Hello,
Recently my computer seems to pause for several seconds each time before going to a new web address and I fear it may be compromised. Below are the DDS.txt, attach.txt and aswMBR log.
TIA for any help you can provide,
Bobby
DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17128 BrowserJavaVersion: 10.17.2
Run by Sandra at 10:02:34 on 2013-05-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.649 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\OBroker.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Documents and Settings\Sandra\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zinio Alert Messenger\Zinio Alert Messenger.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://toolbar.google.com/done
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Secure Online Account Numbers Helper: {435EAA86-D32B-484F-869C-53745FCB1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Secure Online Account Numbers: {A8C7C2CA-6DFD-4E16-8458-592361564D38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sandra\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [EOUApp] c:\program files\intel\wireless\bin\EOUWiz.exe
mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Secure Online Account Numbers] c:\progra~1\discover\soan\DISCOV~1.EXE /dontopenmycards
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\sandra\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sandra\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\sandra\startm~1\programs\startup\zinioa~1.lnk - c:\program files\zinio alert messenger\Zinio Alert Messenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - hxxps://www.topproduceronline.com/downloads/msjavx86.exe
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CE714350-37AD-45C5-B787-F4ED5BD9EAA7} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: IBShellExecuteHook - {54697F09-BAF4-422E-8E7A-A563B020B1A5} - c:\idrive for ibackup\IBShellView.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sandra\application data\mozilla\firefox\profiles\krdbdvsr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\discover\soan\components\SlimOrbAddonDiscoverSOAN.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\sandra\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-9-13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-9-13 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-3 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-3 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-3 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-3 84744]
R2 IBFs;IBackup File System Driver;c:\idrive for ibackup\IBfs.sys [2005-6-7 36548]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-3-28 245760]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 IBNP;IBackup Network Provider; [x]
S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;c:\windows\system32\drivers\nwusbmdm.sys [2005-9-13 63360]
S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;c:\windows\system32\drivers\nwusbser.sys [2005-9-13 63360]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-04-01 03:05:00 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-01 03:05:00 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-21 14:38:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-21 14:38:30 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-21 14:38:30 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-21 14:38:30 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-14 14:36:44 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 14:36:44 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-14 14:36:18 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-24 19:03:34 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-24 19:03:34 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-24 19:03:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-02-24 19:03:33 17408 ----a-w- c:\windows\system32\corpol.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
.
============= FINISH: 10:03:30.08 ===============
aswMBR log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-05 10:12:48
-----------------------------
10:12:48.264 OS Version: Windows 5.1.2600 Service Pack 3
10:12:48.264 Number of processors: 1 586 0xD08
10:12:48.264 ComputerName: SANDRA-LAPTOP UserName: Sandra
10:12:49.045 Initialize success
10:28:06.965 AVAST engine defs: 13050500
12:49:03.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:49:03.014 Disk 0 Vendor: FUJITSU_MHT2080AT 0022 Size: 76319MB BusType: 3
12:49:03.024 Device \Driver\atapi -> MajorFunction 89fd4450
12:49:03.064 Disk 0 MBR read successfully
12:49:03.064 Disk 0 MBR scan
12:49:03.255 Disk 0 unknown MBR code
12:49:03.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76112 MB offset 63
12:49:03.335 Disk 0 Partition 2 00 88 Linux plaintext A*Kárň'ó 203 MB offset 155878695
12:49:03.395 Disk 0 scanning sectors +156296385
12:49:03.505 Disk 0 scanning C:\WINDOWS\system32\drivers
12:49:39.357 Service scanning
12:50:18.223 Modules scanning
12:50:41.196 Disk 0 trace - called modules:
12:50:41.586 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89fd4450]<<
12:50:41.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3fa998]
12:50:41.586 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a44ff18]
12:50:41.596 5 ACPI.sys[f7588620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3a2940]
12:50:41.596 \Driver\atapi[0x8a3b58f0] -> IRP_MJ_CREATE -> 0x89fd4450
12:50:42.237 AVAST engine scan C:\WINDOWS
12:51:16.837 AVAST engine scan C:\WINDOWS\system32
12:57:28.591 AVAST engine scan C:\WINDOWS\system32\drivers
12:57:56.922 AVAST engine scan C:\Documents and Settings\Sandra
13:00:38.484 File: C:\Documents and Settings\Sandra\Desktop\dds.com **INFECTED** Win32:Malware-gen
13:33:23.160 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sandra\Desktop\MBR.dat"
13:33:23.170 The log file has been saved successfully to "C:\Documents and Settings\Sandra\Desktop\aswMBR.txt"