PC high jacked by trojans , worms, bots

Dewey5718 · Feb 25, 2012

HP Pavilion pv6 , is infected by at least 4 to six different bugs. I have tried things such as combofix , HJT , OTL.exe . Several anti virus downloads . Noy one together or alone have completly deleted bugs. Spybot search and destroy or .

I would please like some help and advice re; my problems . I aam going to attemp to attach DDS results . Thank you for being here to help newbies like me Dewey5718 PS. Twice the zip dds ,has failed . My bugs at work ? a copy and paste Sorry..
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by RAC at 14:07:30 on 2012-02-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2356 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Destop\Process Hacker 2\ProcessHacker.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Destop\Process Hacker 2\ProcessHacker.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\RAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
uURLSearchHooks: H - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Process Hacker 2] "C:\Destop\Process Hacker 2\ProcessHacker.exe" -hide
uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{F5421A8D-9195-4342-9877-CA402417CA32} : DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{F5421A8D-9195-4342-9877-CA402417CA32}\27161393534353731383D697177756374733033303 : DhcpNameServer = 192.168.0.1 205.171.3.65
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: taskmgr.exe - "C:\Destop\Process Hacker 2\ProcessHacker.exe"
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
IFEO-X64: taskmgr.exe - "C:\Destop\Process Hacker 2\ProcessHacker.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-22 497496]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-25 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-2-22 404728]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-2-22 821592]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2012-2-22 36792]
R2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2012-2-20 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-25 2533400]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-2-22 21384]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-2-22 33184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-2-22 21872]
R4 KProcessHacker2;KProcessHacker2;C:\Destop\Process Hacker 2\kprocesshacker.sys [2012-2-23 36424]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/25 01:48:42;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-10-25 245232]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-25 19:39:07 -------- d-----w- C:\Users\RAC\AppData\Roaming\FixCleaner
2012-02-25 19:39:05 -------- d-----w- C:\Program Files (x86)\FixCleaner
2012-02-25 15:42:43 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D123C9D6-FE50-491D-9C25-A071AA9064BE}\mpengine.dll
2012-02-24 23:08:54 -------- d-----w- C:\Users\RAC\AppData\Local\Little_Apps
2012-02-24 23:06:57 -------- d-----w- C:\Program Files\Common Files\Little Registry Cleaner
2012-02-24 23:02:40 -------- d-----w- C:\Users\RAC\AppData\Local\WeatherBug
2012-02-24 23:02:36 -------- d-----w- C:\Users\RAC\AppData\Roaming\WeatherBug
2012-02-24 23:02:32 -------- d-----w- C:\Program Files (x86)\Setup Support for Weatherbug
2012-02-24 23:02:29 18944 ----a-r- C:\Users\RAC\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-02-24 23:00:50 -------- d-----w- C:\Users\RAC\AppData\Local\Babylon
2012-02-24 23:00:49 -------- d-----w- C:\Users\RAC\AppData\Roaming\Babylon
2012-02-24 23:00:49 -------- d-----w- C:\ProgramData\Babylon
2012-02-24 18:03:30 -------- d-----w- C:\Users\RAC\Tracing
2012-02-24 15:24:39 -------- d-----w- C:\Users\RAC\AppData\Local\Adobe
2012-02-24 07:25:04 -------- d-----w- C:\Program Files\Motorola Inc
2012-02-24 07:25:04 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-02-24 07:24:57 -------- d-----w- C:\Program Files (x86)\Motorola
2012-02-24 07:24:57 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-02-23 22:17:50 -------- d-----w- C:\Users\RAC\AppData\Roaming\Process Hacker 2
2012-02-23 19:35:21 -------- d-----w- C:\Users\RAC\AppData\Roaming\Curiolab
2012-02-23 18:33:19 -------- d-----w- C:\Users\RAC\AppData\Roaming\AVG
2012-02-23 18:22:00 -------- d--h--w- C:\ProgramData\Common Files
2012-02-23 18:19:47 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-23 18:12:19 -------- d-----w- C:\ProgramData\MFAData
