One of my computers is running very very slow!

[pcwilliams]

Hello,

I have to two computers. My computer is a laptop and runs super fast and the other computer is a pc which is for the family to use "kids computer". Both of the computers are on the same internet connection. My laptop is on a wireless connection and the other computer is hooked up straight to the modem.

The pc has been running very very slow and freezes up a lot but when I disable the internet it runs a bit faster, it seems to be a little better. With the kids always on the pc "probably downloading all kinds of stuff" I figured that this problem is malicious.

I have ran the antivirus software a numerous of times and this pup.mywebsitesearch keeps coming up with other trojans, spyware, etc... stuff and no matter how many times I run Malwarebyte it just won't delete this stuff. It keeps coming back.

I need help please! I have attached the two logs that you have requested! If you need more info please let me know.

Thank you in advance.

attach.txt

dds.txt

[Maniac]

Hello pcwilliams and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[pcwilliams]

Thanks Maniac,

I did what you said and now here is the logs you requested.

mbam-log-2012-05-16 (04-05-04).txt

dds1.txt

[Maniac]

Please follow my instructions strictly:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Copy&Paste the entire report in your next reply.

In your next reply, post the following log files:

Why I see No action taken. in your Malwarebytes' Anti-Malware log?

They should be removed:

Make sure that everything is checked, and click Remove Selected.

[pcwilliams]

OK sorry I will do that i didn't know.

I am going to do it over and post it. I thought I did put a check on everything and clicked Remove Selected maybe I did something wrong.

I will post the logs here, shortly, as soon as possible!

Thanks once again!

[pcwilliams]

Hello,

Here are the logs.

mbam-log-2012-05-18 (11-45-30).txt

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.16.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Therese :: NEWONE [administrator]

5/18/2012 11:45:30 AM

mbam-log-2012-05-18 (11-45-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 277941

Time elapsed: 1 hour(s), 33 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

Run by Therese at 14:55:16 on 2012-05-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.737 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Disabled*

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\Explorer.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?AF=110807&babsrc=HP_ss&mntrId=a492bff60000000000000016172a3bc2

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://search.myheritage.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwfLYZRZ8Id0UplB02PIIIUj3q7wlwfeVUMD+qmKmGikUF4jGwSIeod8Co4XfBqjjhtUApa2iZXuvmWkT5nQraA/RgrhVdvnDeMbPkrtguHoU=

uURLSearchHooks: H - No File

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Freecause Shopping BHO: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - Shop to Win 2

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPho2.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" /WinStart

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [Facebook Update] "c:\documents and settings\therese\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"

mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\therese\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: microsoft.com\office

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155760703484

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157815916531

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{FDB81E11-17A2-4E22-A2E6-215C23DE18D5} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 93.113.196.124 www.google.com

Hosts: 93.113.196.125 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-4-24 40840]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-22 130424]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 IkSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-4-24 66952]

R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-4-24 81288]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-4-4 348752]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]

S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-28 54752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-23 135664]

S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-12-5 30312]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

S3 EraserUtilDrv11122;EraserUtilDrv11122;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11122.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11122.sys [?]

S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi10.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-23 135664]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-4-4 1095560]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 SMALUSB;Digital Camera Driver;c:\windows\system32\drivers\smalidt.sys [2009-9-17 9216]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-5 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-5 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-5 121576]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-12-5 98152]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-05-15 16:50:50 -------- d-----w- C:\e0bbfb25fef427c6fa

2012-05-15 00:50:35 86016 ----a-w- c:\documents and settings\all users\application data\accbabbaafddcdct.exe

2012-05-10 17:06:41 -------- d-----w- c:\documents and settings\therese\application data\SUPERAntiSpyware.com

2012-05-10 17:04:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-10 17:04:49 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-05-10 15:32:42 -------- d-----w- c:\documents and settings\therese\application data\Malwarebytes

2012-05-10 15:32:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-10 15:32:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-10 15:32:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-09 16:51:43 -------- d-----w- c:\documents and settings\therese\local settings\application data\uTorrentControl2

2012-05-09 16:51:31 -------- d-----w- c:\documents and settings\therese\local settings\application data\CRE

2012-05-09 16:50:23 -------- d-----w- c:\program files\uTorrentControl2

2012-05-09 16:50:05 -------- d-----w- c:\documents and settings\therese\local settings\application data\Vid-Saver

2012-05-09 16:49:50 -------- d-----w- c:\program files\Vid-Saver

2012-05-09 16:49:25 -------- d-----w- c:\program files\uTorrent

2012-05-09 16:48:11 -------- d-----w- c:\documents and settings\therese\application data\uTorrent

2012-05-09 16:45:14 -------- d-----w- c:\documents and settings\therese\application data\ESET

2012-05-09 16:37:49 -------- d-----w- c:\documents and settings\therese\local settings\application data\AskToolbar

2012-05-08 18:24:10 -------- d--h--w- C:\$AVG

2012-04-23 18:39:01 -------- d-s---w- c:\windows\system32\%APPDATA%

2012-04-21 20:48:55 1409 ----a-w- c:\windows\QTFont.for

.

