PDA

View Full Version : PC high jacked by trojans , worms, bots


Dewey5718
2012-02-25, 23:04
HP Pavilion pv6 , is infected by at least 4 to six different bugs. I have tried things such as combofix , HJT , OTL.exe . Several anti virus downloads . Noy one together or alone have completly deleted bugs. Spybot search and destroy or .

I would please like some help and advice re; my problems . I aam going to attemp to attach DDS results . Thank you for being here to help newbies like me Dewey5718 PS. Twice the zip dds ,has failed . My bugs at work ? a copy and paste Sorry..
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by RAC at 14:07:30 on 2012-02-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2356 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Destop\Process Hacker 2\ProcessHacker.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Destop\Process Hacker 2\ProcessHacker.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
uURLSearchHooks: H - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Process Hacker 2] "C:\Destop\Process Hacker 2\ProcessHacker.exe" -hide
uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{F5421A8D-9195-4342-9877-CA402417CA32} : DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{F5421A8D-9195-4342-9877-CA402417CA32}\27161393534353731383D697177756374733033303 : DhcpNameServer = 192.168.0.1 205.171.3.65
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: taskmgr.exe - "C:\Destop\Process Hacker 2\ProcessHacker.exe"
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
IFEO-X64: taskmgr.exe - "C:\Destop\Process Hacker 2\ProcessHacker.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-22 497496]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-25 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-2-22 404728]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-2-22 821592]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2012-2-22 36792]
R2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2012-2-20 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-25 2533400]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-2-22 21384]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-2-22 33184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-2-22 21872]
R4 KProcessHacker2;KProcessHacker2;C:\Destop\Process Hacker 2\kprocesshacker.sys [2012-2-23 36424]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/25 01:48:42;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-10-25 245232]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-25 19:39:07 -------- d-----w- C:\Users\RAC\AppData\Roaming\FixCleaner
2012-02-25 19:39:05 -------- d-----w- C:\Program Files (x86)\FixCleaner
2012-02-25 15:42:43 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D123C9D6-FE50-491D-9C25-A071AA9064BE}\mpengine.dll
2012-02-24 23:08:54 -------- d-----w- C:\Users\RAC\AppData\Local\Little_Apps
2012-02-24 23:06:57 -------- d-----w- C:\Program Files\Common Files\Little Registry Cleaner
2012-02-24 23:02:40 -------- d-----w- C:\Users\RAC\AppData\Local\WeatherBug
2012-02-24 23:02:36 -------- d-----w- C:\Users\RAC\AppData\Roaming\WeatherBug
2012-02-24 23:02:32 -------- d-----w- C:\Program Files (x86)\Setup Support for Weatherbug
2012-02-24 23:02:29 18944 ----a-r- C:\Users\RAC\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-02-24 23:00:50 -------- d-----w- C:\Users\RAC\AppData\Local\Babylon
2012-02-24 23:00:49 -------- d-----w- C:\Users\RAC\AppData\Roaming\Babylon
2012-02-24 23:00:49 -------- d-----w- C:\ProgramData\Babylon
2012-02-24 18:03:30 -------- d-----w- C:\Users\RAC\Tracing
2012-02-24 15:24:39 -------- d-----w- C:\Users\RAC\AppData\Local\Adobe
2012-02-24 07:25:04 -------- d-----w- C:\Program Files\Motorola Inc
2012-02-24 07:25:04 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-02-24 07:24:57 -------- d-----w- C:\Program Files (x86)\Motorola
2012-02-24 07:24:57 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-02-23 22:17:50 -------- d-----w- C:\Users\RAC\AppData\Roaming\Process Hacker 2
2012-02-23 19:35:21 -------- d-----w- C:\Users\RAC\AppData\Roaming\Curiolab
2012-02-23 18:33:19 -------- d-----w- C:\Users\RAC\AppData\Roaming\AVG
2012-02-23 18:22:00 -------- d--h--w- C:\ProgramData\Common Files
2012-02-23 18:19:47 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-23 18:12:19 -------- d-----w- C:\ProgramData\MFAData
2012-02-23 18:11:21 -------- d-----w- C:\Users\RAC\AppData\Roaming\SanDisk
2012-02-23 00:38:46 -------- d-----w- C:\Users\RAC\AppData\Roaming\Nico Mak Computing
2012-02-23 00:38:43 18760 ----a-w- C:\Windows\System32\roboot64.exe
2012-02-23 00:38:36 -------- d-----w- C:\ProgramData\IObit
2012-02-22 22:00:32 -------- d-----w- C:\Users\RAC\AppData\Roaming\Windows Live Writer
2012-02-22 22:00:32 -------- d-----w- C:\Users\RAC\AppData\Local\Windows Live Writer
2012-02-22 20:08:24 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-02-22 20:08:24 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-02-22 20:08:24 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-02-22 20:07:54 -------- d-----w- C:\Users\RAC\AppData\Roaming\IObit
2012-02-22 20:07:53 -------- d-----w- C:\Program Files (x86)\IObit
2012-02-22 16:51:35 -------- d-----w- C:\Users\RAC\AppData\Local\ElevatedDiagnostics
2012-02-22 16:20:54 -------- d-----w- C:\Users\RAC\AppData\Local\HuluDesktop
2012-02-22 16:04:58 -------- d-----w- C:\Users\RAC\AppData\Roaming\OpenCandy
2012-02-22 14:05:38 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-22 13:19:49 -------- d-----w- C:\Program Files (x86)\BackUpDutyLite
2012-02-22 13:19:48 -------- d-----w- C:\Program Files (x86)\RegWork
2012-02-22 05:06:52 -------- d-----w- C:\CCE_Quarantine
2012-02-22 03:06:38 -------- d-----w- C:\Users\RAC\AppData\Local\CrashDumps
2012-02-22 03:05:48 -------- d-----w- C:\Users\RAC\AppData\Local\Comodo
2012-02-22 03:05:32 -------- d-----w- C:\Program Files (x86)\Comodo
2012-02-22 03:04:51 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-02-21 23:33:39 -------- d-----w- C:\Users\RAC\AppData\Local\CyberLink
2012-02-21 23:33:38 -------- d-----w- C:\Users\RAC\AppData\Local\PowerCinema
2012-02-21 22:40:21 -------- d-----w- C:\Desktop
2012-02-21 20:55:03 -------- d-----w- C:\Users\RAC\AppData\Local\Windows Live
2012-02-21 20:55:03 -------- d-----w- C:\Users\RAC\AppData\Local\{5DD26411-A649-4B62-BEBA-E3721293EFDE}
2012-02-21 20:02:41 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-02-21 17:51:55 -------- d-----w- C:\Users\RAC\AppData\Local\SoftGrid Client
2012-02-21 17:51:54 -------- d-----w- C:\Users\RAC\AppData\Roaming\SoftGrid Client
2012-02-21 17:51:06 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-21 17:50:52 -------- d-----w- C:\Users\RAC\AppData\Roaming\TP
2012-02-21 17:43:48 -------- d-----w- C:\desktopMalwarebytes' Anti-Malware
2012-02-21 17:22:15 -------- d-----w- C:\Users\RAC\AppData\Local\IsolatedStorage
2012-02-21 14:58:45 -------- d-----w- C:\Destop
2012-02-21 14:44:52 -------- d--h--w- C:\Windows\msdownld.tmp
2012-02-21 04:23:36 -------- d-----w- C:\Spybot - Search & Destroy
2012-02-21 04:23:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-21 04:10:03 -------- d-----w- C:\Users\RAC\AppData\Local\Google
2012-02-20 14:36:41 -------- d-----w- C:\Users\RAC\AppData\Roaming\Malwarebytes
2012-02-20 14:36:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-20 14:36:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-20 00:51:09 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-20 00:30:25 -------- d-----w- C:\Users\RAC\AppData\Local\Microsoft_Corporation
2012-02-19 23:23:41 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-02-19 19:38:46 -------- d-----w- C:\Users\RAC\AppData\Local\temp
2012-02-19 19:34:18 -------- d-----w- C:\$RECYCLE.BIN
2012-02-19 18:20:56 -------- d-----w- C:\Users\RAC\AppData\Roaming\InfraRecorder
2012-02-19 18:20:52 -------- d-----w- C:\Program Files (x86)\InfraRecorder
2012-02-19 18:02:17 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys
2012-02-19 18:02:12 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys
2012-02-19 18:02:11 -------- d-----w- C:\Program Files (x86)\Nero
2012-02-19 18:02:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-19 18:01:25 -------- d-----w- C:\Users\RAC\AppData\Local\AskToolbar
2012-02-19 17:52:34 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-02-19 17:52:34 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-02-19 17:52:34 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-02-19 17:52:34 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-02-19 17:52:34 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-02-19 17:51:20 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-02-19 17:50:11 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-02-19 17:49:04 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-02-19 17:47:53 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2012-02-19 17:46:49 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-02-19 16:50:50 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-19 03:06:03 -------- d-----w- C:\Windows\System32\SPReview
2012-02-19 03:04:33 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-19 03:01:58 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-19 03:00:59 78720 ----a-w- C:\Windows\System32\drivers\HpSAMD.sys
2012-02-19 02:59:54 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-02-19 02:59:35 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-02-19 02:59:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-02-19 02:59:35 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-02-19 02:57:18 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-02-19 02:57:18 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-02-19 02:57:09 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-02-19 02:44:09 -------- d-----w- C:\Users\RAC\AppData\Roaming\ZumoDrive
2012-02-18 19:22:44 -------- d-----w- C:\ProgramData\SecTaskMan
2012-02-18 19:22:39 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-02-18 17:18:25 165376 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-02-18 17:18:23 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-02-18 17:18:14 -------- d-----w- C:\Program Files\Open Freely
2012-02-18 17:17:29 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-18 12:44:58 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-02-18 12:44:57 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-18 12:44:57 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-18 12:44:57 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-18 12:44:57 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-18 12:24:25 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-18 12:24:25 -------- d-----w- C:\Windows\System32\Wat
2012-02-18 09:27:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-02-18 09:22:52 -------- d-----w- C:\Users\RAC\AppData\Local\Diagnostics
2012-02-18 09:17:14 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-02-18 06:20:13 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-02-18 06:01:45 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-18 06:01:45 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-18 06:01:23 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-02-18 06:01:22 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-18 06:01:21 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-02-18 06:01:17 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-18 06:01:16 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-02-18 06:01:15 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-02-18 06:01:15 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-02-18 05:59:49 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-02-18 05:58:44 642944 ----a-w- C:\Windows\System32\winload.efi
2012-02-18 03:24:46 -------- d-----w- C:\Users\RAC\AppData\Roaming\hpqLog
2012-02-18 03:24:39 -------- d-----w- C:\Users\RAC\AppData\Roaming\Stardock
2012-02-18 03:23:43 -------- d-----w- C:\Users\RAC\AppData\Local\RemEngine
2012-02-18 03:19:40 -------- d-----w- C:\Users\RAC\AppData\Local\Hewlett-Packard
2012-02-18 03:19:27 -------- d-----w- C:\Users\RAC\AppData\Local\Hewlett-Packard_Company
2012-02-18 03:18:03 -------- d-----w- C:\Users\RAC\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-02-19 03:12:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-19 03:12:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-18 04:38:27 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
.
============= FINISH: 14:09:48.01 ===============
ken545
2012-03-04, 17:33
:welcome:

Sorry for the delay, sometime a thread or two falls through the cracks. What are you experiencing to make you think your infected, any browser redirects ?


If you still need help then do this

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
ken545
2012-03-09, 10:18
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.