Computer has mind of it's own

[scrandal]

My desktop is behaving badly. Originally, it was running slow and would reboot on it's own quite often - eventually rebooting time after time in a continuous loop. It still reboots from time to time on it's own, but now it has an application that pops up as soon as it boots up. It's called Security Tool and it says there are worms that are trying to steal credit card information, but then asks to enter credit card info to buy protection. It also will not allow me to add/delete programs, and also won't allow ctrl+alt+del functionality. Here are my scans, although it would not let me run the GMER or OTL scans. ????

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP Home Edition (5.1.2600) Service Pack 3

[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Enabled

.

Internet Explorer 7.0.5730.13

.

A:\ [Removable]

C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:63 Go )

D:\ [CD_Rom]

E:\ [CD_Rom]

F:\ [Removable]

.

Scan : 22:18.45

Path : C:\Documents and Settings\Trisha Merrill\Desktop\Rooter.exe

User : Trisha Merrill ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (320)

______ \??\C:\WINDOWS\system32\csrss.exe (368)

______ \??\C:\WINDOWS\system32\winlogon.exe (392)

______ C:\WINDOWS\system32\services.exe (444)

______ C:\WINDOWS\system32\lsass.exe (456)

______ C:\WINDOWS\system32\svchost.exe (616)

______ C:\WINDOWS\system32\svchost.exe (668)

______ C:\WINDOWS\System32\svchost.exe (712)

______ C:\WINDOWS\System32\svchost.exe (792)

______ C:\WINDOWS\System32\svchost.exe (888)

______ C:\WINDOWS\system32\spoolsv.exe (1056)

______ C:\WINDOWS\Explorer.EXE (1264)

______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (1272)

______ C:\WINDOWS\System32\svchost.exe (1480)

______ C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (1544)

______ C:\Program Files\Dell\Support\Alert\bin\DAMon.exe (1564)

______ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1592)

______ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (1616)

______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1648)

______ C:\Program Files\iTunes\iTunesHelper.exe (1688)

______ C:\WINDOWS\system32\RUNDLL32.EXE (1700)

______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (1724)

______ C:\WINDOWS\system32\ctfmon.exe (1732)

______ C:\WINDOWS\system32\devldr32.exe (1812)

______ C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (1820)

______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1860)

______ C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe (2008)

______ C:\Palm\HOTSYNC.EXE (2032)

______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (308)

______ C:\Program Files\Bonjour\mDNSResponder.exe (1240)

______ C:\WINDOWS\System32\CTsvcCDA.EXE (1228)

______ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (816)

______ C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe (1536)

______ C:\WINDOWS\System32\nvsvc32.exe (1572)

______ C:\WINDOWS\system32\HPZipm12.exe (1340)

______ C:\Program Files\Internet Explorer\iexplore.exe (2432)

______ C:\WINDOWS\System32\locator.exe (2544)

______ C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (2572)

______ C:\WINDOWS\System32\svchost.exe (2608)

______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (2652)

______ C:\WINDOWS\system32\wdfmgr.exe (2684)

______ C:\WINDOWS\System32\MsPMSPSv.exe (2736)

______ C:\WINDOWS\system32\wuauclt.exe (2884)

______ C:\WINDOWS\system32\wscntfy.exe (3572)

______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3608)

______ C:\Program Files\iPod\bin\iPodService.exe (3772)

______ C:\WINDOWS\System32\alg.exe (3932)

______ C:\Documents and Settings\Trisha Merrill\Desktop\Rooter.exe (664)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)

\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:119965708800)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

C:\WINDOWS\Tasks\DESKTOP.INI

C:\WINDOWS\Tasks\SA.DAT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 22:19.56

.

C:\Rooter$\Rooter_2.txt - (31/08/2010 | 22:19.57)

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

LockSearch by jpshortstuff (05.11.09.1)

Log created at 22:21 on 31/08/2010 (Trisha Merrill)

Scanning C:\

C:\hiberfil.sys

-------------------------

C:\pagefile.sys

-------------------------

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

-------------------------

C:\Program Files\Microsoft\DesktopLayer.exe

-------------------------

-=E.O.F=-

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

CKScanner - Additional Security Risks - These are not necessarily bad

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\breakthrough\12 breakin' at the cracks.m4a

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\victoria secret's classics by request (v\06 nutcracker - pas de deux - tchaik.m4a

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\victoria secret's classics by request (v\11 nutcracker - waltz of the flowers.m4a

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\02 hold my hand.m4a

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\03 let her cry.m4a

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\08 time.m4a

c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\11 goodbye.m4a

scanner sequence 3.CE.11

----- EOF -----

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Windows Validation Check

Version: 1.8.8.3

Log Created On: 2227_31-08-2010

------------------------

Windows Information

-----------------------

Windows Version: Windows XP Service Pack 3

Windows Mode: Normal

WVCheck's Auto Update Check

-----------------------

Auto-Update Option: Download updates and install them automatically.

------------------------------

Last Success Time for Update Detection: 2010-08-01 14:31:11

Last Success Time for Update Download: 2010-07-14 08:46:00

Last Success Time for Update Installation: 2010-07-14 09:05:42

WVCheck's File Dump

-------------------

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\82L1X4IP\crossdomainCAFOQNBJ.xml

Size: 672 bytes

Matched: *cafo*

------------------------------

WVCheck's Dir Dump

-------------------

C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

Size: 0 bytes

Matched: *Genuine?Advantage*

------------------------------

WVCheck's Missing File Check

-------------------

WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check

-------------------

There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check

-------------------

WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check

EXPERIMENTAL!!

-------------------

user32.dll - b26b135ff1b9f60c9388b4a7d16f600b

-------- End of File, program close at 2229_31-08-2010 --------

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

[Rorschach112]

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

• Backup all your documents and important items only.
  
• DO NOT backup any executable files (,exe .scr .html or .htm)
  
• Do Not back up compressed files (zip/cab/rar) files that may contain .exe, .pdf, .jpg, .doc or .scr files
  
• Reformat and Reinstall as outlined HERE
  

I suggest you do the following immediately:

• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  
• From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  
• DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.