Hello Jvescov1,
Thanks for posting back about being stuck with aswMBR. The machine is disconnected from the internet so if a tool tries to download anything, it will fail. That is a good thing in this case.
For now, I would like you to eject the USB from the infected computer, put it back into the clean computer to copy ERUNT onto it:
First
Make a backup of the existing registry using ERUNT:
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Click here to download the ERUNT installer to your USB stick.
When the download is finished, eject the USB stick, and put it back into your infected computer.
On the infected computer, copy the ERUNT installer over from the USB stick to your Desktop, and run it. Follow the prompts to create your first registry backup.
Second
Please try to run aswMBR.exe in Safe Mode:
Boot into Safe Mode in Windows Vista
Note: Please print these instructions or copy/paste them into a notepad file in case you are unable to access this site.
- Turn your computer off through Shut Down.
- Wait a few seconds, then turn it back on.
- Once your computer's manufacturer logo (eg. 'Dell') starts to show, start pressing the F8 key repeatedly.
- Keep pressing it until the Windows Advanced Options Menu loads up.
- Make sure 'Safe Mode' is selected, navigate to it by using the arrow keys.
- Press enter, and your computer will start booting into Safe Mode.
Once in Safe Mode, try to run aswMBR.exe from your Desktop again.
If you can't get aswMBR.exe to run in Safe Mode, just copy/paste the log files you already have from your infected computer to your USB stick, and from the clean computer, copy/paste the log file contents back here so we can look at what you have.
Did you have any problems running TDSSKiller?
Looking forward to seeing the Security Check, TDSSKiller and aswMBR logs...