xiaofei

I have seen some improvement with combofix. However I think the PC still has the potential to go a bit faster. Is there anything else that I can do to enhance the speed?. Thanks

Hi, Here is the Combo fix scan as requested: ComboFix 11-08-03.02 - Bopari 03/08/2011 18:38:32.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.245 [GMT 1:00] Running from: c:\documents and settings\Bopari\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\nslookupl.dll . . ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))) . . 2011-07-28 16:29 . 2011-07-28 16:41 -------- d-----w- c:\documents and settings\Administrator 2011-07-26 16:06 . 2011-07-26 16:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-07-18 18:06 . 2011-07-18 18:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-07-11 15:35 . 2011-07-11 15:35 -------- d-----w- c:\documents and settings\Bopari\Local Settings\Application Data\WMTools Downloaded Files . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-06 18:52 . 2011-04-12 17:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 18:52 . 2011-04-12 17:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-02 14:02 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-10 07:06 . 2010-09-28 20:04 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 07:06 . 2010-09-28 20:04 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"= "c:\program files\Nectar Search Toolbar\Helper.dll" [2010-10-11 243200] . [HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}] 2010-10-11 21:23 1515008 ----a-w- c:\program files\Nectar Search Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-10-11 1515008] . [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-10-11 1515008] . [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 344064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "AlcxMonitor"=ALCXMNTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"= "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Nectar Search Toolbar\\TroubleShooter.exe"= "c:\\Program Files\\Nectar Search Toolbar\\ToolbarUpdate.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 248656] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 297168] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/04/2011 18:51 366640] R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016] R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 04:33 30432] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 27216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/04/2011 18:51 22712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/09/2010 21:25 136176] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 04:33 30432] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/09/2010 21:25 136176] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . Contents of the 'Scheduled Tasks' folder . 2011-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57] . 2011-08-03 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-04-18 16:24] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6c42ee75d1b2.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 20:25] . 2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cb6c42eec94400.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 20:25] . 2011-08-03 c:\windows\Tasks\User_Feed_Synchronization-{F4AF41D0-C03B-46B0-B344-36B08EA94E12}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Bopari\Application Data\Mozilla\Firefox\Profiles\6w8p1s9p.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-03 18:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(920) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-08-03 18:55:03 ComboFix-quarantined-files.txt 2011-08-03 17:54 . Pre-Run: 94,009,851,904 bytes free Post-Run: 94,702,288,896 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 8056339C99C445FC5661C8D721CD5F6A

As you can see from the log, it took me nearly 33 mins to do a quick scan...surely it shouldn't take that long?

MBAM log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7339 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31/07/2011 18:20:09 mbam-log-2011-07-31 (18-20-09).txt Scan type: Quick scan Objects scanned: 168396 Time elapsed: 32 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The computer is reacting very slow at the moment. I have noticed that the pop-ups have disappeared and it doesn't redirect me to spam sites anymore. However it takes ages for any application to load such as opening up a new internet browser, opening up microsoft office etc. What can be done about this? Many thanks for your help

Above is the TDSSKiller log. By the way, thank you for the easy step by step instructions. That really helped

2011/07/30 18:03:23.0984 1572 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11 2011/07/30 18:03:24.0281 1572 ================================================================================ 2011/07/30 18:03:24.0281 1572 SystemInfo: 2011/07/30 18:03:24.0281 1572 2011/07/30 18:03:24.0281 1572 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/30 18:03:24.0281 1572 Product type: Workstation 2011/07/30 18:03:24.0281 1572 ComputerName: BOPARI-PC 2011/07/30 18:03:24.0281 1572 UserName: Administrator 2011/07/30 18:03:24.0281 1572 Windows directory: C:\WINDOWS 2011/07/30 18:03:24.0281 1572 System windows directory: C:\WINDOWS 2011/07/30 18:03:24.0281 1572 Processor architecture: Intel x86 2011/07/30 18:03:24.0281 1572 Number of processors: 2 2011/07/30 18:03:24.0281 1572 Page size: 0x1000 2011/07/30 18:03:24.0281 1572 Boot type: Safe boot with network 2011/07/30 18:03:24.0281 1572 ================================================================================ 2011/07/30 18:03:27.0109 1572 Initialize success 2011/07/30 18:03:32.0796 1028 ================================================================================ 2011/07/30 18:03:32.0796 1028 Scan started 2011/07/30 18:03:32.0796 1028 Mode: Manual; 2011/07/30 18:03:32.0796 1028 ================================================================================ 2011/07/30 18:03:33.0968 1028 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/30 18:03:34.0093 1028 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/30 18:03:34.0265 1028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/30 18:03:34.0390 1028 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/30 18:03:34.0500 1028 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/07/30 18:03:34.0859 1028 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/07/30 18:03:35.0250 1028 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/30 18:03:35.0609 1028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/30 18:03:35.0718 1028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/30 18:03:35.0953 1028 ati2mtag (f43601d255762f20d0e23a6d97062b0d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/07/30 18:03:36.0156 1028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/30 18:03:36.0265 1028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/30 18:03:36.0359 1028 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/07/30 18:03:36.0390 1028 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/07/30 18:03:36.0562 1028 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/07/30 18:03:36.0687 1028 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/07/30 18:03:36.0796 1028 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/07/30 18:03:36.0937 1028 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/07/30 18:03:37.0093 1028 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/07/30 18:03:37.0250 1028 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/07/30 18:03:37.0375 1028 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/07/30 18:03:37.0500 1028 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/07/30 18:03:37.0656 1028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/30 18:03:37.0828 1028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/30 18:03:38.0015 1028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/30 18:03:38.0156 1028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/30 18:03:38.0234 1028 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/30 18:03:38.0796 1028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/30 18:03:38.0937 1028 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/30 18:03:39.0109 1028 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/30 18:03:39.0234 1028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/30 18:03:39.0328 1028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/30 18:03:39.0546 1028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/30 18:03:39.0750 1028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/30 18:03:39.0875 1028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/30 18:03:39.0953 1028 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/30 18:03:40.0046 1028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/30 18:03:40.0171 1028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/30 18:03:40.0296 1028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/30 18:03:40.0359 1028 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/30 18:03:40.0468 1028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/07/30 18:03:40.0578 1028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/30 18:03:40.0703 1028 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/30 18:03:40.0921 1028 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/07/30 18:03:41.0031 1028 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/07/30 18:03:41.0093 1028 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/07/30 18:03:41.0234 1028 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 2011/07/30 18:03:41.0359 1028 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 2011/07/30 18:03:41.0546 1028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/30 18:03:41.0828 1028 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/30 18:03:41.0984 1028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/30 18:03:42.0218 1028 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/07/30 18:03:42.0328 1028 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/30 18:03:42.0375 1028 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/30 18:03:42.0484 1028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/30 18:03:42.0578 1028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/30 18:03:42.0703 1028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/30 18:03:42.0843 1028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/30 18:03:42.0968 1028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/30 18:03:43.0109 1028 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/30 18:03:43.0218 1028 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/30 18:03:43.0343 1028 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/30 18:03:43.0453 1028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/30 18:03:43.0609 1028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/30 18:03:43.0843 1028 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys 2011/07/30 18:03:44.0000 1028 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/07/30 18:03:44.0140 1028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/30 18:03:44.0234 1028 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/30 18:03:44.0343 1028 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/30 18:03:44.0468 1028 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/30 18:03:44.0593 1028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/30 18:03:44.0765 1028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/30 18:03:44.0921 1028 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/30 18:03:45.0140 1028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/30 18:03:45.0265 1028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/30 18:03:45.0390 1028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/30 18:03:45.0500 1028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/30 18:03:45.0625 1028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/30 18:03:45.0703 1028 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/30 18:03:45.0859 1028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/30 18:03:45.0984 1028 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/30 18:03:46.0093 1028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/30 18:03:46.0218 1028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/30 18:03:46.0343 1028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/30 18:03:46.0468 1028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/30 18:03:46.0609 1028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/30 18:03:46.0796 1028 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/30 18:03:46.0968 1028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/30 18:03:47.0125 1028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/30 18:03:47.0312 1028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/30 18:03:47.0453 1028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/30 18:03:47.0500 1028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/30 18:03:47.0593 1028 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/30 18:03:47.0765 1028 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/07/30 18:03:47.0906 1028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/30 18:03:48.0046 1028 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/30 18:03:48.0140 1028 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/30 18:03:48.0296 1028 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 2011/07/30 18:03:48.0421 1028 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/30 18:03:48.0906 1028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/30 18:03:49.0093 1028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/30 18:03:49.0203 1028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/30 18:03:49.0562 1028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/30 18:03:49.0687 1028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/30 18:03:49.0828 1028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/30 18:03:49.0937 1028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/30 18:03:50.0046 1028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/30 18:03:50.0171 1028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/30 18:03:50.0296 1028 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/30 18:03:50.0453 1028 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/30 18:03:50.0640 1028 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS 2011/07/30 18:03:50.0828 1028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/30 18:03:50.0984 1028 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/30 18:03:51.0109 1028 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/30 18:03:51.0359 1028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/07/30 18:03:51.0640 1028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/30 18:03:51.0828 1028 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/30 18:03:52.0000 1028 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/30 18:03:52.0140 1028 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/07/30 18:03:52.0281 1028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/30 18:03:52.0421 1028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/30 18:03:52.0828 1028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/30 18:03:53.0000 1028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/30 18:03:53.0187 1028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/30 18:03:53.0328 1028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/30 18:03:53.0406 1028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/30 18:03:53.0656 1028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/30 18:03:53.0859 1028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/30 18:03:54.0046 1028 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/07/30 18:03:54.0218 1028 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/30 18:03:54.0343 1028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/30 18:03:54.0453 1028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/30 18:03:54.0593 1028 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/30 18:03:54.0703 1028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/30 18:03:54.0828 1028 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/30 18:03:54.0937 1028 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/30 18:03:55.0140 1028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/30 18:03:55.0328 1028 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/30 18:03:55.0515 1028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/30 18:03:55.0703 1028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/30 18:03:55.0875 1028 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 2011/07/30 18:03:56.0265 1028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/30 18:03:56.0390 1028 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/30 18:03:56.0531 1028 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/07/30 18:03:56.0546 1028 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/07/30 18:03:56.0562 1028 Boot (0x1200) (72ad57ad6783e793bbf9183f76e3dabc) \Device\Harddisk0\DR0\Partition0 2011/07/30 18:03:56.0593 1028 ================================================================================ 2011/07/30 18:03:56.0593 1028 Scan finished 2011/07/30 18:03:56.0593 1028 ================================================================================ 2011/07/30 18:03:56.0640 1052 Detected object count: 1 2011/07/30 18:03:56.0640 1052 Actual detected object count: 1 2011/07/30 18:04:17.0578 1052 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/07/30 18:04:17.0609 1052 \Device\Harddisk0\DR0 - ok 2011/07/30 18:04:17.0609 1052 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/30 18:04:30.0656 1532 Deinitialize success

