I got hit by the svchost virus and its getting worse.

[Jarod8]

I'd been having warnings from AVG about IE using up too much system memory for awhile but I didn't understand what was going on. After installing and running numerous anti-virus and anti-malware programs, with no result, the virus has taken a more aggressive turn. Now, being connected online gets me constant tracking cookie warnings from AVG, a single svchost.exe file grows until it uses up to 1.6 million k of memory and new threats and viruses are being blocked constantly. I don't even know what files on my computer are safe (like music and gave save files, favorite links, etc) so I don't know if its safe to back anything up and simply start over. Since the rule is to leave the computer as-is until told otherwise, that's what I'm doing.

I'm familiar with some computer terminology but anything too technical is going to leave me lost. Installing and uninstalling, for instance, I have no problem with but anything with registry editing leaves me confused. The worst has only started within the last week or so which leaves me hoping I didn't wait too long to get this fixed. As requested, my dds and attach.txt files are included

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.6001.18702

Run by Michael at 7:08:04 on 2012-01-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2533 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Download Programs\Super AntiSpyware\SASCORE.EXE

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\download programs\avg 9.0\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\downlo~1\spybot~1\spybot~1\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [igndlm.exe] c:\download programs\download manager\DLM.exe /windowsstart /startifwork

uRun: [WallShuffler] "c:\download programs\wallshuffler\wallShuffler.exe" -1

uRun: [spybotSD TeaTimer] c:\download programs\spybot s&d\spybot - search & destroy\TeaTimer.exe

mRun: [updateLBPShortCut] "c:\download programs\cyber link\labelprint\muitransfer\muistartmenu.exe" "c:\download programs\cyber link\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [MDS_Menu] "c:\download programs\cyber link\mediashow4\muitransfer\muistartmenu.exe" "c:\download programs\cyber link\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"

mRun: [updateP2GoShortCut] "c:\download programs\cyber link\power2go\muitransfer\muistartmenu.exe" "c:\download programs\cyber link\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePPShortCut] "c:\download programs\cyber link\powerproducer\muitransfer\muistartmenu.exe" "c:\download programs\cyber link\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [updatePSTShortCut] "c:\download programs\cyber link\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\download programs\cyber link\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\download programs\quick time\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AVG_TRAY] "c:\download programs\avg 9.0\avgtray.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cloudm~1.lnk - c:\program files\cloudmark\desktop\service\cdswin.exe

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\downlo~1\spybot~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222263350953

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238925113546

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab

DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://coke.mycokerewards.com/cabs/Entriq_3_6_0_15_Silent.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.intelcapabilitiesforum.net/rankmypc/scan/FMSI.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{17592D58-5BA6-49C7-A645-EC4CF0DDC22F} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{29481EFD-2D5B-46EF-86E2-387344EB9FC2} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\download programs\avg 9.0\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\download programs\super antispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2010-10-13 10368]

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]

R2 !SASCORE;SAS Core Service;c:\download programs\super antispyware\SASCore.exe [2011-8-11 116608]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

S1 SASDIFSV;SASDIFSV;c:\download programs\super antispyware\sasdifsv.sys [2011-7-22 12880]

S1 SASKUTIL;SASKUTIL;c:\download programs\super antispyware\SASKUTIL.SYS [2011-7-12 67664]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/13 13:29:28];c:\download programs\cyber link\powerdvd8\000.fcl [2010-1-12 87536]

S2 AVGIDSAgent;AVGIDSAgent;c:\download programs\avg 9.0\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\download programs\avg 9.0\avgwdsvc.exe [2011-8-2 192776]

S2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2010-10-13 154368]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-5 20328]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

S2 ReflectService;Macrium Reflect Image Mounting Service;c:\download programs\macrium reflect\ReflectService.exe [2010-3-17 220128]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

S3 Amazon Download Agent;Amazon Download Agent;c:\download programs\amazon games downloader\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-2 401920]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-10 1691480]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

S3 cpuz130;cpuz130;\??\c:\docume~1\michael\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\michael\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\daupdatersvc.service.exe [2010-8-9 25832]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]

S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\michael\application data\nvidia\hwaccess.sys --> c:\documents and settings\michael\application data\nvidia\HWAccess.sys [?]

.

=============== Created Last 30 ================

.

2012-01-11 22:09:13 22032 ----a-w- c:\windows\DCEBoot.exe

2012-01-10 11:27:07 -------- d-----w- c:\documents and settings\michael\application data\SUPERAntiSpyware.com

2012-01-10 09:35:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-01-10 04:38:09 -------- d-----w- c:\documents and settings\michael\DoctorWeb

2012-01-10 01:46:46 -------- d-----w- c:\documents and settings\michael\application data\AVG2012

2012-01-10 01:41:41 -------- d-----w- c:\windows\system32\drivers\AVG

2011-12-31 10:03:26 -------- d-----w- c:\documents and settings\michael\application data\AVG

2011-12-20 21:55:16 -------- d-----w- c:\documents and settings\michael\application data\7Wonders

2011-12-20 19:53:03 -------- d-----w- c:\documents and settings\michael\application data\GameFly

.

