Hi experts, this is my first post: http://forums.spybot.info/showthread.php?69717-Man-in-the-middle-attack-various-sources-infected

My dds log as follow:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Nerd_3000 at 23:07:35 on 2013-11-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.6127.5130 [GMT 1:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TBAction] C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nerd_3000\AppData\Roaming\Mozilla\Firefox\Profiles\f7dpj2t0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/ncr
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-11-19 08:42; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Nerd_3000\AppData\Roaming\Mozilla\Firefox\Profiles\f7dpj2t0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-11-19 08:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Nerd_3000\AppData\Roaming\Mozilla\Firefox\Profiles\f7dpj2t0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-19 08:44; http://forums.spybot.info/misc.php?do=email_dev&email=Zm94eXByb3h5QGVyaWMuaC5qdW5n; C:\Users\Nerd_3000\AppData\Roaming\Mozilla\Firefox\Profiles\f7dpj2t0.default\extensions\foxyproxy@eric.h.jung
FF - ExtSQL: 2013-11-19 12:05; jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack; C:\Users\Nerd_3000\AppData\Roaming\Mozilla\Firefox\Profiles\f7dpj2t0.default\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
FF - ExtSQL: 2013-11-21 19:17; {1018e4d6-728f-4b20-ad56-37578a4de76b}; C:\Users\Nerd_3000\AppData\Roaming\Mozilla\Firefox\Profiles\f7dpj2t0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - ExtSQL: 2013-11-21 19:24; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Nerd_3000\AppData\Roaming\Mozilla\Firefox\Profiles\f7dpj2t0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2010-1-1 63904]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2010-1-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-1-1 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2010-1-1 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2010-1-1 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2010-1-1 171416]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-10-14 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-10-14 660184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-11-19 95760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-1 25928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe --> C:\Windows\System32\atiesrxx.exe [?]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-10-14 18456]
.
=============== Created Last 30 ================
.
2013-11-21 15:16:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-11-19 21:44:34 -------- d-----w- C:\Users\Nerd_3000\AppData\Local\ElevatedDiagnostics
2013-11-19 20:53:53 -------- d-----w- C:\88
2013-11-19 20:30:41 -------- d-----w- C:\Windows\System32\MRT
2013-11-19 20:30:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2013-11-19 20:30:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-11-19 20:30:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-11-19 20:30:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-11-19 20:30:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-11-19 19:58:16 760320 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-19 19:58:16 1111040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-19 19:08:37 -------- d-----w- C:\ProgramData\Analyzer
2013-11-19 19:08:32 -------- d-----w- C:\Program Files (x86)\Visual TimeAnalyzer
2013-11-19 18:17:38 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2013-11-19 18:17:38 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2013-11-19 18:15:21 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-11-19 17:51:19 -------- d-----w- C:\ProgramData\Network Security Task Manager
2013-11-19 17:50:09 -------- d-----w- C:\Program Files (x86)\Network Security Taskmanager
2013-11-19 17:43:40 -------- d-----w- C:\ProgramData\SecTaskMan
2013-11-19 17:43:37 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2013-11-19 17:36:51 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2013-11-19 17:35:55 640896 ----a-w- C:\Windows\System32\winload.efi
2013-11-19 17:34:58 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-11-19 17:33:35 77312 ----a-w- C:\Windows\System32\packager.dll
2013-11-19 17:33:35 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-11-19 17:27:59 314568 ----a-w- C:\Windows\System32\PROUnstl.exe
2013-11-19 17:26:16 91840 ----a-w- C:\Windows\System32\NicInstC.dll
2013-11-19 17:26:16 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2013-11-19 17:26:15 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
2013-11-19 17:26:15 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2013-11-19 17:25:39 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-11-19 17:20:07 -------- d-----w- C:\Users\Nerd_3000\AppData\Local\ATI
2013-11-19 17:19:54 0 ----a-w- C:\Windows\ativpsrm.bin
2013-11-19 17:19:07 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-11-19 17:18:06 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-11-19 17:18:01 64000 ----a-w- C:\Windows\System32\coinst.dll
2013-11-19 17:18:01 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2013-11-19 17:17:34 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-11-19 17:17:29 -------- d-----w- C:\Program Files\ATI
2013-11-19 17:16:47 -------- d-----w- C:\Program Files\ATI Technologies
2013-11-19 16:35:39 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2013-11-19 16:35:39 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2013-11-19 11:01:36 58880 ----a-w- C:\Windows\System32\browcli.dll
2013-11-19 11:01:36 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-11-19 11:01:36 136704 ----a-w- C:\Windows\System32\browser.dll
2013-11-19 10:58:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-11-19 10:58:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-11-19 10:58:16 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-11-19 10:58:16 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-11-19 07:53:08 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5FA0C30-CCF5-4DB2-9EFE-7A4873E91A71}\mpengine.dll
.
==================== Find3M ====================
.
2013-10-14 10:04:42 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-09-20 09:49:34 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
.
============= FINISH: 23:10:21,32 ===============

And here is my aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-21 23:16:32
-----------------------------
23:16:32.440 OS Version: Windows x64 6.1.7600
23:16:32.440 Number of processors: 4 586 0x2A07
23:16:32.441 ComputerName: NERD_3000-PC UserName: Nerd_3000
23:16:32.563 Initialize success
23:25:38.018 AVAST engine defs: 13112101
23:25:53.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:25:53.618 Disk 0 Vendor: KINGSTON_SV300S37A60G 505ABBF1 Size: 57241MB BusType: 11
23:25:53.633 Disk 0 MBR read successfully
23:25:53.633 Disk 0 MBR scan
23:25:53.633 Disk 0 Windows 7 default MBR code
23:25:53.633 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:25:53.633 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
23:25:53.649 Disk 0 scanning C:\Windows\system32\drivers
23:25:55.615 Service scanning
23:26:00.544 Modules scanning
23:26:00.544 Disk 0 trace - called modules:
23:26:00.544 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:26:00.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800655a060]
23:26:00.544 3 CLASSPNP.SYS[fffff880018ba43f] -> nt!IofCallDriver -> [0xfffffa8005f059b0]
23:26:00.560 5 ACPI.sys[fffff88000f1c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ea6060]
23:26:00.669 AVAST engine scan C:\Windows
23:26:00.903 AVAST engine scan C:\Windows\system32
23:26:34.022 AVAST engine scan C:\Windows\system32\drivers
23:26:36.362 AVAST engine scan C:\Users\Nerd_3000
23:26:38.842 AVAST engine scan C:\ProgramData
23:26:39.388 Scan finished successfully
23:27:04.411 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
23:27:04.458 The log file has been saved successfully to "H:\aswMBR.txt"


Thank you very much!

Stephan

Hi, I could not open some new thread at the four days reminder forum....

So, "tashi", could you do for me?

thx, Stephan

:welcome:

Sorry for the delay,


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Still need help ?

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.