I seem to have been hyjacked. I run all the tools I have all the time. Skybot finds "win32dowloader.gen" plus various other threats almost daily for a week now. (spybot 2.1) Malaware finds numerous "pop.0 optional" files. Avast updates several times a day and runs daily but doesn't seem to find anything. Yesterday I ran the deep scan, but nothing came up. My yahoo account seems to have been hyjacked. When I open it my avast says it's a plishing window and do I want to continue. At the beginning I entered my name and password and it took me to my regular account,but something is seriously wrong. That is not the only site I have problems accessing..
My computer won't allow me to download "aswMBR" - It seems stuck and keeps saying it will take an hour. Now it says 48 mins. At least it's moving which yesterday it wouldn't.
Below find the logs as per your request.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Phil at 17:40:36 on 2013-08-18
Microsoft Windows XP Home Edition 5.1.2600.3.1255.44.1033.18.2037.665 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\zshp1018.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.appsarefun.info/
uProxyServer = localhost:21320
uURLSearchHooks: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BC9BF43140F8DFDE8A13C323ED26B8D82B231876._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [CallControl 4.5] c:\program files\faxtalk communicator\FTCtrl32.exe /autoload
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\phil\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369691278156
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369689354156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{D46186AE-A8E2-416E-8171-303509F28198} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D46186AE-A8E2-416E-8171-303509F28198} : DHCPNameServer = 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\windows\system32\guard32.dll c:\progra~1\sprote~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: cdbxpp.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: registrybooster.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: switch.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-6 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-6 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-6 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-27 46808]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-7-2 233472]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-6-30 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-6-30 1033688]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-7-2 37344]
S1 MpKsl5c047abb;MpKsl5c047abb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aadafceb-3a84-4b59-bac0-c5c725f1e960}\mpksl5c047abb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aadafceb-3a84-4b59-bac0-c5c725f1e960}\MpKsl5c047abb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-6-30 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2011-1-12 54272]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2012-12-21 252928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
.
=============== Created Last 30 ================
.
2013-08-17 13:21:41 -------- d-----w- c:\documents and settings\phil\local settings\application data\Conduit
2013-07-29 22:00:49 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2013-07-01 01:40:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-01 01:40:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-28 08:47:51 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-28 08:47:51 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 09:53:55 22 ----a-w- c:\documents and settings\phil\dc.bat
2013-06-04 07:23:02 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ------w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
2013-05-27 19:34:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-27 19:34:43 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-27 19:34:42 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-27 19:34:42 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 11:34:26 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-05-22 11:34:24 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
.
============= FINISH: 17:40:45.12 ===============