100% cpu usage till task manager is open

[nktagy]

Hi, a week ago i think my pc got infect by a usb a frined of mine has given to me.

Now when ever i open my pc, cpu usage hits 100% (i have rainmeter widget on desktop to check it) and that only stops whenever my task manager is open.

I tried to follow that post i found from google http://social.techne...b-fc21078bf3d6/, installed the programs suggested but the problem is still here

I also discovered that my ''external'' portable hard drive has a virus (i think) that makes some of my folders - not all - act like aplications.These infected folders have a 374kb size + different icon instead of their default and when a click them, a new window is open with the content i need.

At my original post i was advised to follow some steps and these are the results from dds.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2

Run by user at 15:55:54 on 2013-06-06

Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3067.1520 [GMT 3:00]

.

AV: ESET NOD32 Antivirus 4.2 * Enabled / Updated * {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ================

.

C: \ WINDOWS \ system32 \ nvsvc32.exe

C: \ Program Files \ Intel \ WiFi \ bin \ S24EvMon.exe

C: \ WINDOWS \ system32 \ spoolsv.exe

C: \ WINDOWS \ Explorer.EXE

C: \ Program Files \ SUPERAntiSpyware \ SASCORE.EXE

C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ AppleMobileDeviceService.exe

C: \ Program Files \ Bonjour \ mDNSResponder.exe

C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe

C: \ Program Files \ Intel \ WiFi \ bin \ EvtEng.exe

C: \ Program Files \ Freemake \ CaptureLib \ CaptureLibService.exe

C: \ WINDOWS \ RTHDCPL.EXE

C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe

C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe

C: \ Program Files \ Java \ jre7 \ bin \ jqs.exe

C: \ Program Files \ Intel \ WiFi \ bin \ ZCfgSvc.exe

C: \ Program Files \ Common Files \ Intel \ WirelessCommon \ iFrmewrk.exe

C: \ WINDOWS \ BisonCam \ BisonHK.exe

C: \ WINDOWS \ BisonCam \ DeLay.exe

C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe

C: \ Program Files \ Protector Suite QL \ psqltray.exe

C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamscheduler.exe

C: \ Program Files \ Logitech \ SetPointP \ SetPoint.exe

C: \ WINDOWS \ system32 \ rundll32.exe

C: \ Program Files \ iTunes \ iTunesHelper.exe

C: \ Program Files \ Common Files \ Java \ Java Update \ jusched.exe

C: \ WINDOWS \ system32 \ ctfmon.exe

C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe

C: \ Program Files \ Messenger \ msmsgs.exe

C: \ Program Files \ uTorrent \ uTorrent.exe

C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamservice.exe

C: \ Documents and Settings \ user \ Application Data \ sys32.exe

C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe

C: \ Program Files \ HotKey_Driver \ HotKeyDriver.exe

C: \ WINDOWS \ system32 \ PnkBstrA.exe

C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe

C: \ WINDOWS \ system32 \ PnkBstrB.exe

C: \ Program Files \ Rainmeter \ Rainmeter.exe

C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe

C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE

C: \ Program Files \ Common Files \ Intel \ WirelessCommon \ RegSrvc.exe

C: \ Program Files \ Western Digital \ WD SmartWare \ WD Drive Manager \ WDDMService.exe

C: \ Program Files \ Western Digital \ WD SmartWare \ Front Parlor \ WDFME \ WDFME.exe

C: \ Program Files \ Common Files \ LogiShrd \ KHAL3 \ KHALMNPR.EXE

C: \ Program Files \ Western Digital \ WD SmartWare \ Front Parlor \ WDSC.exe

C: \ WINDOWS \ system32 \ SearchIndexer.exe

C: \ WINDOWS \ system32 \ wbem \ unsecapp.exe

C: \ Program Files \ iPod \ bin \ iPodService.exe

C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe

C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe

C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe

C: \ WINDOWS \ System32 \ alg.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ WINDOWS \ SYSTEM32 \ taskmgr.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ Program Files \ Webteh \ BSplayer \ bsplayer.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ Program Files \ Google \ Chrome \ Application \ chrome.exe

C: \ WINDOWS \ system32 \ wuauclt.exe

C: \ WINDOWS \ system32 \ SearchProtocolHost.exe

C: \ WINDOWS \ system32 \ SearchFilterHost.exe

C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe

C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs

C: \ WINDOWS \ system32 \ svchost.exe-k WudfServiceGroup

C: \ WINDOWS \ system32 \ svchost.exe-k NetworkService

C: \ WINDOWS \ system32 \ svchost.exe-k LocalService

C: \ WINDOWS \ system32 \ svchost.exe-k LocalService

C: \ WINDOWS \ system32 \ svchost.exe-k bthsvcs

C: \ WINDOWS \ system32 \ svchost.exe-k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp :/ / www.google.com/

BHO: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c: \ program files \ autocompletepro \ AutocompletePro.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c: \ program files \ common files \ adobe \ acrobat \ activex \ AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c: \ program files \ java \ jre7 \ bin \ ssv.dll

BHO: Sign-in Assistant Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c: \ program files \ common files \ microsoft shared \ windows live \ WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c: \ program files \ skype \ toolbars \ internet explorer \ skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c: \ program files \ java \ jre7 \ bin \ jp2ssv.dll

BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -

uRun: [CTFMON.EXE] c: \ windows \ system32 \ ctfmon.exe

uRun: [msnmsgr] "c: \ program files \ windows live \ messenger \ msnmsgr.exe" / background

uRun: [MSMSGS] "c: \ program files \ messenger \ msmsgs.exe" / background

uRun: [Facebook Update] "c: \ documents and settings \ user \ local settings \ application data \ facebook \ update \ FacebookUpdate.exe" / c / nocrashserver

uRun: [uTorrent] "c: \ program files \ utorrent \ uTorrent.exe" / MINIMIZED

uRun: [Pando Media Booster] c: \ program files \ pando networks \ media booster \ PMB.exe

uRun: [sRS Audio Sandbox] "c: \ program files \ srs labs \ audio sandbox \ SRSSSC.exe" / hideme

uRun: [DAEMON Tools Lite] "c: \ program files \ daemon tools lite \ DTLite.exe"-autorun

uRun: [RocketDock] "c: \ program files \ rocketdock \ RocketDock.exe"

uRun: [sys32] c: \ documents and settings \ user \ application data \ sys32.exe

uRun: [sUPERAntiSpyware] c: \ program files \ superantispyware \ SUPERAntiSpyware.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sMSERIAL] c: \ program files \ motorola \ smserial \ sm56hlpr.exe

mRun: [synTPEnh] c: \ program files \ synaptics \ syntp \ SynTPEnh.exe

mRun: [intelZeroConfig] "c: \ program files \ intel \ wifi \ bin \ ZCfgSvc.exe"

mRun: [intelWireless] "c: \ program files \ common files \ intel \ wirelesscommon \ iFrmewrk.exe" / tf Intel Wireless Tray

mRun: [PSQLLauncher] "c: \ program files \ protector suite ql \ launcher.exe" / startup

mRun: [bisonHK] c: \ windows \ bisoncam \ BisonHK.exe

mRun: [DeLay] c: \ windows \ bisoncam \ DeLay.exe

mRun: [egui] "c: \ program files \ eset \ eset nod32 antivirus \ egui.exe" / hide / waitservice

mRun: [Adobe ARM] "c: \ program files \ common files \ adobe \ arm \ 1.0 \ AdobeARM.exe"

mRun: [EvtMgr6] c: \ program files \ logitech \ setpointp \ SetPoint.exe / launchGaming

mRun: [NvCplDaemon] RUNDLL32.EXE c: \ windows \ system32 \ NvCpl.dll, NvStartup

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent

mRun: [APSDaemon] "c: \ program files \ common files \ apple \ apple application support \ APSDaemon.exe"

mRun: [iTunesHelper] "c: \ program files \ itunes \ iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c: \ program files \ common files \ java \ java update \ jusched.exe"

dRun: [CTFMON.EXE] c: \ windows \ system32 \ CTFMON.EXE

StartupFolder: c: \ docume ~ 1 \ user \ startm ~ 1 \ f2da ~ 1 \ 599a ~ 1 \ rainme ~ 1.lnk - c: \ program files \ rainmeter \ Rainmeter.exe

