You've got one of the most popular infections right now. Go ahead and copy all of the text in the code box below...
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BB35C63-98DE-64F1-688B-1347D8136C28}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD8F2F73-8E79-7C1A-6B2B-0702F1C25DA0}]
Then open up Notepad and paste the text there. Go to File > Save As and when the window pops up, click on Save As Type and choose All Files. Save this to the desktop as
tdss.reg and then close Notepad. Run the tdss.reg file and let the entries be added to your registry.
Then download ComboFix by sUBs from one of the below links. Be sure to save it to the
Desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exehttp://subs.geekstogo.com/ComboFix.exeClose any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily
disable your anti-virus, and any
anti-spyware real-time protection before performing a scan. Click
this link to see a list of security programs that should be disabled and how to disable them.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the
ComboFix log and a new
HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
