Hello hardwork and welcome to MalwareBytes forums.
1. Go >> Here <<
and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
To show all files:
Disable your AntiVirus and AntiSpyware
- Go to your Desktop
- Double-Click the Computer icon.
- From the menu options, Select Tools, then Folder Options.
- Next click the View tab.
- Locate and uncheck Hide file extensions for known file types.
- Locate and uncheck Hide protected operating system files (Recommended).
- Locate and click Show hidden files and folders and drives.
- Click Apply > OK.
applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
( 511KB ) to your desktop.
On Windows 7 or Vista
, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP
, double click the exe to start.
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and copy/paste into a reply
Please read carefully and follow these steps.
- Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
- Download TDSSKiller and save it to your Desktop.
- If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
If on Windows XP, double-click to start.
- Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
- Then press Start Scan
When the scan is done, it will display a summary screen.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
- Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
>> from here <<
- Quit all programs that you may have started.
- Please disconnect any USB or external drives from the computer before you run this scan!
- For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
- Wait until Prescan has finished ...
- Then Click on Scan button at upper right of screen.
- Wait until the Status box shows "Scan Finished"
- Click on Report and copy/paste the content of the Notepad into a reply.
- The log should be found in RKreport.txt on your Desktop
- Exit/Close RogueKiller
RE-Enable your antivirus program.
Download Random's System Information Tool (RSIT)
and save it to your desktop.
- Double click on RSITx64.exe to run RSITx64.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Download Security Check
by screen317 and save it to your Desktop: here
If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
- Run Security Check
- Follow the onscreen instructions inside of the command window.
- A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
I will need the following logs:
- the contents of aswMBR report;
- the contents of TDSSKILLER log;
- the contents of RKreport.txt log;
- the contents of Log.txt;
- the contents of Info.txt ; and
- the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.