Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Command Processor virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 UchihaItachi

UchihaItachi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 12 August 2012 - 01:19 PM

Hey all! I've got some kind of malware or spyware on my laptop, the main symptom is that it keeps producing pop-ups claiming that Windows Command Processor wants to make changes to my computer, and should I allow. Of course I press no, then it immediately pops up again with the same window.

It also won't allow me access to McAfee, Malwarebytes, and a few other bits of software. It's even blocking access to websites from these, or any other kind of anti-virus site, including this one (I'm currently in Safe Mode).

I've done two System Restores, neither have worked. I've ran McAfee and Malwarebytes scans in Safe Mode, Malwarebytes has picked up the same trojan a couple of times, apparntly got rid of it, but the problem remains.

I've even tried going into the registry and deleting all temporary files from the last couple of days (when I first got it). Nothing's worked, and it seems to be getting worse...

Please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Sam at 18:56:05 on 2012-08-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3959.2277 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\users\sam\appdata\roaming\pycaiq\udsep.exe
C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,,C:\Users\Sam\AppData\Local\rjywewsk\apqjowcb.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621224135.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Reminder] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [Spotify Web Helper] "C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ApqJowcb] C:\Users\Sam\AppData\Local\rjywewsk\apqjowcb.exe
uRun: [Xubeydusaw] C:\Users\Sam\AppData\Roaming\Pycaiq\udsep.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launch.lnk - C:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OSD.lnk - C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1B43B41B-3ADF-40D8-9FF5-81B083FC4C9F} : DhcpNameServer = 10.0.0.138
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621224135.dll
BHO-X64: scriptproxy - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\f0wta25k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\f0wta25k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-16 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-22 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-22 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-22 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-2 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-2 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-2 162192]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SoilIO;SoilIO;C:\Windows\system32\drivers\SoilIO.sys --> C:\Windows\system32\drivers\SoilIO.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 soilkbc;soilkbc;C:\Windows\system32\drivers\soilkbc.sys --> C:\Windows\system32\drivers\soilkbc.sys [?]
R3 SoilMC;SoilMC;C:\Windows\system32\drivers\SoilMC.sys --> C:\Windows\system32\drivers\SoilMC.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-16 135664]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-22 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-16 135664]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-16 332272]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-12 16:56:46 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-12 16:48:06 -------- d-----w- C:\ProgramData\7531CC7700010EE100523741F875F002
2012-08-12 16:47:55 449536 ----a-w- C:\Users\Sam\AppData\Roaming\onbetd.dll
2012-08-12 16:47:55 -------- d-----w- C:\Users\Sam\AppData\Local\{73E0513E-E49D-11E1-8270-B8AC6F996F26}
2012-08-12 16:46:49 -------- d-----w- C:\Users\Sam\AppData\Roaming\Ygec
2012-08-12 16:46:49 -------- d-----w- C:\Users\Sam\AppData\Roaming\Pycaiq
2012-08-12 16:46:49 -------- d-----w- C:\Users\Sam\AppData\Roaming\Igunvu
