Unknown Trojan.Agent infection.

I was initially infected with Win32.TDSS.rtk and a host of other nasties including Virtumonde. I removed this infection and most of the others, but appear to have one stubborn "unknown" left behind. I have followed all of the helpful malware removal instructions precisely, please find my logs attached.

This appears to be my problem:

O4 - HKLM\..\Run: [Rfisedekos] rundll32.exe "C:\WINXP\amezabocuka.dll",e

When I run a netstat, I find lots of outgoing smtp connections to mail servers all over the world, so apparently this infection has turned my computer into a spam re-mailing hub. I assume this is what accounts for my general slowdown in making network requests / browsing web sites (my only real symptom at present).

Thank you for your assistance!

 

I just thought I'd update this thread with my outcome in case others encoutered this problem.

It probably doesn't show up on the logs here, but I wound up being able to remove everything mentioned in my original post. However, later on, I discovered that I had been hit with a root kit. (Not the Win32.TDSS.rtk mentioned, which is actually fairly easy to remove).

Nothing which detected the root kit gave me a specific name for it, but I can describe it's characteristics:

It has some hidden/encrypted files which I was never able to detect with any programs (even tried with Kaspersky). At boot, these hidden files create two other files: restore.sys and driver.sys (I believe one was in the Windows directory and the other in the system32 folder). Also created is a temp file with the format: C:\Windows\temp\BN#.tmp (for example: BN5.tmp).

On reboot, the files disappear, causing any utilities which delete on reboot not to find them. It was causing one or both of the following two entries to peristently appear in MBAM:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Nothing was able to remove it, I even got in with GMER and UnhackMe (which is actually a pretty neat utility).

Ultimately, I had no choice but to do a complete format and reinstall, as is often recommended with rootkits anyway. I just thought I would share this information for anyone else unfortunate enough to acquire this pest; I wasted many hours attempting to remove it and reached the conclusion that it's more or less impossible, at least with current detection/removal options that are available.