Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Can you use an external thumb drive to get the log to another machine with net access? the infection you have is fairly new and quite resilient.

Hello.
Do you have your Windows 7 disc? just in case we need to repair any damage.

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
• Click the Start Scan button
• After the scan has finished, click the Close button
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Okay that removed the rootkit - can you re-run Combofix please just to make sure the majority of the infection is gone.

Attach the new log when complete.

It's possible this infection has patched services.exe, so that's our next step.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  services.exe
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

That's strange, services.exe isn't in its right place.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Check "Include All Files" option.

• 
  Press "Scan".
  It will create a log (FSS.txt) in the same directory the tool is run.
  Please copy and paste the log to your reply.

Oh wow, that's sneaky. You may have a new infection here, so were gonna need a bit more information so this can be sent to our developers and experts.

Submit a file for analysis.

1. Please visit this website: Jotti's Malware Scanner
2. Press the "Browse" button and locate the following file in bold:
   C:\WINDOWS\system32\drivers\afd.sys
3. Press the "Submit File button to submit the file for analysis.
4. Allow it to be scanned, it could take a few minutes depending on server load.
5. Copy and paste the result back here.