Hello and welcome to BC forums,You will want to print out or copy these instructions to Notepad for offline reference!Step 1
While this case is underway, keep Spybot's Tea Timer turned OFF (disabled)
Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode
then select Advanced Mode
On the left hand side, select Tools
Then click on the Resident
icon in the list
Uncheck Resident TeaTimer
and OK any prompts.
Now Logoff & Restart your computer fresh.Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer
, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.
"CHECK" (turn on) Display the contents of system folders.
Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files. Step 3
1. Go >> Here <<
and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.Step 4Note:
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes
. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log
and press the Enter key, navigate to the C:\_OTL\MovedFiles
folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.Step 5
Please download GooredFix
from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2
Step 6Disable your AntiVirus and AntiSpyware
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Please download Rkill
by Grinler and save it to your desktop.
Link 2Step 7
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista, right-click on it and Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
- If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
- If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
Download this file
& extract TDSSKiller.exe onto your Desktop
Then create this batch file to be placed next to TDSSKiller:
and copy/paste the text in the quotebox below into it:
START /WAIT TDSSKILLER.exe -l Logit.txt -v
Save this as fix.bat
Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat
& allow it to run.
Please post back with the result.
Reply with copy of the OTL MovedFiles log
Do NOT use the attachment option to put your reports. Always Copy & Paste in-line with body of reply.
If needed, use separate replies.