It all started from WIN32/Rootkit.agent.NSF. Now I need help to get PC up to speed

Hello,

I have ESET NOD32 antivirus on my computer about two weeks ago it stopped loading at start up. I looked on line for possible cause and found a couple suggestions about updating it to newer version. So, I updated. The new version was loading ok until a couple of days ago. New version was also complaining about WIN32/Rootkit.agent.NSF. I have a log. Now even new version stopped loading at start up but I can still see some processes from NOD32 running in the task manager. It can be started from start menu but finds no problems.

At this point I tried to back up my HDD using Drive Image XML but the computer would give me blue screen during creation of HDD shadow step.

Tried safe mode but after selecting it computer would still load in normal mode.

I have two HDDs installed on my computer but only one is showing in disk management but both can be browsed in my computer.

At this point I found this forum and went through XP cleaning procedures.

I was able to run everything except Root Repeal. Running Root repeal I would get blues screen of death

A few more trojans were found and removed.

After running cleaning procedures I was able to boot in to safe modewhere I can view all my HDDs through disk management.

Booting in normal mode I can not see one of my drives in disk management but can browse it in any other progrmas. Computer crushes when I try to back up HDD using Drive image XML. And "log on Icons" for users have all changed to the same picture (airplane).

Please help.

PS

System:
Windows XP professional
Pentium 4 2.8GHz clocked to 2.94
2GB of ram

 

Re: It all started from WIN32/Rootkit.agent.NSF. Now I need help to get PC up to spee

Many none malware problems... sounds bad. Before this however the computer has been running pretty well

Logs attached. I think those are all that I have, let me know if there is anything missing.

another problem I have found that after running cleaning procedures my MS office is going through activation wizard... and I can't find the CD. If there is anything that can be done about that please let me know.

Thanks

 

Re: It all started from WIN32/Rootkit.agent.NSF. Now I need help to get PC up to spee

Yes, sorry... I knew I forgot something

 

Re: It all started from WIN32/Rootkit.agent.NSF. Now I need help to get PC up to spee

Here are the files, there are two tdskiller logs because I have misread your instructions and run it by double clicking on it on the desk top first. and on the second run I did it through run window.

Should I restart the computer to evaluate how it is running because @ this moment disk management still does not see second disk.

another thing I have noticed is that when I plug in USB drive the autostart does not happen...I am pretty sure it did autostart before I did computer cleaning procedures

 

Re: It all started from WIN32/Rootkit.agent.NSF. Now I need help to get PC up to spee

I did not notice the question...sorry

There is nothing from symantec that I use right now. However before ESET NOD32 anti-virus I had Norton. When I switched to ESET NOD32 I uninstalled Norton through Add/Remove Programs.

 

Re: It all started from WIN32/Rootkit.agent.NSF. Now I need help to get PC up to spee

Did all that was listed, but problems still remain and some new once discovered.

problems that were fixed with procedures below,

*got my safe mode back
*antivirus does not complain about viruses anymore

old problems that are still there:
*when I try to back up my hdd with driveimage xml I get BSOD
*my antivirus does not start up when windows starts
*disk management does not see my second physical hdd but I can browse it through windows explorer.

new problems that appeared after cleaning computer:
*MS office wants to validate the installation again... but I can't find the original CD that was used.
*when USB storage device is plugged in the computer does not do autorun anymore
*when I use my USB HDD frequently computer gives me BSOD with irq_not_less_or_equal error, I fixed this by disabling system restore but a couple days later system restore reappeared and I started getting BSOD again.
*my scanner stopped working, it try's to scan I can hear it move the photo element briefly but when on screen it says "scanning" all I get is a black page with white noise and scanner does not move, I tried reinstalling driver to no avail.

I hope you can help me further, Thank you

 

Re: It all started from WIN32/Rootkit.agent.NSF. Now I need help to get PC up to spee

sorry, I have spoken too soon

my eset not32 anitivus just gave me this:

2/23/2010 2:13:36 PM Startup scanner file C:\WINDOWS\System32\DRIVERS\mrxsmb.sys a variant of Win32/Rootkit.Agent.NSF trojan unable to clean

I have a bunch of warnings like this going back to 1/27/2010

some of the warnings reference this file:

2/5/2010 8:20:09 AM Real-time file system protection file C:\System Volume Information\_restore{417A4476-C43C-45BB-922B-467F40C2EA14}\RP674\A0125052.sys a variant of Win32/Rootkit.Agent.NSF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe.

this is the only one that stands out:
2/16/2010 2:56:53 PM Real-time file system protection file C:\DOCUME~1\vip\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined TW\vip Event occurred on a new file created by the application: C:\ComboFix\CF3671.cfxxe.