Hi, I am fighting against a really annoying little bugger. It started yesterday, as Firefox was suddenly shut down. Pop-ups appeared in the lower right corner that looked very similar to the Windows security center and they were telling me that my HDDs were corrupted, everything full of viruses and so on.

I tried to remove it with AVG free which I have always running, but it did not find anything. MBAM and Spybot (1 and 2) did not find anything neither. I did also try Hijackthis and TrendMicro HouseCall without any result. Normally, this should have helped but it didn't. So I am really desperate

The content of my second HDD (D) is cloaked, can't access or see it. C does also appear to be mostly empty but I can access installed programs via some detours.

Thank you VERY much in advance!

This is the DDS log:


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Stine at 10:58:10 on 2012-03-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1980.882 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
C:\Users\Stine\AppData\Local\Temp\HouseCall\housecall.bin
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uWindows: Load=C:\Users\Stine\LOCALS~1\Temp\msjduhe.com
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [MyBrowserCash Automatic Updater] C:\Windows\system32\MyBrowserCashUpdater.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C8E7CBFB-9F2E-42C7-B4CB-D4B7FC89A363} - hxxp://www.gather.com/imageuploader/GatherUploader5.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{E2AA6D53-D891-4386-87DF-D895AED8EF0E} : DhcpNameServer = 192.168.178.1
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stine\AppData\Roaming\Mozilla\Firefox\Profiles\rqd8rrnh.default\
FF - prefs.js: browser.search.selectedEngine - Tixuma
FF - prefs.js: browser.startup.homepage - hxxp://www.klamm.de/
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2011-6-26 2066968]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Secunia Update Agent;Secunia Update Agent;"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service --> C:\Program Files (x86)\Secunia\PSI\sua.exe [?]
S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-03-18 09:48:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-03-17 18:32:45 -------- d-----w- C:\Windows\IrfanView
2012-03-17 18:32:22 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-03-17 18:32:22 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-03-17 18:32:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-03-17 18:32:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-03-17 18:19:41 -------- d-----w- C:\Users\Stine\AppData\Local\WindowsUpdate
2012-03-17 18:16:00 -------- d-----w- C:\Users\Stine\AppData\Local\Secunia PSI
2012-03-17 16:41:28 -------- d-----w- C:\Windows\pss
2012-03-17 16:05:31 347136 ---ha-w- C:\ProgramData\1Ado7CKqiesD67.exe
2012-03-17 10:25:40 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-17 10:25:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-17 10:25:38 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-17 10:09:31 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-03-17 10:08:38 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-17 10:08:38 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-03-17 10:06:51 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-17 10:06:50 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-17 10:02:03 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 10:02:03 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-11 09:15:13 -------- d--h--w- C:\Users\Stine\AppData\Roaming\kodak
2012-03-10 08:01:27 -------- d--h--w- C:\Users\Stine\AppData\Roaming\Ughoahh
2012-03-10 08:01:27 -------- d--h--w- C:\Users\Stine\AppData\Roaming\Cufiwoe
2012-03-04 09:26:02 -------- d--h--w- C:\Users\Stine\AppData\Roaming\Syewoce
2012-03-04 09:26:02 -------- d--h--w- C:\Users\Stine\AppData\Roaming\Axvy
.
==================== Find3M ====================
.
2012-03-18 08:11:29 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-18 08:07:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-18 07:53:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-26 09:34:33 74703 ----a-w- C:\Windows\SysWOW64mfc45.dll
.
============= FINISH: 10:59:33,73 ===============