Hi there gaz_blk and welcome to GeekPolice!
I am
Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
- Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
- Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
- I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
- Stick with me till the end! If your computer starts running better, doesn´t mean it is clean yet!
====================Careful now,
Best Malware Protection is
rogue software. For an explanation of this term you can consult e.g.
Wikipedia. Whatever you do,
do not buy a license for this program. If you already did, you have been
scammed. In that case I suggest you contact your financial institution and see if you can revert the payment.
The first thing we are going to do is try and
temporarily disable the rogue, to get rid of all the annoying popups and allow us to actually do something. For this we use
RKill.
====================Please download
RKill by
Grinler from Download Mirror #1 and save it to your
desktop.
Download Mirror #1 (rkill.exe)Download Mirror #2 (rkill.scr)Download Mirror #3 (rkill.com)Download Mirror #4 (WiNlOgOn.exe)Download Mirror #5 (uSeRiNiT.exe)Download Mirror #6 (iExplore.exe)Download Mirror #7 (eXplorer.exe)- Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
- A black screen will briefly flash indicating a successful run.
- If this does not occur please delete that application and try using Mirror #2
- Continue process until the tool runs.
- Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.
====================Please download
OTL by
OldTimer from
here and save it to your
Desktop.
- Close all windows and double click OTL.exe.
- The Extra Registry setting should be Use Safelist
- Copy and paste the following text into the Custom Scans/Fixes box:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
/md5start
atapi.sys
explorer.exe
iastor.sys
userinit.exe
winlogon.exe
/md5stop
- Click the Run Scan button and allow it to run.
- It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
- You may need to use two posts to get it all.