RootKits are hidden, and it takes specialized tools to get rid of them.
Please do the following:
[A randomly named file downloads. (Recommended)]
Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver:
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe)
Allow the gmer.sys driver to load if asked.
GMER opens to the Rootkit/Malware tab and performs an automatic quick scan when first run. (Please do not use the computer while the scan is in progress.)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO
Now, click the >Scan< button.
If you see a rootkit warning window, click OK.
When the scan finishes, click 'Save...' button to save the scan results to your Desktop.
Save the file as >gmer.log<
>>Click the Copy button and Paste the results in your reply.<<
Note: Please, do not take action on any of the information on the GMER report!!
If you encounter any problems, try running GMER in Safe Mode:
If GMER crashes or keeps resulting in a BSODs, uncheck 'Devices' (on the right side) before scanning.
Next, please download mbr.exe
Save the file to your Desktop.
Double-click >mbr.exe< and follow the prompts.
When mbr.exe is done, it creates a log.
>>Also copy and paste contents of the mbr.exe log in your reply.<<
Now, download TDSSKiller:
Save it to your Desktop.
Double-click* on TDSSKiller.exe to run the program.
Then, click on Start Scan
If malicious objects are found, they will show in the Scan results
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process.
Click on Reboot Now.
If no reboot is required, click on Report.
A log file should appear.
Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.