- Step 20
Please run HijackThis as an administrator. Click Do a system scan only and place a check next to the following line(s) if present:
F2 - REG
ystem.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\gvjhu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [D1T2EUR7FZ] C:\Windows\TEMP\Lbe.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [D1T2EUR7FZ] C:\Windows\TEMP\Lbe.exe (User 'Default user')
Then, close all other open windows and click Fix Checked. You are to reboot your system afterwards.
If you are having a problem running HijackThis as an administrator (Windows Vista and Windows 7), please follow the steps below.
- On your desktop, right-click the HijackThis icon and select Properties.
- Navigate to the Compatibility tab and put a check on the Run this program as an administrator box.
- Click Apply > OK.
- HijackThis should prompt you to run it as an administrator every time you open it.
- On your desktop, right-click the HijackThis icon and select Properties.
- Step 21
Please download the OldTimer's Move-It (OTM) from 'here'.- Save it to your desktop.
- Please double-click OTM.exe to run it.
- Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code::Processes
explorer.exe
:Files
c:\windows\system32\gvjhu.exe
c:\windows\temp\Lbe.exe
c:\users\tyler\appdata\roaming\8BD3CBF1A238C722473BB8C7B3E545D4
c:\users\tyler\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
c:\windows\system32\drivers\gkfgefdi.sys
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Save it to your desktop.
- Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
- Click the red MoveIt! button.
- Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
- Paste it in your next reply.
- Close OTM.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest log file present. Copy and paste the contents of that document back here in your next post.- Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
- Step 22
Please download OldTimer ListIt (OTL) from 'here'. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.
- Save it to your desktop.
- Please double-click OTL.exe to run it.
- Make sure all other windows are closed to let it run uninterrupted.
- Under the Custom Scan box paste this in:
Code:%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Save it to your desktop.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two Notepad windows.
- OTL.txt
- Extras.txt
- OTL.txt
- These are saved in the same location as OTL.
- Please copy (Right-click > Select All > Copy) the contents of these files, one at a time, and post it with your next reply.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- ComboFix Log
- Doesn't Do Squat (DDS) Logs
- DDS.txt
- Attach.txt
- DDS.txt
- A Fresh HijackThis (HJT) Log
- OTL Log
- OTM Log
- Format of Response
Code:[b]Step # [/b]
[b]Problems Encountered: [/b]
[b]Step # [/b]
[b]Problems Encountered: [/b]
[b]Step # [/b]
[b]Problems Encountered: [/b]
[b]Step # [/b]
[b]Problems Encountered: [/b]
[b]Link To Requested Logs: [/b]
- Comments:
- Try running ComboFix by running this in the Run prompt: "%userprofile%\desktop\combofix.exe"
- If you get another BSOD, please do so in Safe Mode.
- Try running ComboFix by running this in the Run prompt: "%userprofile%\desktop\combofix.exe"