Merged all topics - Hamluis.
I've got a computer conected to internet by wlan (win7 ultimate) and a notebook (win7 home basic) via wiifi.. From a couple of days ago some weird stuff happened so i called the specialist.
He was able to install adwcleaner and combofix but he couldnt fight the virus and took the notebook home.
I've been taking a look at the desktop and i found a problem related to remote acess (rpcss via pptp and l2tp). I deleted some virus like 360HookOem.sys 360FileOem.sys 360RegOem.sys, 360HookOem.dll (and i also found catchme.dll).
I was unable to use navigators for too much time but right now the virus took away almost all my administration tools such as internet and running some .exe (like pandava installer).
I've tried to create a new administration user through control password2 settings but it was unable to even acess c:/ file.
In user mngmt i found my user and two other: administrador and convidado (guest) and lots of group services.
I've Hijacked but cant post the log once computer do not acess the web anymore.
I also tried my available tools (adwcleaner, combofix and ccleaner full mode) but all of them registered couple of viruses like .vir, spdt.sys and stuff that were moved to quarantine, but none of the programs are able to find the dangerous malware.
I also made some notes of weird archives I've found: swt-win32-374.swg
winit.exe (not sure if its spelled right)
The processes when i turn the computer on are pretty much explorer.exe (even when im not using it) windefend.exe (but firewall and windows update's off and i'm not able to turn it on) rpcss.exe and some described as "host for windows" programs.
Please i'm really worried about this problem, hope someone can tell me my next step.
Edited by hamluis, 26 February 2014 - 03:02 PM.
Moved from MRL to Am I Infected - Hamluis.