worms in my computer

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  File::
  
  c:\windows\DUMP78e9.tmp
  c:\windows\DUMP74e1.tmp
  
  DDS::
  Trusted Zone: bcnonline.com\www
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log from this action.
  

*************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[tepetapan]

After  doing the CFScript and the SysProt, and after the smoke cleared,  I am looking for the text file. At first it seemed to tell me there was nothing found....poking around I found this.
  MZ?       ÿÿ  ?       @                                   P  º ?   Í!?
LÍ!This program cannot be run in DOS mode. 
The main body of this log was deleted by myself, Dave.
It´s all Greek to me........   the SysProt ran fine ( I think)       did I miss something?

[SuperDave]

MZ?       ÿÿ  ?       @                                   P  º ?   Í!?
LÍ!This program cannot be run in DOS mode. $

 
Did you follow the instructions? It states that you cannot run this in DOS mode.                                                         

[tepetapan]

I did not run it in DOS, I am not nearly that smart,   I ran it like I was instructed. Here is something I found on the desktop at the end of the day.
 #  Archive C:\Documents and Settings\gne\Escritorio\SysProt.zip
2009-03-15 23:11        Folder        Folder  SysProt
2009-03-15 20:18        145408        139772  SysProt\SysProt.exe
2009-03-15 23:10        268146        214248  SysProt\SysProt_AntiRootkit_Help.pdf
#
# Total                   Size        Packed  Files
#                       413554        354020  3
 
 

[SuperDave]

Ok. Let's just forget about this scanner and we'll try another.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.