2012-02-23 18:11:21 -------- d-----w- C:\Users\RAC\AppData\Roaming\SanDisk
2012-02-23 00:38:46 -------- d-----w- C:\Users\RAC\AppData\Roaming\Nico Mak Computing
2012-02-23 00:38:43 18760 ----a-w- C:\Windows\System32\roboot64.exe
2012-02-23 00:38:36 -------- d-----w- C:\ProgramData\IObit
2012-02-22 22:00:32 -------- d-----w- C:\Users\RAC\AppData\Roaming\Windows Live Writer
2012-02-22 22:00:32 -------- d-----w- C:\Users\RAC\AppData\Local\Windows Live Writer
2012-02-22 20:08:24 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-02-22 20:08:24 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-02-22 20:08:24 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-02-22 20:07:54 -------- d-----w- C:\Users\RAC\AppData\Roaming\IObit
2012-02-22 20:07:53 -------- d-----w- C:\Program Files (x86)\IObit
2012-02-22 16:51:35 -------- d-----w- C:\Users\RAC\AppData\Local\ElevatedDiagnostics
2012-02-22 16:20:54 -------- d-----w- C:\Users\RAC\AppData\Local\HuluDesktop
2012-02-22 16:04:58 -------- d-----w- C:\Users\RAC\AppData\Roaming\OpenCandy
2012-02-22 14:05:38 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-22 13:19:49 -------- d-----w- C:\Program Files (x86)\BackUpDutyLite
2012-02-22 13:19:48 -------- d-----w- C:\Program Files (x86)\RegWork
2012-02-22 05:06:52 -------- d-----w- C:\CCE_Quarantine
2012-02-22 03:06:38 -------- d-----w- C:\Users\RAC\AppData\Local\CrashDumps
2012-02-22 03:05:48 -------- d-----w- C:\Users\RAC\AppData\Local\Comodo
2012-02-22 03:05:32 -------- d-----w- C:\Program Files (x86)\Comodo
2012-02-22 03:04:51 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-02-21 23:33:39 -------- d-----w- C:\Users\RAC\AppData\Local\CyberLink
2012-02-21 23:33:38 -------- d-----w- C:\Users\RAC\AppData\Local\PowerCinema
2012-02-21 22:40:21 -------- d-----w- C:\Desktop
2012-02-21 20:55:03 -------- d-----w- C:\Users\RAC\AppData\Local\Windows Live
2012-02-21 20:55:03 -------- d-----w- C:\Users\RAC\AppData\Local\{5DD26411-A649-4B62-BEBA-E3721293EFDE}
2012-02-21 20:02:41 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-02-21 17:51:55 -------- d-----w- C:\Users\RAC\AppData\Local\SoftGrid Client
2012-02-21 17:51:54 -------- d-----w- C:\Users\RAC\AppData\Roaming\SoftGrid Client
2012-02-21 17:51:06 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-21 17:50:52 -------- d-----w- C:\Users\RAC\AppData\Roaming\TP
2012-02-21 17:43:48 -------- d-----w- C:\desktopMalwarebytes' Anti-Malware
2012-02-21 17:22:15 -------- d-----w- C:\Users\RAC\AppData\Local\IsolatedStorage
2012-02-21 14:58:45 -------- d-----w- C:\Destop
2012-02-21 14:44:52 -------- d--h--w- C:\Windows\msdownld.tmp
2012-02-21 04:23:36 -------- d-----w- C:\Spybot - Search & Destroy
2012-02-21 04:23:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-21 04:10:03 -------- d-----w- C:\Users\RAC\AppData\Local\Google
2012-02-20 14:36:41 -------- d-----w- C:\Users\RAC\AppData\Roaming\Malwarebytes
2012-02-20 14:36:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-20 14:36:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-20 00:51:09 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-20 00:30:25 -------- d-----w- C:\Users\RAC\AppData\Local\Microsoft_Corporation
2012-02-19 23:23:41 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-02-19 19:38:46 -------- d-----w- C:\Users\RAC\AppData\Local\temp
2012-02-19 19:34:18 -------- d-----w- C:\$RECYCLE.BIN
2012-02-19 18:20:56 -------- d-----w- C:\Users\RAC\AppData\Roaming\InfraRecorder
2012-02-19 18:20:52 -------- d-----w- C:\Program Files (x86)\InfraRecorder
2012-02-19 18:02:17 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys
2012-02-19 18:02:12 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys
2012-02-19 18:02:11 -------- d-----w- C:\Program Files (x86)\Nero
2012-02-19 18:02:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-19 18:01:25 -------- d-----w- C:\Users\RAC\AppData\Local\AskToolbar