==================== Find3M ====================

.

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD400BB-00JHC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8622A49F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86231740]; MOV EAX, [0x862318b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x863CB908]

3 CLASSPNP[0xF766FFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000070[0x86334128]

5 ACPI[0xF75E6620] -> nt!IofCallDriver[0x804E37D5] -> [0x8638D260]

\Driver\atapi[0x863818A8] -> IRP_MJ_CREATE -> 0x8622A49F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8622A2C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 14:59:16.68 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/15/2006 4:36:57 PM

System Uptime: 5/18/2012 2:52:15 PM (0 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7142

Processor: AMD Sempron Processor 2800+ | Socket 940 | 1599/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 5.667 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: RAID Controller

Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_71421462&REV_80\3&13C0B0C5&0&78

Manufacturer:

Name: RAID Controller

PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_71421462&REV_80\3&13C0B0C5&0&78

Service:

.

==== System Restore Points ===================

.

RP1377: 3/1/2012 8:54:51 AM - System Checkpoint

RP1378: 3/2/2012 9:53:28 AM - System Checkpoint

RP1379: 3/3/2012 9:58:36 AM - System Checkpoint

RP1380: 3/4/2012 10:16:03 AM - System Checkpoint

RP1381: 3/5/2012 1:36:56 PM - System Checkpoint

RP1382: 3/6/2012 2:15:49 PM - System Checkpoint

RP1383: 3/7/2012 3:08:43 PM - System Checkpoint

RP1384: 3/8/2012 3:44:23 PM - System Checkpoint

RP1385: 3/9/2012 4:35:22 PM - System Checkpoint

RP1386: 3/11/2012 7:10:28 PM - System Checkpoint

RP1387: 3/12/2012 7:41:36 PM - System Checkpoint

RP1388: 3/14/2012 5:03:32 PM - System Checkpoint

RP1389: 3/15/2012 9:23:54 AM - Software Distribution Service 3.0

RP1390: 3/18/2012 9:13:37 PM - System Checkpoint

RP1391: 3/20/2012 4:26:40 PM - System Checkpoint

RP1392: 3/21/2012 7:46:31 PM - System Checkpoint

RP1393: 3/22/2012 8:21:23 PM - System Checkpoint

RP1394: 3/23/2012 9:01:07 PM - System Checkpoint

RP1395: 3/25/2012 4:06:35 PM - System Checkpoint

RP1396: 3/26/2012 5:24:03 PM - System Checkpoint

RP1397: 3/27/2012 5:52:34 PM - System Checkpoint

RP1398: 4/2/2012 7:43:28 PM - ARO 2012 Mon, Apr 02, 12 19:43

RP1399: 4/4/2012 1:58:27 PM - ARO 2012 Wed, Apr 04, 12 13:57

RP1400: 4/12/2012 3:48:28 PM - Software Distribution Service 3.0

RP1401: 4/14/2012 7:15:31 AM - Software Distribution Service 3.0

RP1402: 4/15/2012 12:33:50 PM - System Checkpoint

RP1403: 4/20/2012 1:02:19 PM - System Checkpoint

RP1404: 4/21/2012 1:52:38 PM - System Checkpoint

RP1405: 5/1/2012 7:21:39 PM - System Checkpoint

RP1406: 5/9/2012 10:53:06 AM - Removed Support.com Toolbar.

