09-14-2011 10:37 PM
Seems like we have a TDL type of infection here...
Download aswmbr http://http://public.avast.com/~gmerek/aswMBR.htm ( 1870KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the [Scan] button to start scan
On completion of the scan click [Save log], save it to your desktop and post in your next reply
How to fix
On completion of the scan
Click the [Fix] for TDL4 (MBRoot) or [FixMBR] for Whistler (button select as appropriate)
How to verify **SUSPICIOUS** file
Right click on the red item
Copy file to the new location as e.g. copy_afd.sys
Please note that accessing rootkit files via Windows Explorer is useless because the real data are hidden
Send the file to http://www.virustotal.com
09-16-2011 03:18 PM - edited 09-16-2011 03:19 PM
Here's the log. I have previously run this, TDSSKiller, an anti-TDL3 program, etc....with no luck.
BTW - isn't removing a rootkit so that another anti-rootkit program can run, some sort of oxymoron?
09-16-2011 11:42 PM - edited 09-17-2011 12:33 AM
did anything come up in red in aswmbr?
Time for the big boy....
SPECIAL THANKS TO BLEEPINGCOMPUTERS.
THIS WILL KILL ALL THE MALWARE SHOT DEAD.READ ALL THE STEPS VERY CAREFULLY.
download ComboFix, click on one of the links above, and at the page that opens, please click on the download link for ComboFix. When you click on the link you will see a download prompt similar to the one below.
Once these two Steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Once you double-click on the icon, you may see a screen similar to the one below.
You will now see the ComboFix disclaimer screen as shown below.
please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console. Once it has finished installing, you will be presented with the screen shown below.
If, by some chance, you no longer have access to your Internet connection after running ComboFix then the first thing to try is to reboot your computer. This step alone should fix the vast majority of issues with no Internet connection after running ComboFix. If you still do not have an Internet connection after rebooting then please perform the following steps:
Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.
09-17-2011 08:57 AM
No, nothing has come up red in aswMBR.
I have run combofix many times and pulled out lots of rootkits and trojans from various PCs. I will rerun it and post later today (physicly moving today)
It may be a conflict with Spybot Search and Destroy 2 (beta IIRC). I'll turn that off and retry sysclean.
09-17-2011 10:45 AM
Most probably combofix will sove the problem...post the logs on next reply.