Inactive [A] Just recovered from virus... am I clean?

Status
Not open for further replies.
All appears to be running alright. Still slow, but as I said earlier, that's most likely having both Mbam and McAfee running....Mcafee is indubitably a memory hog, when you total all its varied processes. I'm looking through the alternatives and reviews, but haven't decided on one yet. I'll keep it until I do. I already had Secunia installed...have had it for a couple months. My brother in law recommended it. It found a few things on my machine that were so old that, if they'd been alive they'd have farted dust!

There is one oddity that is sort of concerning...Mbam keeps popping up warnings about an outgoing connection to a handful of IP addresses. It doesn't say what is initiating these connections. Nothing shows on Mbam scan, nor on Mcaffee scan.
 
That's not good.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Here's the log. Should I rerun it with all the optional parameters checked?

17:08:52.0156 0436 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
17:08:52.0765 0436 ============================================================
17:08:52.0765 0436 Current date / time: 2012/02/09 17:08:52.0765
17:08:52.0765 0436 SystemInfo:
17:08:52.0765 0436
17:08:52.0765 0436 OS Version: 5.1.2600 ServicePack: 3.0
17:08:52.0765 0436 Product type: Workstation
17:08:52.0765 0436 ComputerName: HOME
17:08:52.0765 0436 UserName: Owner
17:08:52.0765 0436 Windows directory: C:\WINDOWS
17:08:52.0765 0436 System windows directory: C:\WINDOWS
17:08:52.0765 0436 Processor architecture: Intel x86
17:08:52.0765 0436 Number of processors: 1
17:08:52.0765 0436 Page size: 0x1000
17:08:52.0765 0436 Boot type: Normal boot
17:08:52.0765 0436 ============================================================
17:08:55.0640 0436 Drive \Device\Harddisk0\DR0 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3C94, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:08:55.0703 0436 \Device\Harddisk0\DR0:
17:08:55.0703 0436 MBR used
17:08:55.0703 0436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB1E0F1
17:08:55.0703 0436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB1E130, BlocksNum 0xD47C900
17:08:56.0015 0436 Initialize success
17:08:56.0015 0436 ============================================================
17:09:13.0046 2844 ============================================================
17:09:13.0046 2844 Scan started
17:09:13.0046 2844 Mode: Manual;
17:09:13.0046 2844 ============================================================
17:09:13.0703 2844 Abiosdsk - ok
17:09:14.0062 2844 abp480n5 - ok
17:09:14.0468 2844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:09:14.0468 2844 ACPI - ok
17:09:14.0921 2844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:09:14.0921 2844 ACPIEC - ok
17:09:15.0281 2844 adpu160m - ok
17:09:15.0734 2844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:09:15.0734 2844 aec - ok
17:09:16.0218 2844 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:09:16.0218 2844 AFD - ok
17:09:16.0640 2844 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
17:09:16.0640 2844 AFS2K - ok
17:09:17.0062 2844 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:09:17.0062 2844 agp440 - ok
17:09:17.0437 2844 Aha154x - ok
17:09:17.0750 2844 aic78u2 - ok
17:09:18.0078 2844 aic78xx - ok
17:09:18.0546 2844 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
17:09:18.0562 2844 ALCXSENS - ok
17:09:20.0234 2844 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:09:20.0296 2844 ALCXWDM - ok
17:09:20.0781 2844 AliIde - ok
17:09:21.0171 2844 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
17:09:21.0171 2844 AmdK7 - ok
17:09:21.0562 2844 amsint - ok
17:09:21.0937 2844 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:09:21.0937 2844 Arp1394 - ok
17:09:22.0312 2844 asc - ok
17:09:22.0656 2844 asc3350p - ok
17:09:22.0968 2844 asc3550 - ok
17:09:23.0343 2844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:09:23.0343 2844 AsyncMac - ok
17:09:23.0781 2844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:09:23.0781 2844 atapi - ok
17:09:24.0140 2844 Atdisk - ok
17:09:24.0515 2844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:09:24.0515 2844 Atmarpc - ok
17:09:25.0031 2844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:09:25.0031 2844 audstub - ok
17:09:25.0781 2844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:09:25.0781 2844 Beep - ok
17:09:26.0250 2844 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
17:09:26.0265 2844 Bridge - ok
17:09:26.0296 2844 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
17:09:26.0296 2844 BridgeMP - ok
17:09:26.0312 2844 catchme - ok
17:09:26.0734 2844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:09:26.0734 2844 cbidf2k - ok