2012-08-12 14:04:02 -------- d-----w- C:\Users\Sam\AppData\Local\{48F355F3-2F2F-43F6-850B-6568FE81D93B}
2012-08-12 14:03:50 -------- d-----w- C:\Users\Sam\AppData\Local\{C1784A0D-23DD-4C59-90E9-30F6EBD0AC0A}
2012-08-12 13:14:30 -------- d-s---w- C:\ComboFix
2012-08-12 13:04:27 -------- d-----w- C:\Users\Sam\AppData\Local\{F4DD17A5-972E-4F71-9B3C-D20C33D15EE0}
2012-08-12 13:03:57 -------- d-----w- C:\Users\Sam\AppData\Local\{C3B815FB-17C3-4A37-92EA-2C5D7986582B}
2012-08-12 12:24:28 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-08 17:00:54 -------- d-----w- C:\Users\Sam\AppData\Local\{61725A9D-8BE5-47C4-A7F8-CFC5F4B52A2B}
2012-08-08 17:00:43 -------- d-----w- C:\Users\Sam\AppData\Local\{1228488C-71C1-46B1-8F9A-9564FDB8E5DF}
2012-08-07 16:35:02 -------- d-----w- C:\Users\Sam\AppData\Local\{B0EA9B1A-2E1E-42F1-87A3-7D60F9DB19DF}
2012-08-07 16:34:51 -------- d-----w- C:\Users\Sam\AppData\Local\{572B5A1B-2A41-4ADA-A726-6C15898457D3}
2012-08-06 17:02:54 -------- d-----w- C:\Users\Sam\AppData\Local\{672580D5-363D-486E-A95C-FCFBCC847541}
2012-08-06 17:02:42 -------- d-----w- C:\Users\Sam\AppData\Local\{79042B22-ACF7-4C2E-BF42-B94FC8889F98}
2012-08-05 21:05:44 -------- d-----w- C:\Users\Sam\AppData\Local\{FC75DBC2-0BB7-4AC8-BF50-88A2CD91D99E}
2012-08-05 09:05:02 -------- d-----w- C:\Users\Sam\AppData\Local\{57DD1A78-C4C1-4930-99EF-E003F119283C}
2012-08-05 09:04:51 -------- d-----w- C:\Users\Sam\AppData\Local\{73F68CA9-C6A8-4EB5-9528-AAD059CB570D}
2012-08-04 09:49:18 -------- d-----w- C:\Users\Sam\AppData\Local\{1A320354-6C48-43C6-9D61-19C8DE799C25}
2012-08-04 09:49:07 -------- d-----w- C:\Users\Sam\AppData\Local\{82C44087-8AA5-4172-ADEA-C6CB343892C5}
2012-08-03 16:53:36 -------- d-----w- C:\Users\Sam\AppData\Local\{6C0F046B-E5E4-4A75-A2E2-36F32BA1DB9F}
2012-08-03 16:53:25 -------- d-----w- C:\Users\Sam\AppData\Local\{49EB8BB8-A647-48C7-9D72-3B6EA0CF16B0}
2012-08-02 17:27:40 -------- d-----w- C:\Users\Sam\AppData\Local\{D747FF9B-30DA-4714-A770-870B0DD38686}
2012-08-02 17:27:29 -------- d-----w- C:\Users\Sam\AppData\Local\{65D1985B-232B-4722-88D4-B13CB4F2F99C}
2012-08-01 16:38:21 -------- d-----w- C:\Users\Sam\AppData\Local\{856011F2-94D2-4241-9DE7-DC868C67A293}
2012-08-01 16:38:11 -------- d-----w- C:\Users\Sam\AppData\Local\{8F0276AB-62C2-4816-A730-C3B48C916671}
2012-07-31 16:40:04 -------- d-----w- C:\Users\Sam\AppData\Local\{C7E375B4-0B2F-4C80-A6AB-01B573BAA79B}
2012-07-31 16:39:52 -------- d-----w- C:\Users\Sam\AppData\Local\{42090C83-1FC0-42DF-980D-0DA2C705A871}
2012-07-30 16:38:12 -------- d-----w- C:\Users\Sam\AppData\Local\{CEF4BF76-98EA-4EDE-9005-D3668102E517}
2012-07-30 16:37:58 -------- d-----w- C:\Users\Sam\AppData\Local\{2F181BD7-B2CF-48DC-AC8D-C697696670E4}
2012-07-29 14:44:52 -------- d-----w- C:\Program Files\iPod
2012-07-29 14:44:51 -------- d-----w- C:\Program Files\iTunes
2012-07-29 14:44:51 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-28 21:16:37 -------- d-----w- C:\Users\Sam\AppData\Local\{2EC48605-A38A-46CE-8D6F-C4C14A47240F}
2012-07-28 21:16:27 -------- d-----w- C:\Users\Sam\AppData\Local\{F40C145D-3D42-4A65-84E2-9B5C5827C03C}
2012-07-28 09:16:13 -------- d-----w- C:\Users\Sam\AppData\Local\{5839C315-0FE7-4EE5-A189-192246AEBDF5}
2012-07-27 07:32:46 -------- d-----w- C:\Users\Sam\AppData\Local\{F5218C05-028D-42A3-8695-6E52ED3FDC15}
2012-07-27 07:32:36 -------- d-----w- C:\Users\Sam\AppData\Local\{A47A4772-247B-45C7-8803-58ABAA41E6DB}
2012-07-26 16:34:44 -------- d-----w- C:\Users\Sam\AppData\Local\{1ACAFC3C-F78B-436B-8C26-94EFB918C02D}
2012-07-26 16:34:33 -------- d-----w- C:\Users\Sam\AppData\Local\{FBA7AFAD-170F-4CD3-9EAE-4A701C57A904}
2012-07-25 17:00:51 -------- d-----w- C:\Users\Sam\AppData\Local\{8EF5934E-AAA6-4EAD-81E0-55C0BE548218}
2012-07-25 17:00:41 -------- d-----w- C:\Users\Sam\AppData\Local\{B0CE91C9-B9A2-4955-81BE-210DA076B63F}
2012-07-24 18:53:05 -------- d-----w- C:\Users\Sam\AppData\Local\{5260A42C-9D5C-4F7F-A287-E2E74A0B5F96}
2012-07-24 18:52:54 -------- d-----w- C:\Users\Sam\AppData\Local\{32FE4B6A-5E5E-422D-B5DF-B56F51974ECC}
