Hi thedoctor:

You do appear to have one of the ESQUL rootkit variants.  I believe Quads is already aware of it and will be along later in the day to assist you.

Thank You

Hi

If you have Spybot S&D installed remove it 

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

1. Download Avenger to your desktop,

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

OR Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop 

2. Click to run "Avenger.exe"  (right click "Run as Administrator" if using Vista)

3. In the "Input script here:" copy and paste the script between the lines

Drivers to disable:

ESQULserv.sys

Drivers to delete:

ESQULserv.sys

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\Windows\System32\drivers\ESQULnycxmirmepjgicrepbrrbvqelosnaxtd.sys

C:\Windows\System32\ESQULzcounter

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\ESQUL 

Here is a screenshot (script updated since shot)

Make sure the "Automatically disable any rootkits found" is NOT selected

4. Click "Execute"

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.

5. Restart the PC again, then see if you can install  Update and run Malwarebytes  http://www.filehippo.com/download_malwarebytes_anti_malware/

You have a DNS Changer so you may have to do a scan remove what it finds, then update MBAM, then run another Full Scan 

Quads 

Hi Quads

Thanks for the quick response. I've tried what you asked me to do with little success. The GMER Didn't fully work but I've attached what it did do and the other Sling shoot thing just crashed, reports attached.

Also I have another computer, running XP that's very slow. I'm going to try and run the two programs that you suggested on that computer it might help?

the doctor

thedoctor:

The GMER and Rootrepeal utilities are for scans only.  They are not supposed to do anything else. The error code that Rootrepeal caused is usually generated by malware.  These problems will need to be dealt with by Quads.  He will be available later due to time zone differences.  If you have run any other programs or utilities to try to resolve this infection, other than what you have told us already, please let us know.

Hi Quads 

What do you mean by Scripts?

I've also tried Superantispyware and Anti-malware. Neither would work. I can download them but they won't run and I did try to run them as administrator. What should I try next?

Thanks

TheDoctor

Above at Message 5

Quads