Ok, I got it. You may edit your post and remove download link if you will.
This is just bump of MBR, not malware by itself but hey…just in case. :slight_smile:

The thing is that master boot records (MBR) does not belong to the Windows operating system.
Somewhat hase been made ​​changes to it. That somewhat may be legit software but in your case some malicius software.

avast flag this as “Hurri” but this is rootkit known as “MBR.Malmo” and it’s malicious. So we will fix your MBR and set it to default Windows settings.
If some malware using MBR as shield from me and my tools to hide it’s loading point or MBR by itself make malicius payload to system then fixMBR will to the trick.

FixMBR from Recovery Console

When we run ComboFix earlier, CF has been installed the Windows Recovery Console. We are going to use that now.

  1. Reboot your machine and when the Boot Menu flashes up - select “Microsoft Windows Recovery Console”
    (you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)


http://fotkica.com/thumbs3/1_tmb_153239505_RC_BootMenu.jpg


http://fotkica.com/thumbs3/1_tmb_459718526_2RConsole_A.jpg

  1. When you get to the above screen, take note of the number that references your operating system.
    If it’s ‘1’ like the picture above, type 1 and press Enter


http://fotkica.com/thumbs3/1_tmb_62688892_3RConsole_Fixmbr.jpg

  1. Next type FIXMBR


http://fotkica.com/thumbs3/1_tmb_72587141_4RConsole_FixmbrB.jpg

It will ask you “if you’re sure you want to write a new MBR” answer ‘Y

Then type EXIT to reboot the machine.

And that’s it. :slight_smile:

----- next -----

Re-check:

Re-run aswMBR tool and post me here fresh created aswMBR.txt logreport.

----- next -----

CFScript for Combofix

Open notepad and copy/paste the text present inside the code box below:

Folder::
c:\windows\865537E164904193A4B6669C62711852.TMP
c:\program files\GUM8B.tmp

DirLook::
c:\documents and settings\Faster\Local Settings\Application Data\cald3
c:\documents and settings\Faster\Application Data\cald3
c:\documents and settings\Faster\Local Settings\Application Data\Temp
c:\program files\Common Files\xing shared

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

DDS::
uStart Page = about:blank

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{51d565ca-4dbd-499a-9118-fed2a54f7558}]

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )