Uncertain of Virus infection. volsnap.sys shows infected (combofix) but doens't seem to exist on my computer.

Howdy.

My machine in a nutshell is a Core 2 Duo XP Service Pack 3 with Automatic Updates Enabled.

I was browsing the internet a day or so ago (Using Chrome) when I typed in "wikipedia.com". I managed to get a popup that said "Congratulations wikipedia.com user!"

Anyway, being no stranger to viral infections, I immediately ran MBAM (I have purchased a full copy), then, as MBAM shows no notable infections ran combofix (Yes, I read the disclaimer, no I realize this might make things more difficult for you - I apologize). Combofix runs and immediately gives me this:

c:\windows\system32\Drivers\Volsnap.sys . . . is infected!! Combofix went through, and forgive me, but I believe cleaned one piece of malware on my machine (I can't be certain, as unfortunately I ran combofix a second time).

The log is included below. However I have had no other symptoms, except for the nagging feeling that "Hey, maybe the computer is running slightly slower then before". Other then that I have had 0 browser redirects or errors.

The other peculiar thing I noticed was that volsnap.sys does not exist where combofix says it does. I booted into windows recovery console to triple check that the file wasn't there. I ran kapersky's TDSSKiller's application (after some googling realizing what a volsnap.sys infection was) and got a "clean bill of health" (included below).

Could combofix be giving me a false positive here? I downloaded a trial version of kapersky, and burned through the bleeping forums installnig at least 2-3 other recommended virus removal / scanning tools and none of them came back with any indiciation that volsnap.sys was infected, only combofix.

Any insight to the problem would be appreciated.

