how it happened: got bumped to a bad site and avast fired off about 20 warnings.
got internet security 2010 bug at least, and I think some kind of rootkit. Avast wouldn't spot it. It disabled task manager, cmd, media player and completely uninstalled the system restore feature (along with deleting all of my restore points). I know the file smss32.exe was involved. It installed several startup processes that would regenerate, etc etc.
I received some help from another board (that shall remain nameless) which helped, but they have left me high and dry. It looks like you guys are a little more responsive.
they had me run combofix, which appeared to remove the rootkit. renamed a couple of dll's, and combofix removed the orphan registry entries. ran spybot to remove some lingering malware and avast found a few bugs.
Avast fired off another warning today, so I suspect that I still have some infection. 2010 bug is gone. Computer is running fine, but slow at startup. I noticed a directory named c:\cmdcons that doesn't belong there. directory was created on the date of infection. can't delete this file with explorer or at cmd. nothing in startup that appears out of the ordinary. a few running processes look "new and different" but it's hard to tell.
would like a fresh set of eyes to take a look and see if anything is amiss and help me get rid it. and that directory. I suspect it's filled with bad stuff.
There are also some infected files that avast locates in the system volume information directory. probably restore files. avast can't delete them. any help here is appreciated as well.
Edited by mark wagner, 08 January 2010 - 08:13 PM.