[Jack_P]

Hello,

I visited some of the movie download websites last week and since luck didn't favour me well enough, I was rather infected with a strange kind of virus or whatever we want to call it..The symptoms are as follows:

1. A lot of executable programs cannot be launched or will throw the typical Windows 7 "Program has stopped working" error. This includes Skype, Chrome, Mcafee (but background tasks are running), Malwarebytes, IE, etc. & even OTL.exe. I have also attached the error message I received when OTL was executed, if it helps in any way.

2. Internet browsing speed has slowed down quite a bit. Sometimes the page just doesn't load.

3. Guest windows logon doesn't work. As soon as you click on Guest, it logs you off immediately.

I used the DDS scanning program which fortunately worked and here is the log file. My apologies if I wasn't supposed to run this program. And as always, thanks much in advance for your valuable time for fixing my mess.

Attached Thumbnails

• 

Edited by Jack_P, 15 May 2012 - 04:27 AM.

[Advertisements]

Here is the DDS.txt scan report and attached is the DDS Attach.txt :



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Praveen at 13:06:19 on 2012-05-13
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\users\praveen\appdata\local\bqkeqkfj\jwcqbkoa.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120428114043.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [JwcQbkoa] c:\users\praveen\appdata\local\bqkeqkfj\jwcqbkoa.exe
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ukfreetrial.webex.com/client/T27LD/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\3797E6362756F6E613 : DhcpNameServer = 10.6.40.50 10.6.40.53 10.1.0.50 10.1.0.51
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\6796277696E6D65646961693135303431383 : DhcpNameServer = 194.168.4.100 194.168.8.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\praveen\appdata\roaming\mozilla\firefox\profiles\qr0ilu45.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\praveen\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-12 09:59:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-12 09:59:54 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-05-12 09:59:53 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-05-12 09:59:53 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-12 09:59:53 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-10 22:36:11 -------- d-----w- c:\programdata\Windows
2012-05-10 18:31:33 -------- d-----w- c:\programdata\boost_interprocess
2012-05-10 10:25:36 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 10:25:36 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 10:25:35 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 10:25:12 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 10:24:41 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 10:24:40 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 10:24:39 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 10:24:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 10:24:34 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 10:24:32 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 10:24:31 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 10:24:31 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 10:24:30 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 10:24:30 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:03:54 -------- d-----w- c:\users\praveen\appdata\local\bqkeqkfj
2012-04-28 10:40:35 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-04-26 22:32:15 -------- d-----w- c:\program files\NCH Software
2012-04-26 22:32:13 -------- d-----w- c:\users\praveen\appdata\roaming\NCH Software
.
==================== Find3M ====================
.
2012-04-02 22:22:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 22:22:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-20 12:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:40:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 04:31:46 386048 ----a-w- c:\windows\system32\html.iec
2012-02-28 03:57:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 12:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 12:29:46 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 12:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29:46 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 12:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 13:07:38.70 ===============

Attached Files

•  Attach.txt   4.21KB   124 downloads

[Jack_P]

Here is the DDS.txt scan report and attached is the DDS Attach.txt :



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Praveen at 13:06:19 on 2012-05-13
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\users\praveen\appdata\local\bqkeqkfj\jwcqbkoa.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120428114043.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [JwcQbkoa] c:\users\praveen\appdata\local\bqkeqkfj\jwcqbkoa.exe
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ukfreetrial.webex.com/client/T27LD/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\3797E6362756F6E613 : DhcpNameServer = 10.6.40.50 10.6.40.53 10.1.0.50 10.1.0.51
TCP: Interfaces\{B9993165-B959-46FF-B513-120AD8E42CAD}\6796277696E6D65646961693135303431383 : DhcpNameServer = 194.168.4.100 194.168.8.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\praveen\appdata\roaming\mozilla\firefox\profiles\qr0ilu45.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\praveen\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-12 09:59:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-12 09:59:54 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-05-12 09:59:53 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-05-12 09:59:53 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-12 09:59:53 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-10 22:36:11 -------- d-----w- c:\programdata\Windows
2012-05-10 18:31:33 -------- d-----w- c:\programdata\boost_interprocess
2012-05-10 10:25:36 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 10:25:36 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 10:25:35 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 10:25:12 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 10:24:41 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 10:24:40 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 10:24:39 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 10:24:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 10:24:34 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 10:24:32 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 10:24:31 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 10:24:31 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 10:24:30 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 10:24:30 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:03:54 -------- d-----w- c:\users\praveen\appdata\local\bqkeqkfj
2012-04-28 10:40:35 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-04-26 22:32:15 -------- d-----w- c:\program files\NCH Software
2012-04-26 22:32:13 -------- d-----w- c:\users\praveen\appdata\roaming\NCH Software
.
==================== Find3M ====================
.
2012-04-02 22:22:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 22:22:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-20 12:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:40:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 04:31:46 386048 ----a-w- c:\windows\system32\html.iec
2012-02-28 03:57:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 12:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 12:29:46 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 12:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29:46 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 12:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 13:07:38.70 ===============

Attached Files

•  Attach.txt   4.21KB   124 downloads

[Elise]

Hello, you have posted this same information at BleepingComputer as well: http://www.bleepingc...opic453463.html

Working on your problem at two forums simultaneously is not only unproductive (instructions may interfere with each other), it also takes up the time of two volunteers. Please let me know which topic you want to keep to and I will close the other topic.