RP1407: 5/10/2012 11:14:14 AM - Installed ESET Smart Security

RP1408: 5/10/2012 11:01:20 AM - Software Distribution Service 3.0

RP1409: 5/10/2012 3:12:38 PM - Software Distribution Service 3.0

RP1410: 5/11/2012 4:45:44 AM - Software Distribution Service 3.0

RP1411: 5/12/2012 11:00:04 AM - Software Distribution Service 3.0

RP1412: 5/13/2012 12:40:27 PM - Software Distribution Service 3.0

RP1413: 5/15/2012 12:50:30 PM - Software Distribution Service 3.0

RP1414: 5/15/2012 1:19:40 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Updater

µTorrent

Adobe Acrobat 4.0

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Adobe Shockwave Player 11.5

Advanced SystemCare 3

AOL Connectivity Services

ATT-PRT22

AVG 2012

Big Action Construction

CCleaner

CCScore

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

Facebook Video Calling 1.2.0.159

Fast Search by Surf Canyon

Final Media Player 2011

FoxTab PDF Converter

FoxTab PDF Reader

Free Realms Installer

Free YouTube Download 2.3

Freeze.com NetAssistant

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 5.3

HP Image Zone Express

HP Photo Creations

Java 6 Update 16

Junk Mail filter update

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

KSU

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Messenger Plus! 3 & Sponsor

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Home and Student 2007 Trial

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Networks Media Player for Internet Explorer

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

MyHeritage Family Tree Builder

Nero Suite

NetAssistant

netbrdg

Norton PC Checkup

Notifier

Nsauditor 2.3.1

OfotoXMI

Pando Media Booster

PCDADDIN

PCDHELP

PCI SoftV92 Modem

PhotoJoy Bar Toolbar

Platform

QuickTime

Reader Rabbit 1st Grade

Rhapsody Player Engine

Roblox for Therese

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

S3 S3TrayPlus

SAMSUNG USB Driver for Mobile Phones

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SFR

SHASTA

Shop To Win

ShopAtHome.com Toolbar

SKIN0001

SKINXSDK

Spyware Doctor 6.0

staticcr

SUPERAntiSpyware

The Weather Channel App

The Weather Channel Desktop 6

tooltips

UniChrome Pro IGP Display Driver and Utilities

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

uTorrentControl2 Toolbar

VIA Platform Device Manager

VIA Vinyl Audio Codecs Driver Setup Program

VIA/S3G Display Driver

Vid-Saver

Visual C++ 8.0 CRT (x86) WinSXS MSM

Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM

Visual C++ 8.0 MFC (x86) WinSXS MSM

Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM

VPRINTOL

W Photo Studio

WebFldrs XP

WildTangent Web Driver

Windows Defender

Windows Defender Signatures

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

WinRAR archiver

WIRELESS

XML Paper Specification Shared Components Pack 1.0

XP TCP/IP Repair

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

5/18/2012 2:54:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/17/2012 1:47:11 PM, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).

5/16/2012 7:49:36 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.

5/16/2012 1:34:59 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

5/16/2012 1:28:55 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\System32\MLANG.dll. Reference error message: Error Message is unavailable .

5/16/2012 1:15:22 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.manifest. Reference error message: Error Message is unavailable .

5/16/2012 1:14:54 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\ieframe.dll. Reference error message: The operation completed successfully. .

5/15/2012 2:51:25 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\Macromed\Flash\Flash10x.ocx. Reference error message: Error Message is unavailable .

5/15/2012 1:33:59 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe. Reference error message: The operation completed successfully. .

5/15/2012 1:07:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Avgldx86 Avgmfx86 ehdrv Fips SASDIFSV SASKUTIL

5/15/2012 1:06:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/13/2012 4:00:02 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error

5/13/2012 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error

5/13/2012 2:43:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.

5/13/2012 2:43:04 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/13/2012 1:29:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

5/13/2012 1:29:26 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/13/2012 1:24:20 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604110).

5/13/2012 1:24:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Yahoo! Updater service to connect.

5/13/2012 1:24:08 AM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/13/2012 1:24:08 AM, error: Service Control Manager [7000] - The Pure Networks Device Discovery Driver service failed to start due to the following error: The system cannot find the file specified.

5/13/2012 1:24:08 AM, error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

5/13/2012 1:23:08 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

5/13/2012 1:23:08 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe. Reference error message: The operation completed successfully. .

5/13/2012 1:23:08 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

5/13/2012 1:22:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80010100: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2604111).

5/12/2012 12:00:23 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800701e7: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604110).

5/12/2012 12:00:17 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2604111).

5/12/2012 11:59:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604092).

5/12/2012 11:57:50 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656405).

5/12/2012 11:56:19 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .

5/12/2012 11:56:04 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe. Reference error message: The operation completed successfully. .

5/12/2012 11:00:01 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error

5/11/2012 5:00:03 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error

5/11/2012 2:01:33 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error

5/11/2012 12:37:01 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error

5/11/2012 12:12:11 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

5/11/2012 10:30:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

5/11/2012 10:30:47 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/11/2012 1:02:28 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error

.

==== End Of File ===========================

[Maniac]

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!