[djtappin]

Yes I ran the combo fix when you told me too every time.

[emeraldnzl]

Okay then.

Let's do this:

It is a pretty big download at 28mb's but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file, name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[djtappin]

WOW! That's really good program. It took almost 9 hours to scan.

Below is the report.

Detected
--------
Status Object
------ ------
disinfected: Trojan program Rootkit.Win32.TDSS.u File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir

[djtappin]

Hello,

That last program worked. AVG did not detect it as a virus today. So the last program disinfected the root.

Below is the result of the AVG scan.

"Scan ""Scheduled scan"" was finished."
"Warnings";"24"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Tuesday, November 03, 2009, 12:00:06 PM"
"Scan finished:";"Tuesday, November 03, 2009, 1:32:30 PM (1 hour(s) 32 minute(s) 23 second(s))"
"Total object scanned:";"519182"
"User who launched the scan:";"SYSTEM"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\tribalfusion.c om.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\doubleclick.ne t.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.8c65eddd";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.650648e8";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.350339d4";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.2d37ad26";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\casalemedia.co m.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\atdmt.com.b3e3 3b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\atdmt.com.7247 c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite:\advertising.co m.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Administrator\Application Data\Flock\Browser\Profiles\uftruf1o.default\cookies.sqlite";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"

[emeraldnzl]

That one Kaspersky AVG found was in ComboFix quarantine. Another one that should have been removed at cleanup. I am suspicious that that didn't work properly.

In any event you are all done and dusted now.

regards
emeraldnzl

[djtappin]

Yep it all done now! I'll mark this one as solved!
:-)
Thanks a lot for your support! :-)

Desmond J Tappin

[emeraldnzl]

Your welcome