2011/08/16 20:46:07.0542 3808	TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/16 20:46:08.0089 3808	================================================================================
2011/08/16 20:46:08.0089 3808	SystemInfo:
2011/08/16 20:46:08.0089 3808	
2011/08/16 20:46:08.0089 3808	OS Version: 5.1.2600 ServicePack: 3.0
2011/08/16 20:46:08.0089 3808	Product type: Workstation
2011/08/16 20:46:08.0089 3808	ComputerName: ZACK
2011/08/16 20:46:08.0089 3808	UserName: The Core
2011/08/16 20:46:08.0089 3808	Windows directory: C:\WINDOWS
2011/08/16 20:46:08.0089 3808	System windows directory: C:\WINDOWS
2011/08/16 20:46:08.0089 3808	Processor architecture: Intel x86
2011/08/16 20:46:08.0089 3808	Number of processors: 2
2011/08/16 20:46:08.0089 3808	Page size: 0x1000
2011/08/16 20:46:08.0089 3808	Boot type: Normal boot
2011/08/16 20:46:08.0089 3808	================================================================================
2011/08/16 20:46:09.0011 3808	Initialize success
2011/08/16 20:46:17.0964 1728	================================================================================
2011/08/16 20:46:17.0964 1728	Scan started
2011/08/16 20:46:17.0964 1728	Mode: Manual; 
2011/08/16 20:46:17.0964 1728	================================================================================
2011/08/16 20:46:23.0105 1728	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/16 20:46:24.0230 1728	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/16 20:46:26.0527 1728	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/16 20:46:27.0730 1728	AFD             (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/16 20:46:33.0152 1728	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/16 20:46:38.0590 1728	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/16 20:46:39.0684 1728	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/16 20:46:41.0903 1728	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/16 20:46:43.0012 1728	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/16 20:46:45.0325 1728	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/16 20:46:46.0434 1728	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/16 20:46:48.0622 1728	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/16 20:46:49.0731 1728	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/16 20:46:50.0903 1728	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/16 20:46:57.0357 1728	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/16 20:46:58.0560 1728	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/16 20:46:59.0669 1728	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/16 20:47:00.0763 1728	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/16 20:47:01.0888 1728	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/16 20:47:04.0185 1728	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/16 20:47:05.0263 1728	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/16 20:47:06.0451 1728	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/16 20:47:07.0513 1728	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/16 20:47:08.0669 1728	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/16 20:47:09.0826 1728	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/16 20:47:10.0951 1728	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/16 20:47:12.0060 1728	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/16 20:47:13.0154 1728	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/16 20:47:14.0263 1728	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/16 20:47:15.0373 1728	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/16 20:47:17.0545 1728	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/16 20:47:20.0779 1728	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/08/16 20:47:21.0936 1728	ICAM3NT5        (7e9dce459be666ab54f67e77cb7d1297) C:\WINDOWS\system32\Drivers\Icam3.sys
2011/08/16 20:47:23.0061 1728	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/16 20:47:25.0451 1728	IntcAzAudAddService (7a9299f48d6f2e802e5b0e0dc508842a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/16 20:47:27.0717 1728	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/16 20:47:28.0936 1728	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/16 20:47:29.0998 1728	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/16 20:47:31.0123 1728	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/16 20:47:32.0233 1728	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/16 20:47:33.0311 1728	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/16 20:47:34.0420 1728	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/16 20:47:35.0530 1728	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/16 20:47:36.0686 1728	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/16 20:47:37.0889 1728	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/16 20:47:39.0014 1728	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/16 20:47:40.0108 1728	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/16 20:47:42.0296 1728	MBAMSwissArmy   (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/16 20:47:43.0390 1728	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/16 20:47:44.0515 1728	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/16 20:47:45.0624 1728	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/16 20:47:46.0718 1728	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/16 20:47:47.0874 1728	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/16 20:47:50.0077 1728	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/16 20:47:51.0202 1728	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/16 20:47:52.0296 1728	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/16 20:47:53.0374 1728	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/16 20:47:54.0484 1728	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/16 20:47:55.0577 1728	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/16 20:47:56.0687 1728	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/16 20:47:57.0749 1728	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/16 20:47:58.0921 1728	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/16 20:48:00.0046 1728	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/16 20:48:01.0140 1728	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/16 20:48:02.0218 1728	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/16 20:48:03.0359 1728	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/16 20:48:04.0515 1728	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/16 20:48:05.0672 1728	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/16 20:48:06.0765 1728	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/16 20:48:07.0906 1728	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/16 20:48:09.0203 1728	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/16 20:48:10.0312 1728	NPF             (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/08/16 20:48:11.0422 1728	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/16 20:48:12.0484 1728	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/16 20:48:13.0766 1728	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/16 20:48:15.0531 1728	nv              (406ddab2b05d94d4818e97ff050d1bc6) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/16 20:48:16.0797 1728	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/16 20:48:17.0938 1728	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/16 20:48:19.0078 1728	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/16 20:48:20.0297 1728	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/16 20:48:21.0391 1728	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/16 20:48:22.0719 1728	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/16 20:48:24.0985 1728	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/16 20:48:26.0141 1728	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/16 20:48:34.0079 1728	pneteth         (28460e94ffdf40bb28efdb3d97e959e8) C:\WINDOWS\system32\DRIVERS\pneteth.sys
2011/08/16 20:48:35.0188 1728	PnkBstrK        (10be25c04613b70d8ce1f412e14d9454) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/08/16 20:48:36.0282 1728	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/16 20:48:37.0407 1728	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/16 20:48:38.0501 1728	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/16 20:48:39.0579 1728	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/16 20:48:46.0314 1728	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/16 20:48:48.0517 1728	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/16 20:48:49.0861 1728	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/16 20:48:51.0033 1728	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/16 20:48:52.0189 1728	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/16 20:48:53.0361 1728	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/16 20:48:54.0549 1728	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/16 20:48:55.0736 1728	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/16 20:48:56.0814 1728	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/16 20:48:57.0971 1728	RTL8023xp       (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/08/16 20:48:59.0314 1728	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/16 20:49:01.0158 1728	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/16 20:49:02.0314 1728	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/16 20:49:04.0611 1728	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/16 20:49:06.0986 1728	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/16 20:49:08.0268 1728	Sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/16 20:49:09.0502 1728	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/16 20:49:12.0955 1728	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/16 20:49:16.0049 1728	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/16 20:49:17.0237 1728	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/16 20:49:22.0925 1728	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/16 20:49:24.0065 1728	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/16 20:49:25.0268 1728	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/16 20:49:26.0331 1728	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/16 20:49:27.0440 1728	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/16 20:49:29.0737 1728	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/16 20:49:31.0800 1728	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/16 20:49:32.0878 1728	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/16 20:49:33.0972 1728	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/16 20:49:35.0081 1728	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/16 20:49:36.0097 1728	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/16 20:49:37.0238 1728	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/16 20:49:38.0285 1728	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/16 20:49:39.0394 1728	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/08/16 20:49:40.0441 1728	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/16 20:49:41.0675 1728	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/16 20:49:42.0910 1728	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/16 20:49:45.0207 1728	wacmoumonitor   (f24ee97511fb901189e11cbbd51605ba) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/08/16 20:49:46.0785 1728	wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/08/16 20:49:47.0926 1728	wacomvhid       (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/08/16 20:49:52.0754 1728	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/16 20:49:54.0832 1728	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/16 20:49:57.0442 1728	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/16 20:49:58.0520 1728	WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/08/16 20:49:59.0770 1728	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/16 20:49:59.0785 1728	================================================================================
2011/08/16 20:49:59.0785 1728	Scan finished
2011/08/16 20:49:59.0785 1728	================================================================================
2011/08/16 20:49:59.0801 3864	Detected object count: 0
2011/08/16 20:49:59.0801 3864	Actual detected object count: 0
2011/08/16 20:50:09.0192 1748	Deinitialize success

