Hi could you copy aswMBR to your C drive root please i.e. C:\aswMBR
Then run the following command
Go Start > Run
Or press the windows and R key together
Copy and then paste the bold command below
Then press OK
aswMBR.exe -ap 1
Once it has run then reboot and re-run an aswMBR scan
NEXT
[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
[*]The report has been created on the desktop.
[*]Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
[*]The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
FINALLY
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\filbdbng.sys -- (heyuvea)
O28 - HKLM ShellExecuteHooks: {a5780613-492e-4a2a-a7fd-549610edf6cc} - No CLSID value found.
[2011/01/27 17:44:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lkoduwonezonuso.bin
[2011/01/27 17:44:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pnitilita.dat
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 “%AllUsersProfile%\Start Menu” /H /I /S /Y /C
xcopy %Temp%\smtmp\2 “%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch” /H /I /S /Y /C
xcopy %Temp%\smtmp\3 “%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar” /H /I /S /Y /C
xcopy %Temp%\smtmp\4 “%AllUsersProfile%\Desktop” /H /I /S /Y /C
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.