StartupFolder: c: \ docume ~ 1 \ user \ startm ~ 1 \ f2da ~ 1 \ 599a ~ 1 \ onenot ~ 1.lnk - c: \ program files \ microsoft office \ office12 \ ONENOTEM.EXE

StartupFolder: c: \ docume ~ 1 \ alluse ~ 1 \ startm ~ 1 \ f2da ~ 1 \ 599a ~ 1 \ hotkey ~ 1.lnk - c: \ program files \ hotkey_driver \ HotKeyDriver.exe

StartupFolder: c: \ docume ~ 1 \ alluse ~ 1 \ startm ~ 1 \ f2da ~ 1 \ 599a ~ 1 \ window ~ 1.lnk - c: \ program files \ windows desktop search \ WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword: 145

mPolicies-Explorer: NoDriveTypeAutoRun = dword: 145

IE: E & xport to Microsoft Excel - c: \ progra ~ 1 \ mi1933 ~ 1 \ office12 \ EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c: \ program files \ windows live \ writer \ WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c: \ program files \ microsoft office \ office12 \ ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c: \ program files \ skype \ toolbars \ internet explorer \ skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} -% windir% \ Network Diagnostic \ xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c: \ program files \ messenger \ msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp :/ / go.microsoft.com / fwlink /? Linkid = 39204

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp :/ / platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.254.254

TCP: Interfaces \ {405C61FE-08C2-4D92-A2FD-124D5C55ADA0}: DHCPNameServer = 192.168.254.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c: \ program files \ skype \ toolbars \ internet explorer \ skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c: \ program files \ common files \ skype \ Skype4COM.dll

Notify: LBTWlgn - c: \ program files \ common files \ logishrd \ bluetooth \ LBTWlgn.dll

Notify: psfus - c: \ windows \ system32 \ psqlpwd.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c: \ windows \ system32 \ WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c: \ program files \ windows desktop search \ MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c: \ program files \ superantispyware \ SASSEH.DLL

LSA: Notification Packages = scecli psqlpwd

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c: \ program files \ google \ chrome \ application \ 27.0.1453.94 \ installer \ chrmstp.exe" - configure-user-settings - verbose-logging - -system-level - multi-install - chrome

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv; ehdrv; c: \ windows \ system32 \ drivers \ ehdrv.sys [2010-7-29 115008]

R1 epfwtdir; epfwtdir; c: \ windows \ system32 \ drivers \ epfwtdir.sys [2010-8-3 95896]

R1 SASDIFSV; SASDIFSV; c: \ program files \ superantispyware \ sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL; SASKUTIL; c: \ program files \ superantispyware \ SASKUTIL.SYS [2011-7-13 67664]

R2! SASCORE; SAS Core Service; c: \ program files \ superantispyware \ SASCore.exe [2013-5-23 119056]

R2 ekrn; ESET Service; c: \ program files \ eset \ eset nod32 antivirus \ ekrn.exe [2010-8-12 810144]

R2 FreemakeVideoCapture; FreemakeVideoCapture; c: \ program files \ freemake \ capturelib \ CaptureLibService.exe [2013-4-29 9216]

R2 fssfltr; FssFltr; c: \ windows \ system32 \ drivers \ fssfltr_tdi.sys [2010-7-30 54760]

R2 LBeepKE; Logitech Beep Suppression Driver; c: \ windows \ system32 \ drivers \ LBeepKE.sys [2011-8-15 12184]

R2 MBAMScheduler; MBAMScheduler; c: \ program files \ malwarebytes' anti-malware \ mbamscheduler.exe [2013-6-3 418376]

R2 MBAMService; MBAMService; c: \ program files \ malwarebytes' anti-malware \ mbamservice.exe [2013-6-3 701512]

R2 WDDMService; WDDMService; c: \ program files \ western digital \ wd smartware \ wd drive manager \ WDDMService.exe [2011-3-9 238592]

R2 WDFME; WD File Management Engine; c: \ program files \ western digital \ wd smartware \ front parlor \ wdfme \ WDFME.exe [2011-3-9 1060864]

R2 WDSC; WD File Management Shadow Engine; c: \ program files \ western digital \ wd smartware \ front parlor \ WDSC.exe [2011-3-9 484352]

R3 dtsoftbus01; DAEMON Tools Virtual Bus Driver; c: \ windows \ system32 \ drivers \ dtsoftbus01.sys [2013-4-8 242240]

R3 JMCR; JMCR; c: \ windows \ system32 \ drivers \ jmcr.sys [2010-7-28 84240]

R3 MBAMProtector; MBAMProtector; c: \ windows \ system32 \ drivers \ mbam.sys [2013-6-3 22856]

R3 seehcri; Sony Ericsson seehcri Device Driver; c: \ windows \ system32 \ drivers \ seehcri.sys [2011-3-11 27632]

R3 sef3x1; Sony Ericsson sef3x1 Device Driver; c: \ windows \ system32 \ drivers \ sef3x1.sys [2011-3-11 28608]

R3 WDC_SAM; WD SCSI Pass Thru driver; c: \ windows \ system32 \ drivers \ wdcsam.sys [2011-5-20 11520]

S2 clr_optimization_v4.0.30319_32; Microsoft. NET Framework NGEN v4.0.30319_X86; c: \ windows \ microsoft.net \ framework \ v4.0.30319 \ mscorsvw.exe [2010-3-18 130384]

S3 fsssvc; Service Family Safety Windows Live; c: \ program files \ windows live \ family safety \ fsssvc.exe [2010-4-28 704872]

S3 ggflt; SEMC USB Flash Driver Filter; c: \ windows \ system32 \ drivers \ ggflt.sys [2011-3-11 12400]

S3 GGSAFERDriver; GGSAFER Driver; \?? \ C: \ program files \ garena \ safedrv.sys -> c: \ program files \ garena \ safedrv.sys [?]

S3 ivusb; Initio Driver for USB Default Controller; c: \ windows \ system32 \ drivers \ ivusb.sys -> c: \ windows \ system32 \ drivers \ ivusb.sys [?]

S3 LLRING0; LLRING0; \?? \ C: \ program files \ fortress network \ fortressmu season 6 episode 3 \ muguard \ llck.sys -> c: \ program files \ fortress network \ fortressmu season 6 episode 3 \ muguard \ llck . sys [?]

S3 NPF; WinPcap Packet Driver (NPF); c: \ windows \ system32 \ drivers \ npf.sys -> c: \ windows \ system32 \ drivers \ NPF.sys [?]

S3 SkypeUpdate; Skype Updater; c: \ program files \ skype \ updater \ Updater.exe [2012-7-13 160944]

S3 Sony PC Companion; Sony PC Companion; c: \ program files \ sony \ sony pc companion \ PCCService.exe [2011-12-7 155824]

S3 WPFFontCache_v0400; Windows Presentation Foundation Font Cache 4.0.0.0; c: \ windows \ microsoft.net \ framework \ v4.0.30319 \ wpf \ WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-06-05 21:39:51 -------- d ----- w-c: \ documents and settings \ user \ Documents

2013-06-05 20:13:52 -------- d ----- w-c: \ documents and settings \ user \ application data \ SUPERAntiSpyware.com

2013-06-05 20:13:19 -------- d ----- w-c: \ program files \ SUPERAntiSpyware

2013-06-05 20:13:19 -------- d ----- w-c: \ documents and settings \ all users \ application data \ SUPERAntiSpyware.com

2013-06-03 00:00:54 -------- d ----- w-c: \ documents and settings \ user \ application data \ Malwarebytes

