I appear to have a trojan. Malwarebytes sees it and tells me it has removed it, but if I run the scan again after rebooting, the bleeping thing is still there. Running SpyBot Search & Destroy, then MWBAM got me all excited since MBAM now found more and slightly different things wrong, but after the reboot, scanned with MWAM and the same darn Trojan is found again. grrrrr.
I think I am attaching the correct logs.
you may also attach malwarebytes log
I’ve run it several times MWBAM several times in the past 24 hours - Will take me a few mins to save the logs in ANSI for you.
Malware bytes logs attached
and finally the most recent MWBAM log
Hi there I will ask you to run two programmes, the second Combofix may not work in which case I will need a second run with specific instructions on TDSSKiller
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
http://dl.dropbox.com/u/73555776/TDSSFront.JPG
[*]Then click on Change parameters.
http://dl.dropbox.com/u/73555776/TDSSConfig.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
http://dl.dropbox.com/u/73555776/TDSSFound.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
http://dl.dropbox.com/u/73555776/TDSSEnd.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach its contents on your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Thanks so much, I really appreciate your help.
I ran TDSSKiller
REPORT
16:15:19.0588 7268 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:15:20.0277 7268 ============================================================
16:15:20.0277 7268 Current date / time: 2012/08/13 16:15:20.0277
16:15:20.0277 7268 SystemInfo:
16:15:20.0277 7268
16:15:20.0277 7268 OS Version: 6.1.7601 ServicePack: 1.0
16:15:20.0277 7268 Product type: Workstation
16:15:20.0277 7268 ComputerName: MOMMY-PC
16:15:20.0278 7268 UserName: Mommy
16:15:20.0278 7268 Windows directory: C:\Windows
16:15:20.0278 7268 System windows directory: C:\Windows
16:15:20.0278 7268 Running under WOW64
16:15:20.0278 7268 Processor architecture: Intel x64
16:15:20.0278 7268 Number of processors: 8
16:15:20.0278 7268 Page size: 0x1000
16:15:20.0278 7268 Boot type: Normal boot
16:15:20.0278 7268 ============================================================
16:15:22.0260 7268 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040
16:15:22.0328 7268 ============================================================
16:15:22.0328 7268 \Device\Harddisk0\DR0:
16:15:22.0328 7268 MBR partitions:
16:15:22.0328 7268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
16:15:22.0328 7268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x55722000
16:15:22.0328 7268 ============================================================
16:15:22.0346 7268 C: ↔ \Device\Harddisk0\DR0\Partition1
16:15:22.0376 7268 D: ↔ \Device\Harddisk0\DR0\Partition0
16:15:22.0376 7268 ============================================================
16:15:22.0377 7268 Initialize success
16:15:22.0377 7268 ============================================================
I know the problem isn’t solved yet, because MBAM warned me already that a Trojan attempted something, but I’m not seeing the constant blocked site warning now.
I’m getting ready to run ComboFix but I can’t figure out how to disable Avast. Looked where you told me and it wasn’t helpful. Whatnow?
OK right click the orange blob and select shield control > disable shields for 1 hour and that will work you can then ignore the combofix warning
Could you attach the entire TDSSKiller log please it should be at C:\ TDSSKIller followed by the date
But that’s my problem, I don’t get Sheild Control when I right click the orange blob, I see :
avast! Internet Security
Pin this program to task bar
Close window (when I already have it open)
Attaching TDSSKiller logs
We may need to repair Avast, but for now accept the combofix warnings
Before running combofix re-run TDSSKiller
When you see this element select delete :
\Device\Harddisk0\DR0 ( TDSS File System )
Then run Combofix
Thank you… again. 
Not seeing report files for TDSSKiller today. Only see the ones from yesterday when I search. arg. Otherwise trying to follow your directions. Malwarebytes and avast! are both running and I can’t turn them off. muttering cusswords
Well, here’s the Combofix log. Took it ~25min I think I managed to turn off the Antivirus, except Norton Antispyware, which I could have sworn I did turn off for an hour.
WHOOT! MWBAM scan log:
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.14.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mommy :: MOMMY-PC [administrator]
Protection: Enabled
8/14/2012 1:08:30 PM
mbam-log-2012-08-14 (13-08-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290345
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Thank you SO, SO much! ;D
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [resethosts] [emptytemp] [Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg
[]Follow the prompts on the screen
[]A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Go to control panel
[*]Select folder options (Appearance > Folder options in category view)
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
[] Go to this site and click Do I have Java
[] It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
[*]Go to Control Panel and select System
[*]Select System
[*]On the left select System Protection and accept the warning if you get one
[*]Select System Protection Tab
[*]Select Create at the bottom
[*]Type in a name i.e. Clean
[*]Select Create
Now we can purge the infected ones
[*]GoStart > All programs > Accessories > system tools
[*]Right click Disc cleanup and select run as administrator
[*]Select Your main drive and accept the warning if you get one
[*]For a few moments the system will make some calculations
[*]Select the More Options tab
[*]In the System Restore and Shadow Backups select Clean up
[*]Select Delete on the pop up
[]Select OK
[]Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe 
If there is a heaven, there must be a special suite for you there!
Last night my machine was refusing to boot up (2-3 tries), and I was getting nervous when the Startup Repair scan/tool told me it was unable to fix the problem, but I clicked Restart for the heck of it and it came back to life.
I am still seeing some issues this morning with pages in Chrome appearing to load, but I’m unable to scroll or interact with the page in any way and have to reload the page once or twice before it the page works normally.
Logging out or switching users seems to be taking longer than usual, and RNowShell.exe was delaying logout at one point last night and I have no idea what that is.
If these problems persist after the final cleanup you suggest, I will be back!
It might be worth running a check disc scan as well … Looking at those problems listed