17:09:27.0156 2844 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:09:27.0156 2844 CCDECODE - ok
17:09:27.0546 2844 cd20xrnt - ok
17:09:27.0906 2844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:09:27.0906 2844 Cdaudio - ok
17:09:28.0359 2844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:09:28.0359 2844 Cdfs - ok
17:09:28.0828 2844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:09:28.0828 2844 Cdrom - ok
17:09:29.0296 2844 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
17:09:29.0296 2844 cfwids - ok
17:09:29.0703 2844 Changer - ok
17:09:30.0062 2844 CmdIde - ok
17:09:30.0468 2844 Cpqarray - ok
17:09:30.0828 2844 dac2w2k - ok
17:09:31.0171 2844 dac960nt - ok
17:09:31.0468 2844 DCamUSBVeo532 - ok
17:09:31.0843 2844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:09:31.0843 2844 Disk - ok
17:09:32.0796 2844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:09:32.0812 2844 dmboot - ok
17:09:33.0546 2844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:09:33.0546 2844 dmio - ok
17:09:34.0281 2844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:09:34.0296 2844 dmload - ok
17:09:34.0843 2844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:09:34.0843 2844 DMusic - ok
17:09:35.0453 2844 dpti2o - ok
17:09:36.0109 2844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:09:36.0109 2844 drmkaud - ok
17:09:36.0687 2844 EagleNT - ok
17:09:37.0296 2844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:09:37.0312 2844 Fastfat - ok
17:09:38.0000 2844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:09:38.0000 2844 Fdc - ok
17:09:38.0687 2844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:09:38.0687 2844 Fips - ok
17:09:39.0437 2844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:09:39.0437 2844 Flpydisk - ok
17:09:40.0187 2844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:09:40.0203 2844 FltMgr - ok
17:09:40.0906 2844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:09:40.0921 2844 Fs_Rec - ok
17:09:41.0484 2844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:09:41.0484 2844 Ftdisk - ok
17:09:41.0953 2844 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:09:41.0953 2844 GEARAspiWDM - ok
17:09:42.0421 2844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:09:42.0437 2844 Gpc - ok
17:09:43.0156 2844 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:09:43.0156 2844 HidUsb - ok
17:09:43.0562 2844 hpn - ok
17:09:44.0062 2844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:09:44.0078 2844 HTTP - ok
17:09:44.0609 2844 i2omgmt - ok
17:09:44.0968 2844 i2omp - ok
17:09:45.0343 2844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:09:45.0343 2844 i8042prt - ok
17:09:46.0187 2844 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:09:46.0203 2844 ialm - ok
17:09:46.0625 2844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:09:46.0625 2844 Imapi - ok
17:09:47.0031 2844 ini910u - ok
17:09:47.0421 2844 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
17:09:47.0421 2844 IntelIde - ok
17:09:47.0859 2844 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:09:47.0859 2844 ip6fw - ok
17:09:48.0406 2844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:09:48.0406 2844 IpFilterDriver - ok
17:09:48.0828 2844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:09:48.0828 2844 IpInIp - ok
17:09:49.0312 2844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:09:49.0312 2844 IpNat - ok
17:09:49.0750 2844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:09:49.0750 2844 IPSec - ok
17:09:50.0218 2844 IPVNMon (f60af0f89204a9177d110e3b2bd9fa0b) C:\WINDOWS\system32\drivers\IPVNMon.sys
17:09:50.0218 2844 IPVNMon - ok
17:09:50.0656 2844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:09:50.0656 2844 IRENUM - ok
17:09:51.0109 2844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:09:51.0125 2844 isapnp - ok
17:09:51.0562 2844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:09:51.0562 2844 Kbdclass - ok
17:09:52.0281 2844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:09:52.0343 2844 kmixer - ok
17:09:53.0843 2844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:09:53.0843 2844 KSecDD - ok
17:09:53.0984 2844 Lavasoft Kernexplorer - ok
17:09:54.0625 2844 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:09:54.0625 2844 Lbd - ok
17:09:54.0953 2844 lbrtfdc - ok
17:09:55.0687 2844 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
17:09:55.0687 2844 ltmodem5 - ok
17:09:56.0125 2844 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:09:56.0140 2844 MBAMProtector - ok
17:09:56.0750 2844 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
17:09:56.0750 2844 mfeapfk - ok
17:09:57.0390 2844 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
17:09:57.0406 2844 mfeavfk - ok
17:09:57.0953 2844 mfeavfk01 - ok
