[noahdfear]

Thank you for the uploads. The c:\windows\system32\drivers\modhf.sys file is infected. Let's see if MBAM picks up on and removes it.

[Advertisements]

Yep, MBAM has picked it up and removed it i'm pretty sure.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6028

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/03/2011 1:48:07 PM
mbam-log-2011-03-12 (13-48-07).txt

Scan type: Quick scan
Objects scanned: 158074
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\drivers\modhf.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

[J_Mac]

Yep, MBAM has picked it up and removed it i'm pretty sure.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6028

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/03/2011 1:48:07 PM
mbam-log-2011-03-12 (13-48-07).txt

Scan type: Quick scan
Objects scanned: 158074
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\drivers\modhf.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

[noahdfear]

Looks good. Provided your system seems to be working properly and no issues remain, I'd say you're ready to uninstall ComboFix and finish tidying up.
To uninstall ComboFix press the Win key+R (Win key is between left Ctrl and Alt keys) to open a Run dialog, then type ComboFix /uninstall and press Enter. ComboFix will run and let you know when it has completed it's unistall routine.

Azarl may have some other cleanup instructions and recommendations.

It's been a pleasure working with you. Safe surfing!

[J_Mac]

And last step performed! Something that started last November has finally been resolved 4 months later in March

Thank you so so much. I didn't think it was possible to revive my computer I must admit, but your help has been invaluable I cannot thank you enough. I am so glad and thank you very much again. Thank you

[noahdfear]

You're most welcome

[azarl]

Now that noahdfear's done the easy bit, I'll finish off.

That was amazing to watch, certainly knows his stuff.

We'll start cleaning up now and just check for any bits that may be hiding

» Step 1 «
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

» Step 2 «
Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

»Step 1 - Auto-Scan «

• On the first tab select all elements down to Computer and then select start scan
• Once it has finished select Report and post it in your next reply
  
  

[J_Mac]

I was able to perform the first part no problem.

The second part with Kasperspy was a bit challenging though. My computer seemed to freeze when I clicked 'report' and when it was responding I dont think I was able to pick up what you were looking for. I wasn't sure where to get the report from this is all I scraped out of it.


Autoscan: malfunction (events: 1, objects: 0, time: Unknown)
12/03/2011 9:14:19 PM Task started
Autoscan: completed 33 minutes ago (events: 2, objects: 240692, time: 02:56:09)
13/03/2011 11:17:05 AM Task started
13/03/2011 2:13:16 PM Task completed

[azarl]

Looks like you're clean - you are clear or seem to be. Please advise me if you still have any problems.

OTL Cleanup
Run OTL and click the cleanup button. It will remove all the programmes we have used plus itself.

Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection

It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.


Make your Internet Explorer more secure - This can be done by following these simple instructions:

• Run Internet Explorer
• Click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Updates
From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE