Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cycbot.B and Cycbot.G infections


  • Please log in to reply
3 replies to this topic

#1 OhCrud

OhCrud

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 05 January 2012 - 02:22 PM

Hi there,

I'm in dire need of help. MSE picked up multiple infections of Cycbot.B and Cycbot.G, as well as Fareit.gen!C, Iframe.AC, and Fareit over the last few days. I also noticed a few .exe's named things like 69A.exe and AAE.exe in the running Processes when MSE first notified me of the Cycbot infections; MSE took care of them a bit later. I wasn't worried at first but now I am.

I'm running Windows 7 Home Premium 64-bit, firewalled with Windows Firewall. I often use Chrome and Firefox. I ran a full scan with MSE last night but new ones popped up again this morning. Running a new scan as we speak, and downloading HijackThis.

Can someone help me figure out what next steps I should take? This is my personal laptop and I have personal info of all kinds on here. I'd like to avoid doing a complete re-format as I've never done it before and it seems v. time-consuming, but if I have to in order to keep using this computer I'm willing to do so.

Also, should I back up my files now, or would backing them up just infect whatever else I use? I can burn to DVDs or to an external HD, but that external HD has all my other backups on it (unfortunately a few months old).

Thanks for your help. Could really use some suggestions on what next steps to take.
*A

BC AdBot (Login to Remove)

 


#2 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 05 January 2012 - 03:32 PM

Just saw this thread - the user's situation is very similar to mine, except a slightly different version of Windows 7 - I'm using home premium, 64-bit. I also had the proxy settings changed (just this morning, happened right after MSE quarantined a cycbot infection), but changed the proxy settings back.

Unfortunately that thread was not resolved. I began following Nasdaq's suggestions from the other thread, so here is my DDS log. I'll post my mbam log soon.

Also, I looked through my computer's event logs, and found that the last time I performed a full scan using MSE was on December 7 (approx. one month ago), but MSE has been constantly updating and has been on the whole time. It makes some sense to me that the infections began two days ago, as I had just connected to an unsecured network that day, I believe. Is it a fairly safe bet that MSE caught these as they were happening and thus I probably don't need to cancel my credit cards and all that?

Thanks in advance for any help you can provide, and any suggestions on what steps I should take to protect my personal info and my computer.


DDS log:




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by arnie at 12:21:51 on 2012-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1297 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ZuneLauncher.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
c:\Program Files (x86)\ZuneWlanCfgSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
c:\Program Files (x86)\WMZuneComm.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.8.2.0_0\plugin\ClickClean.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56182
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\arnie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [8EA5DC038E5DF8EDCEF1038BDEFC4FB89F05D748._service_run] "C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\arnie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.5.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60} : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\2456C6B696E6F574F575962756C6563737F5 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\35F6E6762556164697 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\44F62796F60275962756C656373702E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\4556160234861696024556 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\679667163656 : DhcpNameServer = 192.168.0.1 216.151.4.3
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\B4149514 : DhcpNameServer = 192.168.2.1 192.168.2.1 76.14.0.9 76.14.0.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\arnie\AppData\Roaming\Mozilla\Firefox\Profiles\uhlrqdqd.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|https://www.google.com/finance/portfolio|http://www.google.com/calendar/render?pli=1|http://www.google.com/ig|facebook.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\arnie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\arnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\arnie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\arnie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-20 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-8-20 253952]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-20 240160]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files (x86)\WMZuneComm.exe [2011-8-5 306400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-5 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-15 183560]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-4 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-5 136176]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\nmwcdx64.sys --> C:\Windows\system32\drivers\nmwcdx64.sys [?]
S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-05 17:14:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEEEFDBD-CF4D-4C0C-9CCD-12E9C99364D4}\offreg.dll
2012-01-05 17:14:43 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEEEFDBD-CF4D-4C0C-9CCD-12E9C99364D4}\mpengine.dll
2012-01-05 02:47:59 280064 ----a-w- C:\Users\arnie\AppData\Roaming\java.exe
2012-01-04 16:32:29 280064 ----a-w- C:\Users\arnie\AppData\Roaming\wmplayer.exe
2012-01-03 13:26:32 -------- d-----w- C:\Program Files (x86)\LP
2012-01-03 05:01:26 -------- d-----w- C:\Users\arnie\AppData\Roaming\5EC1C
2012-01-03 05:01:16 -------- d-----w- C:\Users\arnie\AppData\Roaming\F475E
2011-12-21 05:55:29 -------- d-----w- C:\Users\arnie\AppData\Local\HerraizSoto
2011-12-21 05:50:45 -------- d-----w- C:\Program Files (x86)\HerraizSoto
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-23 00:25:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-08-05 20:56:34 645856 ----a-w- C:\Program Files (x86)\UIX.renderapi.dll
2011-08-05 20:56:34 1530592 ----a-w- C:\Program Files (x86)\UIX.dll
2011-08-05 20:56:34 1288928 ----a-w- C:\Program Files (x86)\UIXcontrols.dll
2011-08-05 20:56:34 1272544 ----a-w- C:\Program Files (x86)\ZuneShell.dll
2011-08-05 20:56:34 1175264 ----a-w- C:\Program Files (x86)\ZuneDBApi.dll
2011-08-05 20:31:32 182784 ----a-w- C:\Program Files (x86)\l3codecp.acm
2011-06-06 21:48:50 856576 ----a-w- C:\Program Files (x86)\msvcp90.dll
2011-06-06 21:48:50 626688 ----a-w- C:\Program Files (x86)\msvcr90.dll
2011-06-06 21:48:50 245760 ----a-w- C:\Program Files (x86)\msvcm90.dll
2007-10-02 22:12:44 1642568 ----a-w- C:\Program Files (x86)\msidcrl40.dll
.
============= FINISH: 12:22:33.62 ===============

#3 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 05 January 2012 - 04:09 PM

Here's the MBAM log!


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
arnie :: ARNIEFUL [administrator]

Protection: Enabled

1/5/2012 12:47:16 PM
mbam-log-2012-01-05 (12-47-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178216
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\arnie\AppData\Local\Temp\ICReinstall\cnet_PangoBright_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

(end)

#4 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 06 January 2012 - 01:02 AM

reposted to this thread per Broni's request




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users