ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient.   I am  trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update.  I use the boards in reverse to what is seen

Please do not run any tools unless instructed to do so. 

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
• If I ask a Question just answer it, don't run anything unless it states.
• Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

Please read every post completely before doing anything. 

• Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
  
  
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Please read carefully and follow these steps.

Download TDSSKiller from http://support.kaspersky.com/faq/?qid=208280684  click on the TDSSkiller.exe green link.

Double click on TDSSKiller.exe to run the application,

Open the Change Parameters option and select the detect TDL File system

Click OK

Then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.

Look for the Filesystem detection

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste into Notepad and attach back here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ ) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back.

Quads

Quads,

Ran TDS Killer as directed.

Redbook.sys was only file infected.

Rebooted as directed.

When reboot completed household power interrupted less than 1 second (it's hot in Texas).

Let it reboot by itself.

TDSS killer log file found and attached.

Awaiting further instruction, sir.

Re run TDSSkiller with the same instructions to make sure TDSSkiller comes back with 0 found.

Quads

Quads

The second run of TDSKiller showed redbook.sys OK

No other infections found

File attached

Did not reboot

Noticed that each time TDSKiller is run it changes my clock/day/month/year settings

Awaiting orders, sir

psquared

Step 3. 

Please read carefully Read all of this message first

Download Combofix http://www.bleepingcomputer.com/download/anti-virus/combofix  It will be a new copy as it always gets updated.

• Ensure that Combofix is saved directly to the Desktop <--- Very important  (Not in the Download(s) or Temp folders)
  
  
• Disable all security programs as they will have a negative effect on Combofix, Disabled for say 1 hour or more.
• Close any open browsers and any other programs you might have running

Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"

• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Quads

Quads

- downloaded ComboFix following your instructions

- TCP/IP stack infected and root virus detected

- ComboFix rebooted

-ComboFix auto scanning again

- message box:  "PEV,exe encountered prob. needs to shut down"  (I took no action)

- Norton message "Sure you want to shut down Norton Firewall" (I took no action - had already set Norton to 5 hour off)

- ComboFix rebooted and preparing report

- Win Security Alert message: "Sure you want to keep blocking?" (I took no action)

- ComboFix Report completed (attached to this post)

- I launched IE browser - message that IE is not default browser (I made itt default browser)

- I turned Norton PC Security back on

- I rebooted, Win Security Alert auto installed 1 update during shutdown

Awaiting further orders, sir.

step 4. (a)

Please read carefully and Slowly

You might have to export the results

 Please scan with ESET next 

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the  button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on  to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the  icon on your desktop.
• Check 
• Click the  button.
• Accept any security warnings from your browser.
• Under scan settings, check  and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• Attach the resulting log in your next reply

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. 

Quads

Quads

Ran ESET program per your instructions

Two threats found (see attached report)

Did not remove ESET program files at completion of scan.

Awaiting further instructions, sir.

Pat

Step 4. (b)

Disable Norton for say 30 minutes

Download OTL http://www.bleepingcomputer.com/download/otl/

Start OTL,  

Click the Scan All Users checkbox.

Change file age to 60 days

Press the 

An OTL.txt  and extras.txt will be created.

Quads