ComboFix 11-08-16.05 - The Core 08/16/2011  20:24:15.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2694 [GMT -5:00]
Running from: c:\documents and settings\The Core\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Drivers\Volsnap.sys . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-17 to 2011-08-17  )))))))))))))))))))))))))))))))
.
.
2011-08-17 01:25 . 2011-08-17 01:26	--------	d-----w-	C:\I386
2011-08-15 02:33 . 2010-10-06 01:27	150200	----a-w-	c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2011-08-15 02:00 . 2011-08-15 02:00	--------	d-----w-	c:\program files\ESET
2011-08-14 04:00 . 2011-08-14 05:05	--------	d-----w-	c:\documents and settings\Administrator
2011-08-14 01:07 . 2011-08-14 01:07	--------	d-----w-	c:\windows\system32\xircom
2011-08-14 01:07 . 2011-08-14 01:07	--------	d-----w-	c:\windows\system32\wbem\snmp
2011-08-14 01:07 . 2011-08-14 01:07	--------	d-----w-	c:\windows\srchasst
2011-08-14 01:07 . 2011-08-14 01:07	--------	d-----w-	c:\program files\microsoft frontpage
2011-08-11 05:07 . 2011-08-11 05:07	--------	d-----w-	c:\program files\Spotify
2011-08-09 23:29 . 2011-06-24 14:10	139656	------w-	c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 23:28 . 2011-07-08 14:02	10496	------w-	c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 19:41 . 2008-03-21 18:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2011-08-07 19:40 . 2011-07-19 16:28	13312	----a-w-	c:\windows\system32\drivers\pneteth.sys
2011-08-07 19:40 . 2009-11-08 07:41	581192	----a-w-	c:\windows\system32\WinUSBCoInstaller.dll
2011-08-07 19:40 . 2009-11-08 07:41	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2011-08-07 19:40 . 2011-08-07 19:40	--------	d-----w-	c:\program files\PdaNet for Android
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2008-04-13 22:47	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 22:27	10496	----a-w-	c:\windows\system32\drivers\ndistapi.sys
2011-07-07 00:52 . 2011-06-29 04:23	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2011-06-29 04:23	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-26 21:36 . 2011-06-26 21:36	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-06-26 21:36 . 2010-06-15 08:36	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-06-24 14:10 . 2010-06-06 04:52	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2011-06-23 22:18 . 2011-06-08 04:09	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 18:36 . 2008-04-14 03:42	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-06-23 18:36 . 2008-04-14 03:42	916480	----a-w-	c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2008-04-14 03:41	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2008-04-13 22:07	385024	----a-w-	c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 03:42	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2008-04-13 23:00	1858944	----a-w-	c:\windows\system32\win32k.sys
2011-06-29 03:47 . 2011-03-23 20:17	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-08-14_01.03.08   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-16 02:12 . 2011-08-16 02:12	16384              c:\windows\temp\Perflib_Perfdata_20c.dat
+ 2010-06-06 06:27 . 2011-07-30 15:05	52390856              c:\windows\system32\MRT.exe
- 2010-06-06 06:27 . 2011-08-10 23:28	52390856              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]
"F.lux"="c:\documents and settings\The Core\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"RTHDCPL"="RTHDCPL.EXE" [2010-05-01 19523616]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. free week end\\Ruse.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Documents and Settings\\The Core\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/20/2010 10:40 PM 29416]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [11/12/2010 11:56 PM 4767600]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [8/7/2011 2:40 PM 13312]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/6/2010 3:28 AM 1691480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/28/2011 11:23 PM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/12/2010 11:56 PM 16240]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-2000478354-1801674531-1001Core.job
- c:\documents and settings\The Core\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-06 07:47]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-2000478354-1801674531-1001UA.job
- c:\documents and settings\The Core\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-06 07:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: Interfaces\{4E66D38B-00EE-4990-8B34-60B0AB13F912}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B334A89E-83CA-4F6E-B43E-473AAA1B60EA}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\The Core\Application Data\Mozilla\Firefox\Profiles\67ca6hpw.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
Completion time: 2011-08-16  20:34:21
ComboFix-quarantined-files.txt  2011-08-17 01:34
ComboFix2.txt  2011-08-16 02:35
ComboFix3.txt  2011-08-16 02:30
ComboFix4.txt  2011-08-15 01:47
ComboFix5.txt  2011-08-17 01:23
.
Pre-Run: 109,150,720,000 bytes free
Post-Run: 108,928,032,768 bytes free
.
- - End Of File - - DCEB8A5C9FE404166E88F366DDA2FE82

This post has been edited by boopme: 16 August 2011 - 10:01 PM

BleepingComputer.com: Uncertain of Virus infection. volsnap.sys shows infected (combofix) but doens't seem to exist on my computer.

Forum Guidelines

Uncertain of Virus infection. volsnap.sys shows infected (combofix) but doens't seem to exist on my computer. MOVED to Virus,Trojan and Malware Removal Logs ~~boopme

#1 culther0

#2 HelpBot

#3 HelpBot

Share this topic:

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Delete Post

Skin and Language

Execution Stats