Hi there. Thanks for your help beforehand. I have done numerous scans with spybot and have got it down to two bits of malware that I can't get rid of; one of which was browser cache and (I think!) the other was a driver malware, but could be wrong; Hopefully it is in the logs. As you can gather from the title one of the malware was win32.downloader, which I have (along with all the other entries, apart from the two previously mentioned) got rid of. The reason I think it might be win32.downloader is before I went online I removed the Microsoft security essentials virus checker. The symptoms are: that the hard disk periodly thrashes sparodically for a number of seconds, the program history in the start menu has been removed and I had a report of virtual memory running out.
Please find dds.txt and aswMBR.txt below and attach.txt attached. Thanks
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by severin at 14:38:36 on 2014-03-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.551 [GMT 0:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: CIEDownloadManager Object: {C9F97205-62A3-41F2-9F2C-D99392F882EB} - LocalServer32 - <no file>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTA2MzUzNzYwLVhPMTArMi1RSVgxKzQtWDIwMTArMi1WSVAxMCsxLUxJQysyLVNQMSsxLVNVUCs0LUZMMTArMS1TUDFTNCsxLUREVCsyNDI5OS1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=90"&"ver=10.0.1416
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5D9AABCE-6BF6-430B-A590-31E920E8400F} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-30 64288]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-4 1042272]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-4 3921880]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-4 171416]
S3 KLIF;KLIF;\??\c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-03-05 14:28:08 -------- d-----w- c:\documents and settings\severin\local settings\application data\PCHealth
2014-03-04 17:31:00 -------- d-----w- C:\01d9e00a321d0f373641
2014-03-04 16:41:56 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-03-04 16:41:56 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2014-03-04 16:40:13 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-04 16:39:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-04 16:39:22 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2014-03-04 16:39:22 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2014-03-04 16:38:05 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-03-04 16:38:05 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2014-03-04 16:38:05 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-03-04 16:38:05 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-03-04 14:37:06 -------- d-----w- c:\windows\system32\MRT
2014-03-04 14:32:57 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2014-03-04 14:32:57 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
==================== Find3M ====================
.
2014-03-04 17:21:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-04 17:21:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 14:39:23.39 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-05 14:41:48
-----------------------------
14:41:48.671 OS Version: Windows 5.1.2600 Service Pack 3
14:41:48.671 Number of processors: 2 586 0x409
14:41:48.671 ComputerName: SEVERIN-BE38D64 UserName: severin
14:41:49.062 Initialize success
14:43:48.171 AVAST engine defs: 14030401
14:45:01.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b
14:45:01.546 Disk 0 Vendor: HDS728080PLAT20 PF2OA2AA Size: 78533MB BusType: 3
14:45:01.703 Disk 0 MBR read successfully
14:45:01.703 Disk 0 MBR scan
14:45:01.750 Disk 0 Windows XP default MBR code
14:45:01.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78520 MB offset 63
14:45:01.765 Disk 0 scanning sectors +160810650
14:45:01.937 Disk 0 scanning C:\WINDOWS\system32\drivers
14:45:13.343 Service scanning
14:45:38.140 Modules scanning
14:46:14.250 Disk 0 trace - called modules:
14:46:14.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
14:46:14.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86114ab8]
14:46:14.265 3 CLASSPNP.SYS[f75f0fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8612c9e8]
14:46:14.265 5 ACPI.sys[f7487620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-b[0x8612cd98]
14:46:15.375 AVAST engine scan C:\WINDOWS
14:46:21.343 AVAST engine scan C:\WINDOWS\system32
14:49:19.812 AVAST engine scan C:\WINDOWS\system32\drivers
14:49:38.453 AVAST engine scan C:\Documents and Settings\severin
14:52:36.203 AVAST engine scan C:\Documents and Settings\All Users
14:53:16.375 Scan finished successfully
14:54:54.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\severin\Desktop\MBR.dat"
14:54:54.671 The log file has been saved successfully to "C:\Documents and Settings\severin\Desktop\aswMBR.txt"