17:09:58.0359 2844 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
17:09:58.0359 2844 mfebopk - ok
17:09:59.0031 2844 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
17:09:59.0046 2844 mfefirek - ok
17:09:59.0718 2844 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
17:09:59.0734 2844 mfehidk - ok
17:10:00.0171 2844 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
17:10:00.0187 2844 mfendisk - ok
17:10:00.0234 2844 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
17:10:00.0234 2844 mfendiskmp - ok
17:10:00.0859 2844 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
17:10:00.0875 2844 mferkdet - ok
17:10:01.0328 2844 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
17:10:01.0328 2844 mferkdk - ok
17:10:01.0937 2844 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
17:10:01.0953 2844 mfesmfk - ok
17:10:02.0390 2844 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
17:10:02.0390 2844 mfetdi2k - ok
17:10:02.0968 2844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:10:02.0968 2844 mnmdd - ok
17:10:03.0421 2844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:10:03.0421 2844 Modem - ok
17:10:04.0000 2844 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
17:10:04.0000 2844 motmodem - ok
17:10:04.0421 2844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:10:04.0421 2844 Mouclass - ok
17:10:05.0000 2844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:10:05.0000 2844 mouhid - ok
17:10:05.0453 2844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:10:05.0453 2844 MountMgr - ok
17:10:05.0968 2844 mraid35x - ok
17:10:06.0390 2844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:10:06.0406 2844 MRxDAV - ok
17:10:07.0125 2844 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:10:07.0140 2844 MRxSmb - ok
17:10:07.0593 2844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:10:07.0593 2844 Msfs - ok
17:10:08.0140 2844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:10:08.0140 2844 MSKSSRV - ok
17:10:08.0562 2844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:10:08.0562 2844 MSPCLOCK - ok
17:10:09.0140 2844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:10:09.0156 2844 MSPQM - ok
17:10:09.0812 2844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:10:09.0812 2844 mssmbios - ok
17:10:10.0406 2844 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:10:10.0406 2844 MSTEE - ok
17:10:10.0812 2844 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:10:10.0812 2844 Mup - ok
17:10:11.0406 2844 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:10:11.0421 2844 NABTSFEC - ok
17:10:11.0906 2844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:10:11.0906 2844 NDIS - ok
17:10:12.0515 2844 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:10:12.0515 2844 NdisIP - ok
17:10:12.0953 2844 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:10:12.0953 2844 NdisTapi - ok
17:10:13.0546 2844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:10:13.0546 2844 Ndisuio - ok
17:10:14.0031 2844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:10:14.0031 2844 NdisWan - ok
17:10:14.0609 2844 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:10:14.0625 2844 NDProxy - ok
17:10:15.0078 2844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:10:15.0078 2844 NetBIOS - ok
17:10:15.0687 2844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:10:15.0703 2844 NetBT - ok
17:10:16.0187 2844 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:10:16.0187 2844 NIC1394 - ok
17:10:16.0796 2844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:10:16.0796 2844 Npfs - ok
17:10:17.0406 2844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:10:17.0421 2844 Ntfs - ok
17:10:18.0015 2844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:10:18.0015 2844 Null - ok
17:10:21.0718 2844 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:10:21.0828 2844 nv - ok
17:10:22.0296 2844 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys
17:10:22.0296 2844 NVENET - ok
17:10:22.0687 2844 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
17:10:22.0687 2844 nv_agp - ok
17:10:23.0125 2844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:10:23.0125 2844 NwlnkFlt - ok
17:10:23.0484 2844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:10:23.0484 2844 NwlnkFwd - ok
17:10:23.0859 2844 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:10:23.0875 2844 ohci1394 - ok
17:10:24.0281 2844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:10:24.0296 2844 Parport - ok
17:10:24.0718 2844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:10:24.0718 2844 PartMgr - ok
17:10:25.0140 2844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:10:25.0140 2844 ParVdm - ok
17:10:25.0593 2844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:10:25.0609 2844 PCI - ok
17:10:26.0000 2844 PCIDump - ok