2012-02-19 17:52:34 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-02-19 17:52:34 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-02-19 17:52:34 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-02-19 17:52:34 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-02-19 17:52:34 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-02-19 17:51:20 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-02-19 17:50:11 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-02-19 17:49:04 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-02-19 17:47:53 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2012-02-19 17:46:49 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-02-19 16:50:50 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-19 03:06:03 -------- d-----w- C:\Windows\System32\SPReview
2012-02-19 03:04:33 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-19 03:01:58 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-19 03:00:59 78720 ----a-w- C:\Windows\System32\drivers\HpSAMD.sys
2012-02-19 02:59:54 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-02-19 02:59:35 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-02-19 02:59:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-02-19 02:59:35 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-02-19 02:57:18 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-02-19 02:57:18 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-02-19 02:57:09 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-02-19 02:44:09 -------- d-----w- C:\Users\RAC\AppData\Roaming\ZumoDrive
2012-02-18 19:22:44 -------- d-----w- C:\ProgramData\SecTaskMan
2012-02-18 19:22:39 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-02-18 17:18:25 165376 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-02-18 17:18:23 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-02-18 17:18:14 -------- d-----w- C:\Program Files\Open Freely
2012-02-18 17:17:29 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-18 12:44:58 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-02-18 12:44:57 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-18 12:44:57 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-18 12:44:57 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-18 12:44:57 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-18 12:24:25 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-18 12:24:25 -------- d-----w- C:\Windows\System32\Wat
2012-02-18 09:27:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-02-18 09:22:52 -------- d-----w- C:\Users\RAC\AppData\Local\Diagnostics
2012-02-18 09:17:14 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-02-18 06:20:13 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-02-18 06:01:45 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-18 06:01:45 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-18 06:01:23 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-02-18 06:01:22 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-18 06:01:21 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-02-18 06:01:17 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-18 06:01:16 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-02-18 06:01:15 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-02-18 06:01:15 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-02-18 05:59:49 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-02-18 05:58:44 642944 ----a-w- C:\Windows\System32\winload.efi
2012-02-18 03:24:46 -------- d-----w- C:\Users\RAC\AppData\Roaming\hpqLog
2012-02-18 03:24:39 -------- d-----w- C:\Users\RAC\AppData\Roaming\Stardock
2012-02-18 03:23:43 -------- d-----w- C:\Users\RAC\AppData\Local\RemEngine
2012-02-18 03:19:40 -------- d-----w- C:\Users\RAC\AppData\Local\Hewlett-Packard
2012-02-18 03:19:27 -------- d-----w- C:\Users\RAC\AppData\Local\Hewlett-Packard_Company
2012-02-18 03:18:03 -------- d-----w- C:\Users\RAC\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-02-19 03:12:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-19 03:12:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-18 04:38:27 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
.
============= FINISH: 14:09:48.01 ===============

ken545 · Mar 4, 2012

:welcome:

Sorry for the delay, sometime a thread or two falls through the cracks. What are you experiencing to make you think your infected, any browser redirects ?

If you still need help then do this

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

ken545 · Mar 9, 2012

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

PC high jacked by trojans , worms, bots

Dewey5718

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert