Calling all Wizards-Can get rid of this pest!

Welcome to Major Geeks!

Did you shutdown 100% of McAfee first as instructed? If not then that was your problem. McAfee will get in the way of legitimate malware removal programs. Even Windows Defender should have been shutdown.


Please run this: GMER - running with a random name and attach the log from GMER. I suggest that you shutdown McAfee before running it or you will likely have problems.

 

We need to find a backup for one of your drivers that has been infected.


Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it. (If you are using Vista, please right-click and select run as
  administartor)
• A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
• Copy and Paste the content of the following codebox into the main textfield under "File":

Code:

:filefind
fasttx2k.sys
 

• Please Confirm everything is copied and Pasted as I have provided above
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can close this notepad window as the log will already
  be saved as SystemLook.txt on your Desktop ( if you downloaded and ran SystemLook to your Desktop as requested ).
• Please attach this log in your next reply.

Note: The scan may take a while from several seconds to a minute or more depending on the number of
files you have and how fast your computer can perform the task.

 

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, please rerun GMER just like the previous time.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• the new log from GMER
• C:\MGlogs.zip

Are you still having redirection issues?

 

First you need to make a copy of your backup of the fasttx2k.sys which is here:

C:\WINDOWS\OemDir\fasttx2k.sys

and put the copy so that it is located here c:\fasttx2k.sys

We need to make sure this is completed properly before we can proceed so I will be asking for a new MGtools log a little further down to verify you have completed this properly.


Now we also need to create a batch file to run from the Windows Recovery Console ( henceforth just called the RC ) which will make steps

easier for you when we do get to using the RC.

• Open notepad
• Copy the contents of the Code Box below into the notepad window.
• Click File -> Save As...
• In the File name: field, type C:\grfix.txt, then click Save.
• Close notepad

Code:

ren c:\windows\system32\drivers\fasttx2k.sys fasttx2k.old
copy c:\fasttx2k.sys C:\WINDOWS\system32\dllcache\fasttx2k.sys
copy c:\fasttx2k.sys c:\windows\system32\drivers\fasttx2k.sys

Now double check the C:\grfix.txt file by double clicking on it and make absolutely sure that it looks exactly like I gave above noting to maintain spacing which is
why my instructions stated to copy ( typing could lead to mistakes ). If it looks okay, just let me know that you have this grfix.txt file created properly.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use
right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

It should! We did not run the fix yet. We just created the files needed to perform the fix when we boot into the Recovery Console which comes now.



Now we will boot into the Windows XP Recovery Console. You should print these to have on hand while offline. Also read thru all of them now to be sure you understand before starting them.

• Restart your computer.
• Shortly after restart and way before Windows loads, you will be prompted to choose which Operating System to start. Pay attention it flashes fast and you will only have about 1 or 2 seconds to hit a key!
• Use the up and down arrow key to select Microsoft Windows Recovery Console that was installed with Combofix and hit enter after selecting.
• Later you will be asked to enter which Windows installation to log onto. Type 1 and press 'Enter'.
• At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces before each C: ):

batch C:\grfix.txt C:\grflog.txt

After the above finished (which will be quick), type in Exit and press enter and your computer shall reboot. Reboot back in to Normal Mode and run Combofix once more.

Now also run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• the new c:\combofix.txt log
• the C:\grflog.txt file
• C:\MGlogs.zip

 

Exactly when?


Do you have a real Windows XP bootable CD?

 

Then try using it to boot to the Recovery Console. See this: http://support.microsoft.com/kb/307654 and the section titled How to use the Recovery Console

If you get into the C with the CD, then just complete my instructions.

 

Is this an original Windows XP boot CD or a copy? And make sure that it is a real Windows XP boot CD not a factory restore CD.

Other ways which are more difficult:

• put the hard disk into another PC as a slave drive and manually replace the problem files
• make another type of boot CD and hope that it will boot. One possibility is the below OTLPE CD

Creating OTL-PE Environment

1. Please print out these instructions for reference.
2. Be aware that the OTLPE.iso file is a large download.

Step 1

• Download ISOBurner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable.
• Double-click IsoBurner-Setup.exe to install the program.

Step 2

• Download >OTLPE.iso< and save it to your Desktop.
• NOTE: This file is 292Mb in size so it may take some time to download.
• Once downloaded, double-click the OTLPE.iso file and ISOBurner will open.
• Burn the .iso file to a CD. Additional instructions on doing this can be found in the below link:
  • Iso Burner Instructions

Step 3

• Insert the CD into the drive of the problem computer and reboot.
  • Note: If you do not know how to set your computer to boot from CD follow the steps >here<
• The computer should now display a REATOGO-X-PE desktop (be patient - this takes a long time to load)
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.

 

I'm sorry but you will have to continue in the Software Forum now since these are no longer malware issues after you have reinstalled. Your other choice is to go back to the same "IT guy" and have him figure out what he did.