17:10:26.0375 2844 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:10:26.0375 2844 PCIIde - ok
17:10:26.0859 2844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:10:26.0859 2844 Pcmcia - ok
17:10:27.0234 2844 PDCOMP - ok
17:10:27.0546 2844 PDFRAME - ok
17:10:27.0828 2844 PDRELI - ok
17:10:28.0109 2844 PDRFRAME - ok
17:10:28.0390 2844 perc2 - ok
17:10:28.0671 2844 perc2hib - ok
17:10:29.0015 2844 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
17:10:29.0015 2844 pfc - ok
17:10:29.0484 2844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:10:29.0484 2844 PptpMiniport - ok
17:10:29.0937 2844 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:10:29.0953 2844 Processor - ok
17:10:30.0343 2844 PROCEXP151 - ok
17:10:30.0781 2844 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:10:30.0781 2844 Ps2 - ok
17:10:31.0250 2844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:10:31.0250 2844 PSched - ok
17:10:31.0671 2844 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:10:31.0687 2844 PSI - ok
17:10:32.0140 2844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:10:32.0140 2844 Ptilink - ok
17:10:32.0562 2844 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:10:32.0562 2844 PxHelp20 - ok
17:10:32.0921 2844 ql1080 - ok
17:10:33.0265 2844 Ql10wnt - ok
17:10:33.0578 2844 ql12160 - ok
17:10:33.0875 2844 ql1240 - ok
17:10:34.0218 2844 ql1280 - ok
17:10:34.0609 2844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:10:34.0609 2844 RasAcd - ok
17:10:35.0062 2844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:10:35.0062 2844 Rasl2tp - ok
17:10:35.0468 2844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:10:35.0484 2844 RasPppoe - ok
17:10:35.0906 2844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:10:35.0906 2844 Raspti - ok
17:10:36.0390 2844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:10:36.0390 2844 Rdbss - ok
17:10:36.0843 2844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:10:36.0843 2844 RDPCDD - ok
17:10:37.0343 2844 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:10:37.0343 2844 RDPWD - ok
17:10:37.0812 2844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:10:37.0812 2844 redbook - ok
17:10:38.0296 2844 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
17:10:38.0312 2844 rtl8139 - ok
17:10:38.0734 2844 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
17:10:38.0734 2844 S3Psddr - ok
17:10:39.0281 2844 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
17:10:39.0281 2844 SbcpHid - ok
17:10:39.0734 2844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:10:39.0734 2844 Secdrv - ok
17:10:40.0171 2844 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:10:40.0171 2844 Serenum - ok
17:10:40.0640 2844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:10:40.0640 2844 Serial - ok
17:10:41.0109 2844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:10:41.0109 2844 Sfloppy - ok
17:10:41.0515 2844 Simbad - ok
17:10:42.0015 2844 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
17:10:42.0015 2844 SiS315 - ok
17:10:42.0375 2844 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:10:42.0375 2844 SISAGP - ok
17:10:42.0781 2844 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
17:10:42.0781 2844 SiSkp - ok
17:10:43.0171 2844 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:10:43.0171 2844 SLIP - ok
17:10:43.0609 2844 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
17:10:43.0609 2844 SmartDefragDriver - ok
17:10:44.0000 2844 Sparrow - ok
17:10:44.0406 2844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:10:44.0406 2844 splitter - ok
17:10:44.0828 2844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:10:44.0843 2844 sr - ok
17:10:45.0343 2844 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:10:45.0359 2844 Srv - ok
17:10:45.0796 2844 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:10:45.0796 2844 StillCam - ok
17:10:46.0234 2844 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:10:46.0234 2844 streamip - ok
17:10:46.0687 2844 SunkFilt (a3df1466aafdc62b21765072c5edaa9a) C:\WINDOWS\System32\Drivers\sunkfilt.sys
17:10:46.0687 2844 SunkFilt - ok
17:10:47.0093 2844 Sunkfiltp - ok
17:10:47.0484 2844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:10:47.0484 2844 swenum - ok
17:10:47.0906 2844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:10:47.0906 2844 swmidi - ok
17:10:48.0312 2844 symc810 - ok
17:10:48.0656 2844 symc8xx - ok
17:10:48.0937 2844 sym_hi - ok
17:10:49.0218 2844 sym_u3 - ok
17:10:49.0546 2844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:10:49.0562 2844 sysaudio - ok
17:10:50.0140 2844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:10:50.0140 2844 Tcpip - ok
17:10:50.0562 2844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:10:50.0578 2844 TDPIPE - ok
