Hm, tricky…
We will try to solve all problems.
aswMBR shows rootkit. I’d like to see a log from this tool…
Step#1.1
I see that you have TDSSKiller original and one renamed. Please delete current and download fresh one.
Download fresh TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.
Step#1.2
Let’s then do adittional check MBR.
Please download MBRCheck.exe to your desktop.
[*] Be sure to disable your security programs
[*] Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
[*] A small window should open on your desktop
[*] if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
[*] If nothing unusual is found just press Enter
[*] A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.
Step#1.3
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:commands
[CREATERESTOREPOINT]
:OTL
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8EBDAD11
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:21F28B00
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3DA64F2C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A60E1551
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:57B4E612
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:981884E7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5EC637CB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:680086AB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A757EE0B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8356AE8B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6D6D6E2B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:72E546C1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DE73B0FE
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:CC174F28
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5B85C37B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8A44841A
:files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:commands
[purity]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Now let’s try to fix the internet conections:
Step#2.1
Download Complete Internet Repair tool.
www.datum-forensics.com/down/comintrep.exe
-Extract the program in a separate folder on the Desktop.
Double-clicking start [b]comintrep[/b] and click Extract.
The program will create a new folder called Complete Internet Repair.
Close all running applications.
In the created folder, double-click on [b]CIntRep[/b] run program.
Check boxes to [b]Repair /Windows Automatic update[/b] options and then click[b] Go[/b]!
Wait for the program to finish the repair and then will ask for reboot.
If no reboot, restart it.
Restart the program by double-clicking on [b]CIntRep[/b].
Click on File> Logging> Logging Open Directory.
With an arrow okaci CIntRep.txt using the attach file option.
If there are several logs, attach them too in the message.
Step#2.2
Download Windows Repair (all in one) from this site
Install the programme then run
https://dl.dropbox.com/u/73555776/waio%20start.JPG
Go to step 3 and allow it to run SFC
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
On the start repairs tab click start
https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG
Select the following items and tick restart system when finished
https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG