. I open up windows explorer and right-click on gmer.exe and it’s taking Forrrever (spinning circle, Not Responding). Very abnormal. Finally after about 3 minutes the right-click menu presents itself and I choose ‘run as administrator’.
Sorry to see so many problems with your system. I was looking over your logs and believe that along with all the illegal software that CKScanner picked up I believe that the ZeroAccess rootkit came aboard with some of that software as well. Just so you know that infection is the real deal.
Since you are only able to boot to Safe Mode please do the following…
[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan
[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now
[*]Attach the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:)
Hi Jeff - I am currently running a full scan Malwarebytes on my pc in safe mode - do you want me to cancel that and do the following or wait until it is complete?
Do you know how to take a screen shot? If you are, please take a screenshot of the popup the next time that it happens. We may just be dealing with a False Positive (FP).
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top change it to Minimal Output.
[*]Check the boxes beside LOP Check and Purity Check.
[*]In Custom Scans/Fixes put the following: netsvcs
/md5start
consrv.dll
/md5stop
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Did what you said but it only created OTL.txt and that file is way too large to put in a post so I’ve attached it here.
(post maximum characters is 10000)