==================== Find3M ====================

.

2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-21 18:49:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 7:09:23.68 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 9/22/2008 11:30:39 PM

System Uptime: 1/12/2012 7:06:48 AM (0 hours ago)

.

Motherboard: EVGA | | 132-CK-NF78

Processor: Intel Pentium III processor | Socket 775 | 2999/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 30.2 GiB free.

D: is FIXED (NTFS) - 368 GiB total, 78.013 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMATAPI_DVD_A__DH-3H20A___________________YX13____\5&346E82BB&0&0.0.0

Manufacturer: (Standard CD-ROM drives)

Name: ATAPI DVD A DH-3H20A

PNP Device ID: IDE\CDROMATAPI_DVD_A__DH-3H20A___________________YX13____\5&346E82BB&0&0.0.0

Service: cdrom

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: SCSI\CDROM&VEN_HL-DT-ST&PROD_BD-RE__UH10LS20&REV_1.00\4&180F70C&0&110

Manufacturer: (Standard CD-ROM drives)

Name: HL-DT-ST BD-RE UH10LS20 SCSI CdRom Device

PNP Device ID: SCSI\CDROM&VEN_HL-DT-ST&PROD_BD-RE__UH10LS20&REV_1.00\4&180F70C&0&110

Service: cdrom

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: SCSI\CDROM&VEN_SONY&PROD_DVD_RW_DRU-V200S&REV_1.60\4&2A62106E&0&000

Manufacturer: (Standard CD-ROM drives)

Name: SONY DVD RW DRU-V200S SCSI CdRom Device

PNP Device ID: SCSI\CDROM&VEN_SONY&PROD_DVD_RW_DRU-V200S&REV_1.60\4&2A62106E&0&000

Service: cdrom

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

1001 Minigolf Challenge

3D Ultra Pinball Thrillride

7-Zip 4.65

7 Wonders Of The Ancient World

Acrobat.com

Activision®

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.5

Adrianne demo by NVIDIA (remove only)

Age of Empires Online

AIM 7

Alpha Protocol

ALTools Update

ALZip

Amazon Games & Software Downloader

Amazon MP3 Downloader 1.0.3

Angry Birds

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Artist Colony

ATT-PRT22

AVG 2012

AVG PC Tuneup

Bass Audio Decoder (remove only)

Be a King 2

Be Richer

Big Fish Games: Game Manager

BioWare Premium Module: Neverwinter Nights Kingmaker

Black & White® 2 Demo

Blackwell Unbound

Borderlands

Build-a-lot 2 - Town of the Year (remove only)

Burnout Paradise The Ultimate Box

Caesar 3

Call of Atlantis

CCleaner

CD Audio Reader Filter (remove only)

CEP (Color Enable Package) v.9.2 (beta)

Chocolatier: Decadence by Design

Cinema Empire

Civilization III Gold Edition

Clear Sailing

Clive Barker's Jericho

Cloudmark DesktopOne

Coconut Queen

Coffee Rush

Command & Conquer 3

Command & Conquer The First Decade

Command & Conquer™ Red Alert™ 3

Corel WinDVD 2010

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CPUID CPU-Z 1.55

Cradle of Rome

Crysis®

CyberLink BD Advisor 2.0

CyberLink Blu-ray Disc Suite

CyberLink LabelPrint

CyberLink MediaShow

CyberLink Power2Go

CyberLink PowerDVD 8

CyberLink PowerProducer

CyberLink UDF Reader 5.0

CyberLink YouCam

DarkStar One

DCoder Image Source (remove only)

Digital Copy

Download Manager 2.3.10

Download Updater (AOL LLC)

Dragon Age: Origins

Dreams of a Geisha

Driver Sweeper 2.1.0

DScaler 5 Mpeg Decoders

Dungeon Siege 2

Dungeon Siege 2 Broken World

EA Download Manager

EasyInfo

Entriq MediaSphere 3.6.0.15

Express Burn Disc Burning Software

Express Rip

F.E.A.R.

