rootkit infection, am I ok now?

First, I have to congratulate you guys at MajorGeeks. The advice in the malware section is succint and excellent. No fluff, but a superbly solid 'Malware Removal Guide'. I'd be creating a login anyway just to thank you guys for the quality effort. Even the forums are superb- well designed and state of the art.

Now that I've gushed, onto the problem. I was working and surfing as usual yesterday evening when all of a sudden my internet connection froze- I could not access the router, but network activity was continuously going on. Avira AntiVir scanner wouldn't respond, nor would ctrl-alt-del to get process explorer, nor autoruns! This had never happened to me before, and I'm a safe surfer (firefox + adblock) with a background in computers. Maybe I've not been up to date, but Adaware and Spybot could not find anything significant. I even did a boot time scan with Spybot without luck.

Machine specs are: IBM T43 Thinkpad laptop with XP (SP3). There is a reserved FAT32 partition in the disk for backups (hardly ever used), and the machine is dual-boot with linux.

Meantime, I discovered a <User>.exe in my 'Documents and Settings/<User>' folder. Also was able to fire up ProcessExplorer through Internet Explorer. There was a suspicious 3com_dmij.exe hiding behind an svchost process. Apart from the 2 things, I could not catch anything else till I chanced on the excellent anti-malware guide and tools listed here. Apparently, I've been invaded by Gen Rustock! Could it somehow have been from a rapidshare zip archive containing pdf documents?

After running through all the steps, the laptop seems to be back in the game, even a little faster than before. But I'm not sure if the machine is totally disinfected. I'm attaching the 4 logs here- and would be much grateful if somebody could peek into these and guide further.

After clearance by experts here, I'll proceed to a full system scan with the Avira Antivir Personal (free) version.

thanks for your help,
rugrats14

PS- I'm generally pleased with Avira Antivir but is there an antivirus that's as less invasive as Avira, yet has a smaller footprint? Also, which firewall among those listed here ( http://forums.majorgeeks.com/showthread.php?t=44525 ) also fit these two criteria?

 

Hi Kestrel13!

thanks for offering to help- I really appreciate it. I will say this again- the malware removal guide is brilliant. However, the time to get a response in the forums is way too long to be of much use to some of us. And I mean no disrespect to any of the fine contributors and volunteers who invest their precious time helping others.

May I recommend that there be some kind of a daily updated 'visual meter' or a sticky in the malware forum that shows the approximate waiting time for a poster before he gets help? This way, those who cannot afford to wait this long will not add to the queue, which in turn will benefit all the rest.

You kindly may skip looking at my logs also.
best wishes,
rugrats14

 

Certainly- and some of us new posters respect that. Regarding your first sentence, however, let me remind you that I did not propose anything that further taxes any of you. More on this towards the end.

If I did not already think you guys were doing a great job with your replies, I would not have even bothered to post feedback/ suggestions. The issue is not the turnaround time, but the lack of information to a new poster on how long he might have to wait.

It needn't be a sophisticated system based on Queueing Theory or Operations Research. A simple program to roughly count how many threads have not been replied to by moderators or volunteers, multiplied by historical average of resolution time for one thread- this should give a rough idea of the queue size/ waiting time to potential help seekers. Or this could manually be updated once or twice per day by somebody who has query access to the database, and some kind of script to do the job.

All I'm talking about is the possibility of programmatically doing this- a few hours spent once on this task will make the forums richer. I never implied that you already burdened souls have more stuff to do- as they say, programmers are the laziest people and try to make scripts or programs to do their job. Whether this forum software system lends itself to this kind of programming is something the admins could consider finding out.

Lastly, since you guys help out so many, this post is also made in the same spirit- to provide a helpful and productive idea, one which may or may not be workable. Food for thought, if you will.

cheers,
rugrats14