Hm…this does not work for us as I had hoped. This will be hard to kill from active Windows.

Please upload this file (c:\windows\System32[b]rundll32.exe[/b]) here using wikisend site for analyse. I shall need to take a look at file itself.
http://www.wikisend.com
Please post here download link or you can send download link to PM if you wish.

Run dr_Web scaner…

Download Dr.Web CureIt .

[*]Doubleclick the drweb-cureit.exe file to open it.
[*]A window will open offerring a choice of EPM or Standard Mode
[*]Chose EPM
[*]A license and updates window will appear. If necessary update, otherwise go to the wrench at the top right and check the box Automatically apply actions to threats.
[*]Check the box “I agree to participate…” and click Continue
[*]You will not be able to use your computer until the scan is finished. It generally takes only a short time say… around 15/20 mins.
[*]Dr Web will scan your computer. When finished close Dr Web.
[*]A report is saved to C:\users.…\Doctor Web named cureit.log. Post the contents back here.

------ Next -----

Re-run aswMBR.exe, click scan button and post me fresh aswMBR.txt logreport.