2012-07-23 18:02:53 -------- d-----w- C:\Users\Sam\AppData\Local\{FDB86687-60CC-4910-9E6C-C8C06BF49265}
2012-07-23 18:02:42 -------- d-----w- C:\Users\Sam\AppData\Local\{C5632D02-4C59-4FA5-B40D-4A26FB06F63C}
2012-07-22 21:11:40 -------- d-----w- C:\Users\Sam\AppData\Local\{2A220527-4DC1-4A33-8E87-B27A514A1B82}
2012-07-22 09:11:09 -------- d-----w- C:\Users\Sam\AppData\Local\{2EF661D1-3292-4464-B74F-748CE431B2E8}
2012-07-22 09:10:55 -------- d-----w- C:\Users\Sam\AppData\Local\{3F9E9609-EEF7-4ECA-8A9B-BD9CCE5ACEF6}
2012-07-21 08:23:32 -------- d-----w- C:\Users\Sam\AppData\Local\{8705D545-3E2D-4143-984E-CE8EED01B851}
2012-07-21 08:23:10 -------- d-----w- C:\Users\Sam\AppData\Local\{21A1BFE7-79E0-4974-99EF-BE6AC24CDC6B}
2012-07-20 17:14:54 -------- d-----w- C:\Users\Sam\AppData\Local\{7F2A938C-3705-430B-82A3-A86ECCC9EE53}
2012-07-20 17:14:44 -------- d-----w- C:\Users\Sam\AppData\Local\{62026FCE-53FA-4D1B-AE9A-B1053C73C043}
2012-07-19 16:54:01 -------- d-----w- C:\Users\Sam\AppData\Local\{1F082DC8-0019-487D-B681-AEBA7A41D678}
2012-07-19 16:53:51 -------- d-----w- C:\Users\Sam\AppData\Local\{49AB2EFE-1461-4CA4-9535-4072C250CFA1}
2012-07-18 17:53:59 -------- d-----w- C:\Users\Sam\AppData\Local\{35DC2C44-4BA4-4967-B7E4-5105AEC212B8}
2012-07-18 17:53:49 -------- d-----w- C:\Users\Sam\AppData\Local\{AAF3F022-55DA-4C6F-A58B-9565F64D014C}
2012-07-18 17:53:25 -------- d-----w- C:\Users\Sam\AppData\Local\{62477C22-AC3A-4141-B99B-3BC487A90FF1}
2012-07-18 17:53:15 -------- d-----w- C:\Users\Sam\AppData\Local\{17B82BD1-B079-4706-B0D5-4E55CF3FBFE8}
2012-07-17 20:11:29 -------- d-----w- C:\Users\Sam\AppData\Local\{9634D498-2188-4EE6-AFDB-2736E61CA6E7}
2012-07-17 20:11:18 -------- d-----w- C:\Users\Sam\AppData\Local\{3AA53B80-D29C-46B7-83D5-89A124A12383}
2012-07-17 07:43:51 -------- d-----w- C:\Users\Sam\AppData\Local\{EAE2E8F4-2F82-4798-B647-6FB84A8755C0}
2012-07-17 07:43:28 -------- d-----w- C:\Users\Sam\AppData\Local\{AC470CFC-B85E-40CD-96EC-D39FF1537FDC}
2012-07-16 17:16:54 -------- d-----w- C:\Users\Sam\AppData\Local\{C6A1DEC7-9B6A-44A0-8C8E-FA32DEFA50BA}
2012-07-16 17:16:44 -------- d-----w- C:\Users\Sam\AppData\Local\{25134E44-44E6-4472-BB66-818B24486C1E}
2012-07-15 20:24:12 -------- d-----w- C:\Users\Sam\AppData\Local\{FECD2C64-D9F9-4A7A-88F5-7B0A82546CFF}
2012-07-15 20:24:02 -------- d-----w- C:\Users\Sam\AppData\Local\{7A942373-9A15-4A21-8370-21FD87D5FAEE}
2012-07-15 08:23:09 -------- d-----w- C:\Users\Sam\AppData\Local\{CC5E4865-32D4-4C61-B79C-E8A25CB11DED}
2012-07-15 08:22:06 -------- d-----w- C:\Users\Sam\AppData\Local\{004C9EB7-2208-4E2B-BAF7-80FA490E083A}
2012-07-14 20:17:12 -------- d-----w- C:\Users\Sam\AppData\Local\{7FAA7377-B7CA-4732-9AED-86C2824380E8}
2012-07-14 20:17:00 -------- d-----w- C:\Users\Sam\AppData\Local\{07B47CF8-38EB-42D0-8F07-4FEDC30E3C3E}
2012-07-14 08:16:31 -------- d-----w- C:\Users\Sam\AppData\Local\{1908FC1B-F377-4C42-8485-310E87378C9B}
2012-07-14 08:16:21 -------- d-----w- C:\Users\Sam\AppData\Local\{108315A6-D815-4F2B-A60B-2682FC843DBA}
.
==================== Find3M ====================
.
2012-08-02 20:02:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 20:02:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:57:03.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:50 AM

Posted 17 August 2012 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

#3 UchihaItachi

UchihaItachi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 18 August 2012 - 03:47 AM

Hi nasdaq, thanks for getting back to me. I'm afraid my computer went beyond the point of no return. I couldn't run combofix, even in safe mode, and now my internet connection has been disabled (I'm replying to this from my phone). The problems were too numerous to mention, so I've cut my losses and reinstalled windows. Thanks again for your help.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:50 AM

Posted 18 August 2012 - 09:07 AM

Thank you for the feedback.
I will closed this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users