Please Help. Win32:Bredolab-AQ [Trj]

Good Evening,

Please Help.

I have followed the Malware Removal Guide and performed Avast scans to no avail, below are the Log reports and details.

Win32:Bredolab-AQ [Trj] pops up roughly every 8-10 minutes and my PC is moving slower and slower.

OS - Windows XP
Security - Avast
Infection - Win32:Bredolab-AQ [Trj]

Logs:

Malwarebytes Anti-Malware
Malwarebytes’ Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 3

11/4/2009 5:50:33 PM
mbam-log-2009-11-04 (17-50-33).txt

Scan type: Quick Scan
Objects scanned: 97943
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

RootRepeal
ROOTREPEAL © AD, 2007-2009

Scan Start Time: 2009/11/04 18:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3

Drivers

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9D15000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89E3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA90BA000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files

Path: c:\documents and settings\user\application data\utorrent\resume.dat
Status: Size mismatch (API: 283594, Raw: 282352)

Path: C:\Documents and Settings\User\Application Data\uTorrent\resume.dat.old
Status: Could not get file information (Error 0xc0000008)

SSDT

#: 025 Function Name: NtClose
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec96b8

#: 041 Function Name: NtCreateKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec9574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec9a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec914c

#: 119 Function Name: NtOpenKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec964e

#: 122 Function Name: NtOpenProcess
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec908c

#: 128 Function Name: NtOpenThread
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec90f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec976e

#: 204 Function Name: NtRestoreKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec972e

#: 247 Function Name: NtSetValueKey
Status: Hooked by “C:\WINDOWS\System32\Drivers\aswSP.SYS” at address 0xa9ec98ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys” at address 0xf8b44812

==EOF==

Hi illsun00,

Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)

Try a scan with DrWeb CureIT!

Try these free adware/spyware scanners.

SUPERAntiSpyware Free
a-Squared Free

Download, install and update the programs.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.

[font=Segoe UI] Consider disabling uTorrent on startup then run a scan with the tools mentioned by Frank.