The main file causing trouble is shown here.

 Module Name: \systemroot\system32\drivers\gasfkyydvxprcp.sys

Service Name: gasfkyeyyoqnmrModule Base: ---Module End: ---Hidden: Yes

Can u try to run malwarebytes in safe mode, it sud remove the rootkit. 

Rohit1gupta:

Malwarebytes will not remove a rootkit.  You are not qualified on this forum to assist users with malware problems.  Your suggestions are likely to prevent this user from getting the assistance that he requires.  Cease.

I just tried running in Safe Mode but malwarebytes runs for a few seconds then crashes.

Thanks

Julie

jvpierce:

http://www.gmer.net/

After it is downloaded to your desktop, right click on the icon, go to properties, and click unblock and apply.

If it does not run properly, follow these directions:

 If a Full Scan crashes,  When starting GMER next time instead close that warning box so it doesn't do a Full Scan, above the Drives box (right hand side) there are items ticked from "system" to "files'   untick all but "services" and "registry" and scan those 2 areas.

Our forum guru, Quads, is the only member qualified to assist you with this infection.  Please wait for his arrival online.  Do nothing else with it but the scan.  He will need the information provided by the scan.  You will be able to attach the log using the "add attachments" link below the orange post button.

delphinium,

Thanks for your help.  I tried to go to the link below but the rootkit is invading my browser as well (Chrome), it won't let me go to that site and crashes my browser.  I tried in IE but it can't get there either.

Is there another site I could get this from (one that the virus won't detect as AV).

Thanks

Julie

jvpierce:

Let's try this one.  The site is Quads' private download site.  SysProt may cause a warning about threats, just ignore it. This is a new rootkit and we are not familiar with all of its quirks yet.  You may need to download from another computer onto a flash drive and then copy to yours.  We will see.

You will need to disable Norton auto-protect while you run the scan. If the rootkit has already disabled Norton go ahead with the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

I attached the SysProt log in my first post, should I post again or should I be doing something differently?

Thanks

Julie