Hi Steveo4571,
It's a 64bit system so that would explain the GMER problem.
Next, Right click on OTL.exe and chose Run as Administrator to run it- Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
Code:
:Services
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
2010/09/01 10:13:24 | 000,242,176 | ---- | C] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
[2010/08/29 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\sryipycgi
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
- Let the program run unhindered
- Please save the resulting log to be posted in your next reply.
Please post the OTL fix log in your next reply.
Try to access the internet with the infected machine. If you are able to access the internet please down load these 2 tools and post the logs.
Please download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Right click on the file and select "Run as Adminstrator" to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
Next
Download and save to your desktop Malwarebytes Anti-Malware
Right Click mbam-setup.exe and select "Run as Adminstrator" to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Next
- Right click on OTL.exe and select "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output
- UNCheck the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt, no Extras.Txtthis time.
Please post back with- OTL fix log
- MBRCheck log
- MBAM log
- new OTL.txt
Are you on line now?
How's the computer?
Thanks