Is it ok if these scans are done via safe mode as the virus has made Internet really slow and it keeps freezing?

DDS log finally attached, Please can someone help me? Thanks

dds forum info.doc

I am trying to copy and paste the DDS log but for some reason it does not let me. I can't even attach the log because it say's 'error' occured. I have been trying for ages. What can I do now? Thank you

Ok

Oh by the way, I have run DDS. Shall I post the log here?

Hi I know I got a virus a few days back. However I run malwarebytes Anti malware and it removed all the threats that were there. I also run a full AVG PC scan. The results were fine after the scan. I noticed that my interent kept redirecting me to spam sites when trying to search on the interent so I ran a E-SET online scanner. That removed one threat but still I am getting these pop-ups from Malwarebytes Anti-malware and its really scaring me: 'Successfully blocked access to a potentially malicious website' Following these pop-ups there are several ip addresses that it states. Therefore I know that the bug hasn't fully gone. Please any help would be appreciated. Thank you

Hi I know I got a virus a few days back. However I run malwarebytes Anti malware and it removed all the threats that were there. I also run a full AVG PC scan. The results were fine after the scan. I noticed that my interent kept redirecting me to spam sites when trying to search on the interent so I ran a E-SET online scanner. That removed one threat but still I am getting these pop-ups from Malwarebytes Anti-malware and its really scaring me: 'Successfully blocked access to a potentially malicious website' Following these pop-ups there are several ip addresses that it states. Therefore I know that the bug hasn't fully gone. Please any help would be appreciated. Thank you