
I've usually been able to use your existing threads, but this one really has me stumped.
While online, a pop-up opened and immediately downloaded "Test.exe" onto my desktop. Even though I rushed to delete it, soon my desktop icons dissapeared and any applications I tried to open were present in the task manager but visually unable to populate. System restore was unable to load and pop-ups were abundant.
Being two weeks later, I've managed to restored my desktop icons and it's at least usable, but two big issues remain:
1) 2-3 hours after boot, svchost.exe has an error and I am unable to open most programs (other than IE), my sound fails, and it freezes at the shut down screen. Also, my desktop definitely loads up slower.
2) At random times svchost.exe starts using up to 99% of the cpu; slowing everything to a crawl and forcing my fan to rev up like a dwarf hamster on adderall.

Avast picks up nothing yet a microsoft scan picks up an issue in java

I've done all I know how to do so it's definitely time to call in the big dogs. I appreciate in advance any responses.
(gmer.exe errors and instantly reboots my pc during scan. So currently I am unable to post an ark.txt log)
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 0:23:04.20 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1562 [GMT -6:00]
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y2k9keym.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-7 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-7 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-7 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-7 40384]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 57840]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-10-24 158344]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);c:\windows\system32\drivers\ZD1211BU.sys [2010-10-1 450560]
S4 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1574408]
S4 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]
=============== Created Last 30 ================
2010-12-11 16:14:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-07 09:47:33 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Threat Expert
2010-12-07 08:35:27 38848 ----a-w- c:\windows\avastSS.scr
2010-12-07 08:35:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-07 07:41:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-12-06 21:26:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-06 21:26:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-05 03:56:48 -------- d-----w- c:\docume~1\admini~1\applic~1\webroot
2010-12-05 03:55:27 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Webroot
2010-12-05 03:44:59 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\PackageAware
2010-12-05 03:43:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA
2010-12-04 18:51:41 -------- d-----w- c:\program files\CCleaner
2010-12-02 02:00:20 -------- d-----w- c:\program files\iPod
2010-12-02 02:00:17 -------- d-----w- c:\program files\iTunes
2010-12-02 02:00:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-02 01:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-02 01:59:50 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-12-02 01:58:28 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-02 01:58:28 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-02 01:58:05 -------- d-----w- c:\program files\Bonjour
2010-11-29 04:04:04 -------- d-----w- c:\docume~1\admini~1\applic~1\OpenOffice.org
2010-11-29 04:00:40 -------- d-----w- c:\program files\JRE
2010-11-29 04:00:29 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-29 03:59:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 03:59:59 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-23 10:05:44 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Conduit
2010-11-23 10:05:29 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2010-11-19 06:13:08 647168 ----a-w- c:\windows\system32\sonicismdsp.dll
2010-11-19 06:13:08 551936 ----a-w- c:\windows\th_inst2.exe
2010-11-19 04:40:04 -------- d-----w- c:\program files\Antares Audio Technologies
2010-11-19 04:40:04 -------- d-----w- c:\docume~1\admini~1\applic~1\Antares
2010-11-19 04:39:52 1777664 ----a-w- c:\windows\system32\gdiplus.dll
==================== Find3M ====================
2010-11-08 07:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120025A rev.4.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T1L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A555555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a55b7b0]; MOV EAX, [0x8a55b82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A565AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000062[0x8A567908]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A589940]
\Driver\atapi[0x8A5CCA80] -> IRP_MJ_CREATE -> 0x8A555555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T1L0-3 -> \??\IDE#DiskST3120025A______________________________4.06____#4a35305454545a42202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A55539B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 0:24:43.57 ===============
Attached Files
Edited by Jesusjones1024, 19 December 2010 - 03:09 AM.