When you ran aswMBR, another file was created on the Desktop: MBR.dat
Please submit MBR.dat for analysis to VirusTotal:
Use the 'Browse' button to navigate to the location of the file.
Click on the file
Then, click the 'Open' button.
The file is now displayed in the 'Submit' Box.
Scroll down and click 'Send File', and wait for the results
If you get a message saying: 'File has already been analyzed', click 'Reanalyze file now'
Once scanned, please provide the link to the results page in your reply.
If you cannot do this from the infected computer, move the mbr.dat file to a USB flash drive, and the go to a clean computer and submit it from there
Now, let's press on...
If you cannot run ComboFix first normally in Windows 7, go back to Safe Mode with Networking and run it from there.
Please download an updated version of ComboFix (CF):
Save ComboFix.exe to your Desktop!! <- Important!
Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.
Information on disabling these programs is available here:
Windows 7: To run the program, right-click and select: Run as Administrator
Click on 'Yes', to continue scanning for malware.
When finished, CF produces a report.
Please provide a copy of the C:\ComboFix.txt in your reply by uploading it to Megauploads, as you did previously.
1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Now, please remove any previous download of TDSSKiller (if used) and download the latest version:
Execute the file:
Windows 7: Right-click and select: Run as Administrator
Press the button: Start Scan
The tool scans and detects two object types:
'Malicious' (where the malware has been identified)
'Suspicious' (where the malware cannot be identified)
When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.
It automatically selects an action ('Cure' or 'Delete') for 'Malicious' objects. Leave the setting as it is.
It also prompts the User to select an action to apply to 'Suspicious' objects ('Skip', by default). Leave the setting as it is.
After clicking 'Next/Continue', the tool applies the selected actions.
A Reboot Required prompt may appear after a disinfection. Please reboot.
By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\.
Logs have a name like:
Please post the TDSSKiller log in your reply, by uploading it also.
Need to see the following uploads in your reply:
**The 'ComboFix log'
**The 'TDSSKiller' log
**Whether TDSSKiller needed a reboot
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals