Good Evening,
Please Help.
I have followed the Malware Removal Guide and performed Avast scans to no avail, below are the Log reports and details.
Win32:Bredolab-AQ [Trj] pops up roughly every 8-10 minutes and my PC is moving slower and slower.
OS - Windows XP
Security - Avast
Infection - Win32:Bredolab-AQ [Trj]
Logs:
Malwarebytes Anti-Malware
Malwarebytes’ Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 3
11/4/2009 5:50:33 PM
mbam-log-2009-11-04 (17-50-33).txt
Scan type: Quick Scan
Objects scanned: 97943
Time elapsed: 4 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
RootRepeal
ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/11/04 18:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
Drivers
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9D15000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89E3000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA90BA000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
Path: c:\documents and settings\user\application data\utorrent\resume.dat
Status: Size mismatch (API: 283594, Raw: 282352)
Path: C:\Documents and Settings\User\Application Data\uTorrent\resume.dat.old
Status: Could not get file information (Error 0xc0000008)
SSDT
#: 025 Function Name: NtClose
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec96b8
#: 041 Function Name: NtCreateKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec9574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec9a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec914c
#: 119 Function Name: NtOpenKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec964e
#: 122 Function Name: NtOpenProcess
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec908c
#: 128 Function Name: NtOpenThread
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec90f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec976e
#: 204 Function Name: NtRestoreKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec972e
#: 247 Function Name: NtSetValueKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec98ae
#: 257 Function Name: NtTerminateProcess
Status: Hooked by “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys” at address 0xf8b44812
==EOF==