F.E.A.R. 2: Project Origin

F.E.A.R.: Extraction Point

F.E.A.R.: Perseus Mandate

Fairway Solitaire

Fallout 3

Fallout: New Vegas

Far Cry

FFMPEG Core Files (remove only)

Fishdom - Spooky Splash

Fix-it-up: Kate`s Adventure

Fix-It-Up: World Tour

Forgotten Lands: First Colony ™

Futuremark SystemInfo

Gabest MPEG Splitter (remove only)

GameFly

getPlus+® Download Manager for Corel

Grand Theft Auto: San Andreas

Grotesque Tactics: Evil Heroes

Half-Life 2

Half-Life 2: Lost Coast

HD Tune Pro 4.50

Heritage of Kings - The Settlers

Heroes of Hellas 3: Athens

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImTOO CD Ripper 6

Indeo® software

Java Auto Updater

Java 6 Update 24

Left 4 Dead

Left 4 Dead 2

LG Tool Kit

Life Quest ™

LightScribe System Software

Lost Cases of Sherlock Holmes

Macrium Reflect - Free Edition

Mafia II

Malwarebytes Anti-Malware version 1.60.0.1800

Mass Effect

Mass Effect 2

Media Player Codec Pack 3.9.6

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Word Viewer 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows XP Video Decoder Checkup Utility

Midnight Pool 3D

MONOGRAM AMR Splitter/Decoder (remove only)

Moraff's Maximum MahJongg 1.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MTP Porting Kit

Music Transfer

My Kingdom for the Princess

MySQL Connector/ODBC 3.51

Mystery Case Files: Ravenhearst ®

Need for Speed™ Undercover

neroxml

Neverwinter Nights

Nick Chase and the Deadly Diamond

NV_GEF7_LUNA_SS_nzone Screen Saver

NVIDIA Control Panel 260.99

NVIDIA Drivers

NVIDIA Graphics Driver 260.99

NVIDIA Install Application

NVIDIA nView 135.36

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

Oblivion

OpenAL

OpenSource AVI Splitter (remove only)

Orchard

Port Royale 2

Primo

QuickTime

Realtek High Definition Audio Driver

Road to Riches

Road to Riches 2

Rock Tour

Rockstar Games Social Club

Royal Envoy

Runtime

Seagate Manager Installer

Seagate DiscWizard

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Sid Meier's Civilization 4 Complete

Sid Meier's Civilization IV Colonization

SimPE 0.72 (alpha)

SimPE PhotoStudio Templates 3.0

Sims2Pack Clean Installer

Sniper Elite

Soda Pipes

Sony Picture Utility

Spybot - Search & Destroy

Stamp ID3 Tag Editor

Steam

SUPERAntiSpyware

Switch Sound File Converter

System Requirements Lab

System Requirements Lab CYRI

The Da Vinci Code

The Sims 2 Glamour Life Stuff

The Sims™ 2 Apartment Life

The Sims™ 2 Best of Business Collection

The Sims™ 2 Bon Voyage

The Sims™ 2 Double Deluxe

The Sims™ 2 FreeTime

The Sims™ 2 Seasons

The Sims™ 2 Store Edition

The Sims™ 2 University Life Collection

The Timebuilders: Pyramid Rising

Tom Clancy's H.A.W.X

Tradewinds Caravans

Tradewinds from Shockwave.com (remove only)

Tradewinds Odyssey

Tropico 3 1.02

Ubisoft Game Launcher

Unigine Heaven Benchmark v2.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Vampire: The Masquerade - Bloodlines

Vistanita Wallpaper Shuffler 2.8.3

Wanted: Weapons of Fate

WavePad Sound Editor

WebFldrs XP

Westward (remove only)

Westward II Heroes of the Frontier

Westward III: Gold Rush

Westward IV: All Aboard

WildTangent Games

Winamp

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Winemaker Extraordinaire

WinRAR archiver

X-Men Origins - Wolverine

XML Paper Specification Shared Components Pack 1.0

Xvid 1.2.2 final uninstall

Yahoo! Install Manager

Zoom Player (remove only)

.

==== Event Viewer Messages From Past Week ========

.

1/9/2012 2:15:01 PM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: Not enough storage is available to process this command.

1/9/2012 10:38:06 PM, error: Service Control Manager [7000] - The DrWeb Protection service failed to start due to the following error: The system cannot find the file specified.

1/8/2012 8:05:19 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.

1/8/2012 8:01:37 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.

1/8/2012 8:01:25 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

1/8/2012 7:26:19 AM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.

1/12/2012 7:08:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Cdrom Fips Imapi intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

1/11/2012 8:52:31 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

1/11/2012 8:51:42 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 6 time(s).

1/11/2012 8:51:42 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).

1/11/2012 8:51:42 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 6 time(s).

1/11/2012 8:51:42 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/11/2012 4:20:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/11/2012 4:15:25 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.

1/11/2012 12:24:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi

1/10/2012 4:17:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

1/10/2012 3:32:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

1/10/2012 2:35:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

1/10/2012 2:35:04 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 2:35:04 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 2:35:04 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 2:35:04 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 2:35:04 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/10/2012 2:33:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

1/10/2012 2:33:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/10/2012 11:21:31 PM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).

1/10/2012 11:21:31 PM, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

[LDTate]

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  
• Consider what other private information could possibly have been taken from your computer and take appropriate steps
  
• Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!