17:10:51.0000 2844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:10:51.0000 2844 TDTCP - ok
17:10:51.0421 2844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:10:51.0421 2844 TermDD - ok
17:10:51.0828 2844 TosIde - ok
17:10:52.0250 2844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:10:52.0250 2844 Udfs - ok
17:10:52.0625 2844 ultra - ok
17:10:53.0140 2844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:10:53.0140 2844 Update - ok
17:10:53.0609 2844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:10:53.0609 2844 usbccgp - ok
17:10:54.0078 2844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:10:54.0078 2844 usbehci - ok
17:10:54.0718 2844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:10:54.0718 2844 usbhub - ok
17:10:55.0281 2844 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:10:55.0281 2844 usbohci - ok
17:10:55.0718 2844 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:10:55.0718 2844 usbprint - ok
17:10:56.0171 2844 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:10:56.0171 2844 usbscan - ok
17:10:56.0609 2844 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
17:10:56.0609 2844 usbser - ok
17:10:57.0046 2844 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
17:10:57.0046 2844 usbsermpt - ok
17:10:57.0500 2844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:10:57.0500 2844 USBSTOR - ok
17:10:57.0953 2844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:10:57.0953 2844 usbuhci - ok
17:10:58.0390 2844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:10:58.0390 2844 VgaSave - ok
17:10:58.0796 2844 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
17:10:58.0812 2844 viaagp1 - ok
17:10:59.0203 2844 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
17:10:59.0203 2844 ViaIde - ok
17:10:59.0593 2844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:10:59.0609 2844 VolSnap - ok
17:11:00.0046 2844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:11:00.0046 2844 Wanarp - ok
17:11:00.0578 2844 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
17:11:00.0578 2844 wanatw - ok
17:11:01.0140 2844 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:11:01.0156 2844 Wdf01000 - ok
17:11:01.0578 2844 WDICA - ok
17:11:02.0000 2844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:11:02.0000 2844 wdmaud - ok
17:11:02.0531 2844 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:11:02.0531 2844 WpdUsb - ok
17:11:02.0953 2844 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:11:02.0953 2844 WS2IFSL - ok
17:11:03.0390 2844 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:11:03.0406 2844 WSTCODEC - ok
17:11:03.0859 2844 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:11:03.0859 2844 WudfPf - ok
17:11:04.0343 2844 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:11:04.0343 2844 WUDFRd - ok
17:11:04.0687 2844 XDva098 - ok
17:11:05.0046 2844 XDva143 - ok
17:11:05.0312 2844 XDva189 - ok
17:11:05.0609 2844 XDva195 - ok
17:11:05.0906 2844 XDva219 - ok
17:11:06.0203 2844 XDva224 - ok
17:11:06.0515 2844 XDva238 - ok
17:11:06.0796 2844 XDva248 - ok
17:11:07.0078 2844 XDva273 - ok
17:11:07.0359 2844 XDva280 - ok
17:11:07.0640 2844 XDva281 - ok
17:11:07.0937 2844 XDva337 - ok
17:11:08.0234 2844 XDva344 - ok
17:11:08.0531 2844 XDva365 - ok
17:11:08.0812 2844 XDva375 - ok
17:11:09.0109 2844 XDva385 - ok
17:11:09.0437 2844 XDva390 - ok
17:11:09.0718 2844 XDva391 - ok
17:11:10.0015 2844 XTrapD12 - ok
17:11:10.0437 2844 zumbus (763ac56e714907e9d420b9ab694f7b18) C:\WINDOWS\system32\DRIVERS\zumbus.sys
17:11:10.0437 2844 zumbus - ok
17:11:10.0890 2844 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
17:11:10.0906 2844 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
17:11:11.0312 2844 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
17:11:11.0312 2844 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
17:11:11.0359 2844 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
17:11:11.0406 2844 \Device\Harddisk0\DR0 - ok
17:11:11.0406 2844 Boot (0x1200) (c71cbe2e741910d3d9586aa97dfa7b6e) \Device\Harddisk0\DR0\Partition0
17:11:11.0406 2844 \Device\Harddisk0\DR0\Partition0 - ok
17:11:11.0453 2844 Boot (0x1200) (f73d81133a292a0bbbcc3ae0db59932b) \Device\Harddisk0\DR0\Partition1
17:11:11.0453 2844 \Device\Harddisk0\DR0\Partition1 - ok
17:11:11.0453 2844 ============================================================
17:11:11.0453 2844 Scan finished
17:11:11.0453 2844 ============================================================
17:11:11.0484 2648 Detected object count: 0
17:11:11.0484 2648 Actual detected object count: 0
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Just a silly question before I run Combofix again...should I be running the tool in safe mode, (with networking, so it can update itself) or normal start?
