Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by cycbot.B, comes back, web now broken


  • This topic is locked This topic is locked
2 replies to this topic

#1 jim mcgee

jim mcgee

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 29 October 2010 - 11:28 PM

yesterday, Microsoft Security Essentials found Backdoor:Win32/Cycbot.B on my Acer laptop and removed it.

It has removed it 6 times and quarentined it 3 times since then.

I downloaded Malwarebytes Anti-Malware and ran it, and it also removed the problem, but it still came back.

At the same time, my web access began to be affected.
Addresses that start with "www" are generally unreachable, and most facebook apps have stopped loading.

I tried to re-install the browsers (IE8, Chrome and Firefox), and Java and Flash. Nothing returned the browsers to functionality.

I researched the virus, but have not found a way to remove it.
=========================


DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Jim at 20:09:56.55 on Fri 10/29/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4025.2109 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~2\VCOM\SYSTEM~1\MXTask.exe
C:\Windows\SysWOW64\Tweak7SystemService.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Chip\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\SysMetrix\SysMetrix.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chip\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Chip\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=273612093916l03d8z1l5t4741w102
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=273612093916l03d8z1l5t4741w102
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: {74549586-617F-448D-A0B9-332AF8FCAF21} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: {21B3866C-DD0C-4675-A87C-A62BF21366AF} - No File
uRun: [Google Update] "C:\Users\Chip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mRun: [SysMetrix] C:\Program Files (x86)\SysMetrix\SysMetrix.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Connection Manager] "C:\Program Files (x86)\BVRP Connection Manager\Nomad.exe" /runstart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D}
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxps://www.shoeboxed.com/includes/activex/ImageUploader4.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {21B3866C-DD0C-4675-A87C-A62BF21366AF} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Chip\AppData\Roaming\Mozilla\Firefox\Profiles\a9zmagkk.TestNewProfile\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://apps.facebook.com/inthemafia/index.php?next_params=YTozOntpOjA7czo1OiJpbmRleCI7aToxO3M6NDoidmlldyI7aToyO3M6NTE6IiZ6eV90cmFjaz14cHJvbW8menlfY3JlYXRpdmU9bWFmaWF3YXJzJnp5X2xpbms9emJhciI7fQ%3D%3D|http://apps.facebook.com/classic-style-mahjon/?ref=bookmarks&count=0|https://post.craigslist.org/orl/H/?want=n|http://www.myyearbook.com/apps/messages/notification#
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chip\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Chip\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chip\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-13 52856]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-26 173984]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-7-5 20456]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-9-21 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-4-27 9216]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-28 1153368]
R2 Tweak7SystemService;Tweak7SystemService;C:\Windows\system32\Tweak7SystemService.exe --> C:\Windows\system32\Tweak7SystemService.exe [?]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-2-13 159936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-21 138752]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-26 40832]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\System32\drivers\livecamv.sys [2010-2-13 49664]
R3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;C:\Windows\System32\drivers\V0415Vid.sys [2010-2-13 331328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 BVRPNDIS;BVRPNDIS NDIS Protocol Driver;C:\PROGRA~2\BVRPCO~1\BVRPNDIS.SYS [2010-8-23 35328]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-2-6 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-21 5435904]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-22 216064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam.sys [2008-4-16 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-10-29 19:36:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-29 19:04:13 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2010-10-29 19:04:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2010-10-29 17:35:43 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2010-10-29 17:31:12 -------- d-----w- C:\PROGRA~3\Norton
2010-10-29 17:31:10 -------- d-----w- C:\PROGRA~3\NortonInstaller
2010-10-29 14:52:47 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{AA5E6A44-180E-4DC4-BE53-6A51B2335321}\mpengine.dll
2010-10-28 15:43:56 -------- d-----w- C:\Users\Chip\AppData\Roaming\Malwarebytes
2010-10-28 15:43:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-28 15:43:47 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-28 15:43:47 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-28 15:43:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-27 13:52:46 -------- d-----w- C:\Windows\en
2010-10-27 13:49:58 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-27 13:48:01 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\91b63ae31cb75dd11\MeshBetaRemover.exe
2010-10-27 13:47:58 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8f86d7821cb75dd10\DSETUP.dll
2010-10-27 13:47:58 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8f86d7821cb75dd10\DXSETUP.exe
2010-10-27 13:47:58 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8f86d7821cb75dd10\dsetup32.dll
2010-10-27 13:47:56 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8dd0da501cb75dd0f\DXSETUP.exe
2010-10-27 13:47:56 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8dd0da501cb75dd0f\dsetup32.dll
2010-10-27 13:47:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8dd0da501cb75dd0f\DSETUP.dll
2010-10-26 20:57:33 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 20:57:33 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 20:57:33 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 20:57:33 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 20:57:33 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 20:57:33 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 20:57:33 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 20:57:24 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-25 00:22:44 -------- d-----w- C:\Users\Chip\AppData\Roaming\DeviceDoctorSoftware
2010-10-25 00:22:39 -------- d-----w- C:\Program Files (x86)\Device Doctor
2010-10-21 14:18:04 -------- d-----w- C:\Users\Chip\AppData\Roaming\Webyog
2010-10-15 10:07:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-15 10:07:31 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-15 10:07:30 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-15 10:07:30 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-15 10:07:30 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-15 10:07:29 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-15 10:06:46 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-15 10:06:46 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-15 10:05:47 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-15 10:05:47 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-15 10:05:47 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-15 10:05:47 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-15 10:05:47 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-15 10:05:46 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-14 23:21:29 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2010-10-10 23:36:30 -------- d-----w- C:\Users\Chip\AppData\Roaming\VoipBuster
2010-10-10 23:35:12 -------- d-----w- C:\Program Files (x86)\VoipBuster.com
2010-10-02 19:41:15 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-02 19:41:15 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

==================== Find3M ====================

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-09 22:39:14 2826240 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

============= FINISH: 20:11:13.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:20 PM

Posted 30 October 2010 - 03:34 PM

Good evening. :)

Taken from here -

Summary
Backdoor:Win32/Cycbot.B is a backdoor trojan that allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

The unfortunate situation you find yourself in is that your PC is now potentially under outside control and as such the only sensible solution is to back up any important data and reinstall the operating system.
There is no way of knowing how many malicious files may have been dropped on your hard drive, legitimate files patched or replaced, and if security settings have been lowered to make your PC easier to infect in the future.

You should also be aware that if you use the computer for online banking or shopping that card and login details could have been compromised and you should use another PC to change what you can and monitor any accounts and cards that you have access/used to make sure that nothing is amiss.

Helpfully Acer has eRecovery Management software that allows you to do this with minimal effort, although you still need to reinstall software etc... afterwards.

Sorry it isn't better news.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:20 PM

Posted 04 November 2010 - 03:54 PM

As this issue appears to be closed, so is this thread.

As this issue appears to be closed, so is this thread.

As this issue appears to be closed, so is this thread.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users