Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EXE Killer??


  • This topic is locked This topic is locked
5 replies to this topic

#1 Jack Daniels

Jack Daniels

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 May 2012 - 07:25 AM

Hello,

I visited some of the movie download websites last week and since luck didn't favour me well enough, I was rather infected with a strange kind of virus or whatever we want to call it..The symptoms are as follows:

1. A lot of executable programs cannot be launched or will throw the typical Windows 7 "Program has stopped working" error. This includes Skype, Chrome, Mcafee (but background tasks are running), Malwarebytes, IE (but it works now), etc. & even OTL.exe.

2. Internet browsing speed has slowed down quite a bit. Sometimes the page just doesn't load.

3. Guest windows logon doesn't work. As soon as you click on Guest, it logs you off immediately.

I used the DDS scanning program which fortunately worked and here is the log file. My apologies if I wasn't supposed to run this program. And as always, thanks much in advance for your valuable time for fixing my mess..

BC AdBot (Login to Remove)

 


#2 Jack Daniels

Jack Daniels
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 May 2012 - 07:26 AM

Here is the DDS.txt scan report:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Praveen at 13:06:19 on 2012-05-13
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\users\praveen\appdata\local\bqkeqkfj\jwcqbkoa.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120428114043.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [JwcQbkoa] c:\users\praveen\appdata\local\bqkeqkfj\jwcqbkoa.exe
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ukfreetrial.webex.com/client/T27LD/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\3797E6362756F6E613 : DhcpNameServer = 10.6.40.50 10.6.40.53 10.1.0.50 10.1.0.51
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\6796277696E6D65646961693135303431383 : DhcpNameServer = 194.168.4.100 194.168.8.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\praveen\appdata\roaming\mozilla\firefox\profiles\qr0ilu45.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\praveen\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-12 09:59:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-12 09:59:54 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-05-12 09:59:53 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-05-12 09:59:53 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-12 09:59:53 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-10 22:36:11 -------- d-----w- c:\programdata\Windows
2012-05-10 18:31:33 -------- d-----w- c:\programdata\boost_interprocess
2012-05-10 10:25:36 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 10:25:36 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 10:25:35 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 10:25:12 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 10:24:41 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 10:24:40 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 10:24:39 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 10:24:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 10:24:34 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 10:24:32 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 10:24:31 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 10:24:31 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 10:24:30 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 10:24:30 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:03:54 -------- d-----w- c:\users\praveen\appdata\local\bqkeqkfj
2012-04-28 10:40:35 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-04-26 22:32:15 -------- d-----w- c:\program files\NCH Software
2012-04-26 22:32:13 -------- d-----w- c:\users\praveen\appdata\roaming\NCH Software
.
==================== Find3M ====================
.
2012-04-02 22:22:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 22:22:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-20 12:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:40:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 04:31:46 386048 ----a-w- c:\windows\system32\html.iec
2012-02-28 03:57:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 12:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 12:29:46 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 12:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29:46 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 12:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 13:07:38.70 ===============


#3 Jack Daniels

Jack Daniels
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 May 2012 - 07:27 AM

And attached with this post is the DDS Attach.txt.

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:12 AM

Posted 15 May 2012 - 01:44 AM

Hello, you have posted this same information at Geekstogo as well: http://www.geekstogo.com/forum/topic/317888-executable-files-issue

Working on your problem at two forums simultaneously is not only unproductive (instructions may interfere with each other), it also takes up the time of two volunteers. Please let me know which topic you want to keep to and I will close the other topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Jack Daniels

Jack Daniels
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 15 May 2012 - 05:11 AM

Elise, I didn't know the volunteers of these forums work together, my apologies. Can you please close this topic & keep it open on GeeksToGo?

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:12 AM

Posted 15 May 2012 - 08:05 AM

No problem, I am closing this topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users