Ok, that's good news. Well, that you were able to use it a bit after Combofix. Any more blue screens or has it been stable?
There is some bad news...it did find a backdoor rootkit. Looks like the TDL3/TidServ/TDSS rootkit. There also a Bubnix rootkit infection we'll take care of this step.Backdoor Warning
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information
and download and execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.
It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.Step
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open Notepad
and copy/paste the text in the codebox below into Notepad:
c:\documents and settings\Felicia Thompson\Application Data\Microsoft\gb_1206093.bat
c:\documents and settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
c:\documents and settings\All Users\Application Data\WSTB\localeX86.exe
c:\program files\WhiteSmoke Translator\
uInternet Settings,ProxyServer = http=127.0.0.1:58505
FF - Ext: Search Toolbar: firstname.lastname@example.org - %profile%\extensions\email@example.com
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
Save this as CFScript.txt
, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
which I will require in your next reply.