Rootkit MBR:\.\PHYSICALDRIVE0 is still being detected by Avast!, despite the fact I had already executed a boot time scan. I had also already done a scan with MalwareBytes in safe mode which picked up nothing. Occasionally, I get a blue screen after the root kit is ‘removed’ by Avast! A few days ago, I was continually being prompt by “Found New Hardware Wizard” to install “Unknown”. Just yesterday, I had finally decided to simply comply with the wizard which kept bothering me every startup. Perhaps this hap hazardous installation might be a factor? MBAM, OTL and aswMBR logs are attached. Many thanks.
I have tried to refer this to a malware removal specialist.
[list]Hi this is a multiple type MBR infection so I will need to use a specialist tool
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg
[*]Click the Start Scan button.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste its contents on your next reply.