2013-06-03 00:00:44 -------- d ----- w-c: \ documents and settings \ all users \ application data \ Malwarebytes

2013-06-03 00:00:42 22856 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys

2013-06-03 00:00:42 -------- d ----- w-c: \ program files \ Malwarebytes' Anti-Malware

2013-06-02 00:22:42 382976 ---- ar-c: \ documents and settings \ user \ application data \ sys32.exe

2013-06-02 00:22:42 1184256 ------ w-c: \ documents and settings \ user \ application data \ abab32.exe

2013-05-30 20:08:48 -------- d ----- w-c: \ documents and settings \ user \ application data \ NVIDIA

2013-05-28 21:53:57 -------- d ----- w-c: \ program files \ Microsoft XNA

2013-05-22 09:43:19 -------- d ----- w-c: \ documents and settings \ user \ local settings \ application data \ Razer

.

==================== Find3M ====================

.

2013-08-15 20:25:42 71048 ---- aw-c: \ windows \ system32 \ FlashPlayerCPLApp.cpl

2013-08-15 20:25:42 692104 ---- aw-c: \ windows \ system32 \ FlashPlayerApp.exe

2013-04-16 22:16:49 920064 ---- aw-c: \ windows \ system32 \ wininet.dll

2013-04-16 22:16:49 43520 ---- aw-c: \ windows \ system32 \ licmgr10.dll

2013-04-16 22:16:49 1469440 ------ w-c: \ windows \ system32 \ inetcpl.cpl

2013-04-12 23:28:55 385024 ---- aw-c: \ windows \ system32 \ html.iec

2013-04-12 14:00:53 1876608 ---- aw-c: \ windows \ system32 \ win32k.sys

2013-04-08 11:03:32 242240 ---- aw-c: \ windows \ system32 \ drivers \ dtsoftbus01.sys

2013-04-04 02:35:08 94112 ---- aw-c: \ windows \ system32 \ WindowsAccessBridge.dll

2013-03-29 12:03:30 861088 ---- aw-c: \ windows \ system32 \ npdeployJava1.dll

2013-03-29 12:03:30 782240 ---- aw-c: \ windows \ system32 \ deployJava1.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD3200BEVT-22ZCT0 rev.11.01A11 -> Harddisk0 \ DR0 -> \ Device \ Ide \ IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe >> UNKNOWN [0x8AD7A808] <<

_asm {MOV EAX, 0x8ad7a728; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8adc6684; RET; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL;}

1 ntkrnlpa! IofCallDriver [0x804EF200] -> \ Device \ Harddisk0 \ DR0 [0x8AC8BAB8]

\ Driver \ Disk [0x8ADB1418] -> IRP_MJ_CREATE -> 0x8AD7A808

kernel: MBR read successfully

_asm {XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI; PUSH AX; POP ES; PUSH AX; POP DS; CLD; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB; RETF; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP +0 x0], CH; JL 0x2e; JNZ 0x3a;}

detected disk devices:

detected hooks:

\ Driver \ Disk -> 0x8ad7a808

user & kernel MBR OK

Warning: possible MBR rootkit infection!

.

============= FINISH: 15:57:36,53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \ Device \ HarddiskVolume1

Install Date: 28/7/2010 11:20:59 AM

System Uptime: 6/6/2013 11:00:14 AM (4 hours ago)

.

Motherboard: CLEVO CO. | | M860TU

Processor: CPU Intel Pentium III Xeon | U22 | 2394/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 187,584 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP650: 6/6/2013 12:50:26 AM - System Checkpoint

.

==== Installed Programs ======================

.