 
Alright, and done, no reboot required.... Here's the log.

ComboFix 12-02-09.04 - Owner 02/09/2012 21:07:30.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.777 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Desktop\cacaoweb.exe
C:\Thumbs.db
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-08 03:00 . 2012-02-08 03:00 -------- d-----w- c:\program files\ESET
2012-02-07 20:42 . 2012-02-07 20:42 -------- d-----w- C:\_OTL
2012-02-04 03:07 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 23:10 . 2012-02-03 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2012-02-03 19:52 . 2012-02-03 19:52 -------- d-----w- c:\program files\ExamDiff
2012-02-03 18:33 . 2012-02-06 03:33 -------- d-----w- c:\documents and settings\Administrator.HOME
2012-02-03 18:07 . 2012-02-09 23:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 16:33 . 2012-02-03 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Printer Info Cache
2012-02-03 16:08 . 2012-02-03 16:08 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 18:48 . 2003-08-08 16:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-18 07:48 . 2011-05-22 08:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-15 14:03 . 2003-08-08 16:18 114688 ----a-w- c:\windows\system32\calc.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-28 10:25 . 2011-12-28 10:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-28 10:25 . 2010-04-24 22:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-28 00:17 . 2011-12-28 00:17 388096 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-25 21:57 . 2003-08-08 15:35 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-08-08 15:35 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-08-08 15:33 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-15 05:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-08-08 15:33 152064 ----a-w- c:\windows\system32\schannel.dll
2007-09-10 19:53 . 2007-09-10 19:53 4363776 -c--a-w- c:\program files\openofficeorg23.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 -c--a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 -c--a-w- c:\program files\instmsia.exe
2012-02-08 15:00 . 2011-10-03 06:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-03-03 19:47 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-11-17 3916544]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-10 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-1-23 113664]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-6-7 217088]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-9-30 485208]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/29/2009 7:57 PM 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [5/6/2011 7:41 AM 13496]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 1:47 PM 84200]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 9:07 PM 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/9/2009 3:26 AM 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 1:47 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 1:47 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/3/2011 1:47 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 1:47 PM 141792]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 1:47 PM 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 9:07 PM 20464]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 1:47 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 1:47 PM 88736]
S2 0296841325026347mcinstcleanup;McAfee Application Installer Cleanup (0296841325026347);c:\windows\TEMP\029684~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\029684~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 12:01 AM 399416]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\Drivers\ubVeo532.sys --> c:\windows\system32\Drivers\ubVeo532.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 1:47 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 1:47 PM 84488]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva238;XDva238;\??\c:\windows\system32\XDva238.sys --> c:\windows\system32\XDva238.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00131176
*NewlyCreated* - 83042171
*Deregistered* - 00131176
*Deregistered* - 83042171
*Deregistered* - IPVNMon
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-09 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-14 20:52]
.
2012-02-09 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-30 22:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zv7s9zaq.default\
FF - prefs.js: browser.startup.homepage - hxxp://dsl.sbc.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 21:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-09 21:41:16
ComboFix-quarantined-files.txt 2012-02-10 03:40
ComboFix2.txt 2012-02-06 04:10
.
Pre-Run: 50,031,693,824 bytes free
Post-Run: 49,994,362,880 bytes free
.
- - End Of File - - E6DCB2BFCF641362C665854251A2B7F6
 
It popped up one warning after combofix ran...I'm letting Mbam run a thorough scan and will run one with mcafee as soon as that's done. I've also got Avast (u3 edition) on one of my cruiser usb drives, and will run that as well....Speak of the devil. just popped up another one two seconds ago...This one was incoming.
 
Going to bed but you can try resetting your router....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
I don't have a router, just a speedstream DSL modem. Mbam still occasionally complains. I did find something else interesting...I ran process explorer, just to see what processes were running...I seem to have two explorer.exe processes running. From what I've been reading, there's only supposed to be one of them going. Is this true? If so, then how do I tell which one is the real one?
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
393
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back