Breakfix
2012-11-17, 04:12
Hi
Recently I have noticed a major performance decrease in my laptop.
The computer loads up very slow. I can't play movies or watch even Youtube clips properly without the video stuttering throughout.
I ran a couple of virus scans in both safe and normal mode using Avira and Malwarebytes. Some Trojans were detected and removed. Though I didn't make of note of which ones they were at the time. However, the laptop is still experiencing the same problems. So i'm pretty sure the virus is still around and doing a good job at hiding.
I've been scanning for 3 days straight and I need professional help to find and remove the infection.
Please can you help...
Kind Regards
Please see below the following logs as requested in post 2 of the FAQ:
DDS.txt
attach.txt (zipped and attached)
aswMBR log file
Spybot log file
DDS.txt
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Raid at 23:25:07 on 2012-11-16
Microsoft Windows XP Home Edition 5.1.2600.3.1256.964.1033.18.758.214 [GMT 0:00]
.
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.bigseekpro.com/eltima/{97400F70-77BA-4D49-A4C1-3140BDB058DE}
uInternet Connection Wizard,ShellNext = hxxp://www.vaio-link.com/vu/update.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: ALLYouTubeDownloader: {61DB16C5-B733-43F4-872E-B20DC9E72740} - c:\program files\allyoutubedownloader\ALLYouTubeDownloader.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - c:\program files\allplayer\iplex\IplexToALLPlayer.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\eltima toolbar\tbcore3.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - c:\program files\zonealarm_security\prxtbZon0.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\raid\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341847199000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341847176218
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8A2B4BAD-28E5-4AA3-87D8-90FAFF3ADC9D} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\raid\application data\mozilla\firefox\profiles\xvbj20gk.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - ExtSQL: 2012-10-20 10:31; IplextoALL@ALLPlayer.org; c:\documents and settings\raid\application data\mozilla\firefox\profiles\xvbj20gk.default\extensions\IplextoALL@ALLPlayer.org
FF - ExtSQL: 2012-10-20 10:33; YouTubetoALL@ALLPlayer.org; c:\documents and settings\raid\application data\mozilla\firefox\profiles\xvbj20gk.default\extensions\YouTubetoALL@ALLPlayer.org
.
============= SERVICES / DRIVERS ===============
.
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-24 242240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-3-20 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\pspad editor\PSPad.exe" "%1"
.
=============== Created Last 30 ================
.
2012-11-16 13:35:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-11-16 02:04:29 -------- d-----w- c:\documents and settings\raid\application data\Immunet
2012-11-08 20:12:04 98816 ----a-w- c:\windows\sed.exe
2012-11-08 20:12:04 256000 ----a-w- c:\windows\PEV.exe
2012-11-08 20:12:04 208896 ----a-w- c:\windows\MBR.exe
2012-11-08 18:12:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-08 18:12:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-20 09:46:38 -------- d-----w- c:\program files\Codec Pack - All In 1
2012-10-20 09:38:46 -------- d-----w- c:\documents and settings\raid\application data\BSplayer Pro
2012-10-20 09:38:46 -------- d-----w- c:\documents and settings\raid\application data\BSplayer
2012-10-20 09:38:45 -------- d-----w- c:\program files\Webteh
2012-10-20 09:37:51 -------- d-----w- c:\program files\foobar2000
2012-10-20 09:37:14 -------- d-----w- c:\program files\Avidemux 2.6
2012-10-20 09:35:14 -------- d-----w- c:\program files\Winamp Detect
2012-10-20 09:33:08 -------- d-----w- c:\program files\ALLYouTubeDownloader
2012-10-20 09:32:54 -------- d-----w- c:\documents and settings\raid\local settings\application data\ALLMediaServer
2012-10-20 09:32:53 -------- d-----w- c:\program files\ALLMediaServer
2012-10-20 09:32:23 -------- d-----w- c:\documents and settings\raid\local settings\application data\ALLPlayer
2012-10-20 09:32:17 258048 ----a-w- c:\windows\system32\libFLAC.dll
2012-10-20 09:31:48 -------- d-----w- c:\program files\ALLPlayer
2012-10-20 09:20:25 -------- d-----w- c:\documents and settings\raid\application data\CometPlayer
2012-10-20 09:20:20 -------- d-----w- c:\documents and settings\raid\application data\tigerplayer
2012-10-20 09:20:18 -------- d-----w- c:\program files\MpcStar
2012-10-20 09:16:39 -------- d-----w- c:\program files\GRETECH
2012-10-20 09:03:44 -------- d-----w- c:\documents and settings\raid\application data\XBMC
2012-10-20 09:03:22 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-10-20 09:03:16 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-10-20 09:00:40 -------- d-----w- c:\program files\XBMC
2012-10-20 08:55:03 -------- d-----w- c:\program files\Quintessential Media Player
2012-10-20 08:35:38 -------- d-----w- c:\program files\PANDORA.TV
2012-10-20 08:33:10 -------- d-----w- c:\program files\The KMPlayer
.
==================== Find3M ====================
.
2012-11-12 07:45:04 86016 ----a-w- c:\windows\system32\msxml4r.dll
2012-10-16 03:10:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 03:10:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 18:35:28 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-24 10:29:20 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-24 10:29:20 22328 ----a-w- c:\documents and settings\raid\application data\PnkBstrK.sys
2012-09-24 10:28:47 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-24 10:28:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-02 07:24:34 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
.
============= FINISH: 23:26:44.28 ===============
aswMBR log file
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 23:35:22
-----------------------------
23:35:22.312 OS Version: Windows 5.1.2600 Service Pack 3
23:35:22.312 Number of processors: 1 586 0xD08
23:35:22.312 ComputerName: YOUR-A1A59965FA UserName: Raid
23:35:23.406 Initialize success
23:43:04.046 AVAST engine defs: 12111601
23:43:24.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:43:24.578 Disk 0 Vendor: FUJITSU_MHV2080AT 00000096 Size: 76319MB BusType: 3
23:43:24.593 Disk 1 \Device\Harddisk1\DR4 -> \Device\00000082
23:43:24.593 Disk 1 Vendor: ( Size: 76319MB BusType: 0
23:43:25.062 Disk 0 MBR read successfully
23:43:25.062 Disk 0 MBR scan
23:43:25.500 Disk 0 Windows XP default MBR code
23:43:25.578 Disk 0 Partition 1 00 12 Compaq diag NTFS 7153 MB offset 63
23:43:25.687 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 28615 MB offset 14651280
23:43:25.921 Disk 0 Partition - 00 0F Extended LBA 40546 MB offset 73256400
23:43:26.015 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40546 MB offset 73256463
23:43:26.093 Disk 0 scanning sectors +156296385
23:43:27.359 Disk 0 scanning C:\WINDOWS\system32\drivers
23:45:32.140 Service scanning
23:47:43.140 Modules scanning
23:48:33.359 Disk 0 trace - called modules:
23:48:33.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:48:33.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83921ab8]
23:48:33.390 3 CLASSPNP.SYS[f765cfd7] -> nt!IofCallDriver -> \Device\0000007a[0x83967338]
23:48:33.390 5 ACPI.sys[f74d3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83991940]
23:48:37.359 AVAST engine scan C:\WINDOWS
23:49:08.218 AVAST engine scan C:\WINDOWS\system32
00:08:02.515 AVAST engine scan C:\WINDOWS\system32\drivers
00:09:09.328 AVAST engine scan C:\Documents and Settings\Raid
00:12:03.812 AVAST engine scan C:\Documents and Settings\All Users
00:15:40.500 Scan finished successfully
00:16:48.890 Disk 0 MBR has been saved successfully to "D:\Security\MBR.dat"
00:16:48.890 The log file has been saved successfully to "D:\Security\aswMBR.txt"
00:17:45.609 Disk 0 MBR has been saved successfully to "D:\Security\MBR.dat"
00:17:45.625 The log file has been saved successfully to "D:\Security\aswMBR.txt"
00:22:01.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Raid\Desktop\MBR.dat"
00:22:01.625 The log file has been saved successfully to "C:\Documents and Settings\Raid\Desktop\aswMBR.txt"
Spybot log file
Common Dialogs: History (4 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Office\11.0\Word\Data\Settings
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (20 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
History: [SBI $49804B54] History (4) (History, nothing done)
Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-01-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
End of Reports
Recently I have noticed a major performance decrease in my laptop.
The computer loads up very slow. I can't play movies or watch even Youtube clips properly without the video stuttering throughout.
I ran a couple of virus scans in both safe and normal mode using Avira and Malwarebytes. Some Trojans were detected and removed. Though I didn't make of note of which ones they were at the time. However, the laptop is still experiencing the same problems. So i'm pretty sure the virus is still around and doing a good job at hiding.
I've been scanning for 3 days straight and I need professional help to find and remove the infection.
Please can you help...
Kind Regards
Please see below the following logs as requested in post 2 of the FAQ:
DDS.txt
attach.txt (zipped and attached)
aswMBR log file
Spybot log file
DDS.txt
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Raid at 23:25:07 on 2012-11-16
Microsoft Windows XP Home Edition 5.1.2600.3.1256.964.1033.18.758.214 [GMT 0:00]
.
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.bigseekpro.com/eltima/{97400F70-77BA-4D49-A4C1-3140BDB058DE}
uInternet Connection Wizard,ShellNext = hxxp://www.vaio-link.com/vu/update.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: ALLYouTubeDownloader: {61DB16C5-B733-43F4-872E-B20DC9E72740} - c:\program files\allyoutubedownloader\ALLYouTubeDownloader.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - c:\program files\allplayer\iplex\IplexToALLPlayer.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\eltima toolbar\tbcore3.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - c:\program files\zonealarm_security\prxtbZon0.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\raid\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341847199000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341847176218
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8A2B4BAD-28E5-4AA3-87D8-90FAFF3ADC9D} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\raid\application data\mozilla\firefox\profiles\xvbj20gk.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - ExtSQL: 2012-10-20 10:31; IplextoALL@ALLPlayer.org; c:\documents and settings\raid\application data\mozilla\firefox\profiles\xvbj20gk.default\extensions\IplextoALL@ALLPlayer.org
FF - ExtSQL: 2012-10-20 10:33; YouTubetoALL@ALLPlayer.org; c:\documents and settings\raid\application data\mozilla\firefox\profiles\xvbj20gk.default\extensions\YouTubetoALL@ALLPlayer.org
.
============= SERVICES / DRIVERS ===============
.
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-24 242240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-3-20 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\pspad editor\PSPad.exe" "%1"
.
=============== Created Last 30 ================
.
2012-11-16 13:35:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-11-16 02:04:29 -------- d-----w- c:\documents and settings\raid\application data\Immunet
2012-11-08 20:12:04 98816 ----a-w- c:\windows\sed.exe
2012-11-08 20:12:04 256000 ----a-w- c:\windows\PEV.exe
2012-11-08 20:12:04 208896 ----a-w- c:\windows\MBR.exe
2012-11-08 18:12:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-08 18:12:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-20 09:46:38 -------- d-----w- c:\program files\Codec Pack - All In 1
2012-10-20 09:38:46 -------- d-----w- c:\documents and settings\raid\application data\BSplayer Pro
2012-10-20 09:38:46 -------- d-----w- c:\documents and settings\raid\application data\BSplayer
2012-10-20 09:38:45 -------- d-----w- c:\program files\Webteh
2012-10-20 09:37:51 -------- d-----w- c:\program files\foobar2000
2012-10-20 09:37:14 -------- d-----w- c:\program files\Avidemux 2.6
2012-10-20 09:35:14 -------- d-----w- c:\program files\Winamp Detect
2012-10-20 09:33:08 -------- d-----w- c:\program files\ALLYouTubeDownloader
2012-10-20 09:32:54 -------- d-----w- c:\documents and settings\raid\local settings\application data\ALLMediaServer
2012-10-20 09:32:53 -------- d-----w- c:\program files\ALLMediaServer
2012-10-20 09:32:23 -------- d-----w- c:\documents and settings\raid\local settings\application data\ALLPlayer
2012-10-20 09:32:17 258048 ----a-w- c:\windows\system32\libFLAC.dll
2012-10-20 09:31:48 -------- d-----w- c:\program files\ALLPlayer
2012-10-20 09:20:25 -------- d-----w- c:\documents and settings\raid\application data\CometPlayer
2012-10-20 09:20:20 -------- d-----w- c:\documents and settings\raid\application data\tigerplayer
2012-10-20 09:20:18 -------- d-----w- c:\program files\MpcStar
2012-10-20 09:16:39 -------- d-----w- c:\program files\GRETECH
2012-10-20 09:03:44 -------- d-----w- c:\documents and settings\raid\application data\XBMC
2012-10-20 09:03:22 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-10-20 09:03:16 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-10-20 09:00:40 -------- d-----w- c:\program files\XBMC
2012-10-20 08:55:03 -------- d-----w- c:\program files\Quintessential Media Player
2012-10-20 08:35:38 -------- d-----w- c:\program files\PANDORA.TV
2012-10-20 08:33:10 -------- d-----w- c:\program files\The KMPlayer
.
==================== Find3M ====================
.
2012-11-12 07:45:04 86016 ----a-w- c:\windows\system32\msxml4r.dll
2012-10-16 03:10:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 03:10:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 18:35:28 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-24 10:29:20 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-24 10:29:20 22328 ----a-w- c:\documents and settings\raid\application data\PnkBstrK.sys
2012-09-24 10:28:47 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-24 10:28:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-02 07:24:34 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
.
============= FINISH: 23:26:44.28 ===============
aswMBR log file
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 23:35:22
-----------------------------
23:35:22.312 OS Version: Windows 5.1.2600 Service Pack 3
23:35:22.312 Number of processors: 1 586 0xD08
23:35:22.312 ComputerName: YOUR-A1A59965FA UserName: Raid
23:35:23.406 Initialize success
23:43:04.046 AVAST engine defs: 12111601
23:43:24.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:43:24.578 Disk 0 Vendor: FUJITSU_MHV2080AT 00000096 Size: 76319MB BusType: 3
23:43:24.593 Disk 1 \Device\Harddisk1\DR4 -> \Device\00000082
23:43:24.593 Disk 1 Vendor: ( Size: 76319MB BusType: 0
23:43:25.062 Disk 0 MBR read successfully
23:43:25.062 Disk 0 MBR scan
23:43:25.500 Disk 0 Windows XP default MBR code
23:43:25.578 Disk 0 Partition 1 00 12 Compaq diag NTFS 7153 MB offset 63
23:43:25.687 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 28615 MB offset 14651280
23:43:25.921 Disk 0 Partition - 00 0F Extended LBA 40546 MB offset 73256400
23:43:26.015 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40546 MB offset 73256463
23:43:26.093 Disk 0 scanning sectors +156296385
23:43:27.359 Disk 0 scanning C:\WINDOWS\system32\drivers
23:45:32.140 Service scanning
23:47:43.140 Modules scanning
23:48:33.359 Disk 0 trace - called modules:
23:48:33.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:48:33.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83921ab8]
23:48:33.390 3 CLASSPNP.SYS[f765cfd7] -> nt!IofCallDriver -> \Device\0000007a[0x83967338]
23:48:33.390 5 ACPI.sys[f74d3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83991940]
23:48:37.359 AVAST engine scan C:\WINDOWS
23:49:08.218 AVAST engine scan C:\WINDOWS\system32
00:08:02.515 AVAST engine scan C:\WINDOWS\system32\drivers
00:09:09.328 AVAST engine scan C:\Documents and Settings\Raid
00:12:03.812 AVAST engine scan C:\Documents and Settings\All Users
00:15:40.500 Scan finished successfully
00:16:48.890 Disk 0 MBR has been saved successfully to "D:\Security\MBR.dat"
00:16:48.890 The log file has been saved successfully to "D:\Security\aswMBR.txt"
00:17:45.609 Disk 0 MBR has been saved successfully to "D:\Security\MBR.dat"
00:17:45.625 The log file has been saved successfully to "D:\Security\aswMBR.txt"
00:22:01.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Raid\Desktop\MBR.dat"
00:22:01.625 The log file has been saved successfully to "C:\Documents and Settings\Raid\Desktop\aswMBR.txt"
Spybot log file
Common Dialogs: History (4 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Office\11.0\Word\Data\Settings
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (20 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402992178-2254945426-2603433676-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
History: [SBI $49804B54] History (4) (History, nothing done)
Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-01-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
End of Reports