Photo Gallery Windows Live

mTorrent

Software Intel ® PROSet / Wireless WiFi

Sign-in Assistant Windows Live

Standard Service Package Cryptographic Provider Microsoft Smart Card

Language pack for Greek of Microsoft. NET Framework 4 Client Profile

Language pack for Greek of Microsoft. NET Framework 4 Extended

Language pack Microsoft. NET Framework 3.5 SP1 - ELL

Family Safety Windows Live

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Microsoft Office Excel 2007 Help (KB963678)

Update Microsoft Office Powerpoint 2007 Help (KB963669)

Update Microsoft Office Word 2007 Help (KB963665)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Hotfix for Windows Media Player 11 (KB939683)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

AutocompletePro

BisonCam

Bonjour

BS.Player FREE

Call of Duty ® 4 - Modern Warfare 1.6 Patch

Call of Duty ® 4 - Modern Warfare 1.7 Patch

CCleaner

Convert MP4 to MP3 1.5

DAEMON Tools Lite

DVD Shrink 3.2

erLT

ESET NOD32 Antivirus

Facebook Video Calling 1.2.0.287

FL Studio 10

Freemake Video Downloader

Google Chrome

Google Earth

Google Update Helper

Hotfix for Microsoft. NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft. NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB973442)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB976002-v5)

HotKey_Driver

IL Download Manager

Intel PROSet Wireless

iTunes

Java 7 Update 21

Java Auto Updater

JMicron JMB38X Flash Media Controller

Junk Mail filter update

Logitech SetPoint 6.30

Malwarebytes Anti-Malware version 1.75.0.1300

Media Go

Media Go Video Playback Engine 1.92.164.06140

Medieval CUE Splitter

Microsoft. NET Compact Framework 3.5

Microsoft. NET Framework 1.1

Microsoft. NET Framework 1.1 Greek Language Pack

Microsoft. NET Framework 1.1 Security Update (KB2742597)

Microsoft. NET Framework 2.0 Service Pack 2

Microsoft. NET Framework 2.0 Service Pack 2 Language Pack - ELL

Microsoft. NET Framework 3.0 Service Pack 2

Microsoft. NET Framework 3.0 Service Pack 2 Language Pack - ELL

Microsoft. NET Framework 3.5 Language Pack SP1 - ell

Microsoft. NET Framework 3.5 SP1

Microsoft. NET Framework 4 Client Profile

Microsoft. NET Framework 4 Client Profile ELL Language Pack

Microsoft. NET Framework 4 Extended

Microsoft. NET Framework 4 Extended ELL Language Pack

Microsoft Application Error Reporting

Microsoft Automated Troubleshooting Services Shim

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (Greek) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Greek) 2007

Microsoft Office PowerPoint MUI (Greek) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Greek) 2007

Microsoft Office Proofing (Greek) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (Greek) 2007

Microsoft Office Word MUI (Greek) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Greek) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C + + 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C + + 2005 Redistributable

Microsoft Visual C + + 2005 Redistributable - KB2467175

Microsoft Visual C + + 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C + + 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C + + 2008 Redistributable - x86 9.0.21022

Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C + + 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C + + 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C + + 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C + + 2012 x86 Minimum Runtime - 11.0.51106

Microsoft WinUsb 1.0

Microsoft XNA Framework Redistributable 4.0 Refresh

Motorola SM56 Data Fax Modem

Mp3 Knife 3.2

MSVCRT

NVIDIA Drivers

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Pando Media Booster

PowerISO

Protector Suite QL 5.8

QuickTime

Rainbow Folders

Rainmeter

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Recuva

Security Update for Microsoft. NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft. NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft. NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft. NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft. NET Framework 4 Extended (KB2487367)

Security Update for Microsoft. NET Framework 4 Extended (KB2656351)

Security Update for Microsoft. NET Framework 4 Extended (KB2736428)

Security Update for Microsoft. NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Windows Search 4 - KB963093

Segoe UI

Skype Click to Call

Skype ™ 5.10

Sony Ericsson Update Engine

Sony Mobile Update Service

Sony PC Companion 2.10.155

SUPERAntiSpyware

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft. NET Framework 3.5 SP1 (KB963707)

Update for Microsoft. NET Framework 4 Client Profile (KB2468871)

Update for Microsoft. NET Framework 4 Client Profile (KB2533523)

Update for Microsoft. NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Virtual DJ Home - Atomix Productions

VirtualDJ Home FREE

Visual Studio Tools for the Office system 3.0 Runtime

WD SmartWare

WebFldrs XP

Windows 7 Upgrade Advisor

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows PowerShell 1.0

Windows Search 4.0

WinRAR archiver

XML Paper Specification Shared Components Language Pack 1.0

YTD Video Downloader 4.1

.

