Hi Aliciaterry:

Please download and SCAN ONLY using GMER.  Make sure all the boxes are checked, save log and you will be able to post it here for us to view via the "add attachments" link just below the post button.   Quads is the guru who looks after the rootkit problems.  He will be along to view your log.

http://www.gmer.net/

Hi,

I have ran the gmer as instucted, please find the file attached.  Thanks for your help.

Aliciaterry:

You have an MSIVX rootkit.  It is nasty but not as difficult as some.  Please also provide a Rootrepeal log to ensure that Quads has all the information he needs to remove it for you.

He will be along later today due to time zone considerations.  He is also considerably backed up with these remediations at the moment, so please be patient, and we will stay in touch and keep you informed.

You could disable system restore, empty your browser caches, and dump your temp files to unload as much as possible.  Don't do any banking or other privacy  related activities until we get rid of it.

http://homepages.slingshot.co.nz/~crutches/RootRepel/

Hi

Now  (read carefully) If you have Spybot S&D uninstall it.

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

1. Download Avenger to your desktop,

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop 

2. Click to run "Avenger.exe"  (right click "Run as Administrator" if using Vista)

3. In the "Input script here:" copy and paste the script between the lines

Drivers to disable:

MSIVXserv.sys

Drivers to delete:

MSIVXserv.sys

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\WINDOWS\System32\drivers\MSIVXmbfwujwfwhdxpnbiimvtdfspsvtjoedx.sys

C:\WINDOWS\System32\MSIVXqrpicvmekqngdwchcnehiltcdrtsfvyx.dll

C:\WINDOWS\System32\MSIVXxnovtiixpxrvtmytxutxpximxiamnmsm.dll 

C:\WINDOWS\System32\MSIVXcount

C:\Users\TEMP\AppData\Local\Temp\~DFD46F.tmp 

C:\Users\TEMP\AppData\Local\Temp\~DFD488.tmp   

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX 

Here is a screenshot (script updated since shot)

Make sure the "Automatically disable any rootkits found" is NOT selected

4. Click "Execute"

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.  C:\Avenger.txt

5. Restart the PC again, then see if you can install  Update and run Malwarebytes http://www.filehippo.com/download_malwarebytes_anti_malware/

Quads