==== End Of File ===========================

[Psychotic]

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

• Double click the mbar.zip file to open it, then 'Extract all files'.
  
• Double click the mbar folder to open it, then double click mbar.exe to start the tool.
  

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

[nktagy]

thanks for the respond . here is the log

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.07.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

user :: USER-4779C178A6 [administrator]

7/6/2013 3:56:51 μμ

mbar-log-2013-06-07 (15-56-51).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P

Scan options disabled: PUP

Objects scanned: 247628

Time elapsed: 17 minute(s), 9 second(s)

Memory Processes Detected: 1

c:\Documents and Settings\user\Application Data\sys32.exe (Trojan.Agent.Gen) -> 2944 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sys32 (Trojan.Agent.Gen) -> Data: C:\Documents and Settings\user\Application Data\sys32.exe -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

c:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> No action taken.

c:\Documents and Settings\user\Application Data\sys32.exe (Trojan.Agent.Gen) -> No action taken.

c:\WINDOWS\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

[Psychotic]

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

[nktagy]

well after the reboot the pc opened normal at the start,but when i tried to open chrome, the desktop just didnt respond.no right click, no left click nothing so i just restart it again.after that evrything went normal did the scan and here are the results...

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.07.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

user :: USER-4779C178A6 [administrator]

7/6/2013 11:42:06 μμ

mbar-log-2013-06-07 (23-42-06).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P

Scan options disabled: PUP

Objects scanned: 240732

Time elapsed: 24 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

now cpu usage seems to be back to normal, but i am not sure till you confirm it. thanks for the help so far

[nktagy]

when i tried to open it today i had to manually shut it down twice.

the first time only the wallpaper and the cmd loaded, then nothing.

second time it seemed to have opened normally but startup programms like msn didn't show up on screen.when the mouse was over the toolbar the symbol was loading...(that kind of ''error'' had long time to show up,last time i think was about 6 months ago or so)

[nktagy]

i think i aws a bit unpatient cause it happend again but i waited to see if something had changed and after 3-4 mins. everything was back to normal

[AdvancedSetup]

Is this the same computer?

http://forums.malwarebytes.org/index.php?showtopic=127472

[nktagy]

well yes i solved this problem, but all my external hard drives are still having the problem described the other post

[Psychotic]

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[nktagy]

<div>C:\System Volume Information\_restore{12CD5004-A921-43EC-8861-D79BCDEE259D}\RP654\A0292533.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask.C application</div>

<div> </div>

[Psychotic]

Following this link, delete all but the most resent restore point(s).

http://support.microsoft.com/kb/555367

SecurityCheck

Please download SecurityCheck from one of the following mirrors: LINK1 LINK2

• Save the file to your desktop.
• Run Securitycheck.exe and follow the instructions within the DOS-Box.
• When the scan is finished it will open up a text file (checkup.txt).

Post its content within your next reply.

[nktagy]

Results of screen317's Security Check version 0.99.64

Windows XP Service Pack 3 x86

``````````````Antivirus/Firewall Check:``````````````

ESET NOD32 Antivirus 4.2

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SUPERAntiSpyware

Malwarebytes Anti-Malware έκδοση 1.75.0.1300

CCleaner

Java 7 Update 21

Adobe Flash Player 11.7.700.202

Adobe Reader 10.1.6 Adobe Reader out of Date!

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

Google Chrome Plugins...

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C::

````````````````````End of Log``````````````````````

[AdvancedSetup]

Topic is closed. User says in post 8 and 9 that this is the same computer. Please do not waste the resources of multiple helpers.

http://forums.malwar...howtopic=127472