[Jack_P]

Elise, I didn't know the volunteers of these forums work together, my apologies. Can you please close the topic on BleepingComputer?

[Elise]

Hello, I closed the BC topic.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Double click on Combofix.exe and follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[Jack_P]

I've run ComboFix.exe and OMG, all the executable files that I listed above are now launching without any issues ! Guest logon works fine and the Internet speed also looks okay.. However here is the ComboFix log as requested, the Microsoft Recovery Console prompt was not received FYI:


ComboFix 12-05-15.03 - Praveen 15/05/2012 16:59:34.4.2 - x86
Running from: c:\recovery\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\windows\dumd.dat
c:\programdata\Windows\wsse.dll
c:\programdata\Windows\xdor.dat
c:\users\Praveen\AppData\Local\bqkeqkfj\jwcqbkoa.exe
c:\users\Praveen\AppData\Local\dumvkkgn.log
c:\users\Praveen\AppData\Local\gxfhqjas.log
c:\users\Praveen\AppData\Local\kxcicjty.log
c:\users\Praveen\AppData\Local\lojvxjbv.log
c:\users\Praveen\AppData\Local\mdqrommk.log
c:\users\Praveen\AppData\Local\mlylrfco.log
c:\users\Praveen\AppData\Local\phwdefkq.log
c:\users\Praveen\AppData\Local\wndjvcfm.log
c:\users\Praveen\AppData\Local\ygtgibjp.log
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 16:24 . 2012-05-15 16:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F0AD6C5-2B99-4BBA-9C4E-A4C1AB84E159}\offreg.dll
2012-05-15 16:21 . 2012-05-15 16:24 -------- d-----w- c:\users\Praveen\AppData\Local\temp
2012-05-15 16:21 . 2012-05-15 16:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-15 16:21 . 2012-05-15 16:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-15 16:21 . 2012-05-15 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 17:52 . 2012-05-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
2012-05-10 10:25 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 10:25 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 10:25 . 2012-04-02 02:43 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 10:25 . 2012-03-30 10:29 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 10:24 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 10:24 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 10:24 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 10:24 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 10:24 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 10:24 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 10:24 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 10:24 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 10:24 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 10:24 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-28 10:40 . 2012-03-20 12:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-04-26 22:32 . 2012-04-26 22:32 -------- d-----w- c:\programdata\NCH Software
2012-04-26 22:32 . 2012-04-26 22:48 -------- d-----w- c:\program files\NCH Software
2012-04-26 22:32 . 2012-04-26 22:32 -------- d-----w- c:\users\Praveen\AppData\Roaming\NCH Software
2012-04-21 11:28 . 2012-04-21 11:29 -------- d-----w- c:\users\Guest\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 22:22 . 2012-04-02 22:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 22:22 . 2011-08-11 08:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 12:11 . 2012-01-05 21:20 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-01 05:53 . 2012-04-12 02:01 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49 . 2012-04-12 02:01 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45 . 2012-04-12 02:01 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 02:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:40 . 2012-04-11 21:34 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-11 21:34 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 04:31 . 2012-04-11 21:34 386048 ----a-w- c:\windows\system32\html.iec
2012-02-28 03:57 . 2012-04-11 21:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 12:29 . 2012-01-05 21:20 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29 . 2012-01-05 21:20 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 12:29 . 2012-01-05 21:20 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 12:29 . 2012-01-05 21:20 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29 . 2012-01-05 21:20 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29 . 2012-01-05 21:20 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29 . 2012-01-05 21:20 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29 . 2012-01-05 21:20 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29 . 2012-01-05 21:20 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 12:29 . 2012-01-05 21:20 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-05-12 09:59 . 2011-05-10 19:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 14:08 . 2012-01-05 21:20 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Praveen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Praveen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2008-12-16 22:05 5160288 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-10 22:28 136176 ----atw- c:\users\Praveen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Praveen\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 17:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 17:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 17:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 07:36 17355912 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2009-07-16 13:42 132608 ----a-w- c:\program files\T-Mobile Broadband Manager\T-Mobile Mobile Broadband Manager\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 12:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-05-22 9728]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 87656]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-12 129976]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 64912]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 169608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 161632]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 151880]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Broadband Manager\T-Mobile Mobile Broadband Manager\AssistantServices.exe [2009-07-16 241664]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 57600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 340920]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:22]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 19:01]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 19:01]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933742835-676889697-3988407338-1000Core.job
- c:\users\Praveen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-14 22:28]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933742835-676889697-3988407338-1000UA.job
- c:\users\Praveen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-14 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Praveen\AppData\Roaming\Mozilla\Firefox\Profiles\qr0ilu45.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-JwcQbkoa - c:\users\Praveen\AppData\Local\bqkeqkfj\jwcqbkoa.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-JwcQbkoa - c:\users\Praveen\AppData\Local\bqkeqkfj\jwcqbkoa.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-15 17:31:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 16:31
.
Pre-Run: 24,065,855,488 bytes free
Post-Run: 24,102,133,760 bytes free
.
- - End Of File - - C8CDEB2C2D0B1A3A3221D8BF05329706

[Elise]

Hi, I'm glad to hear that!

Do you have any other problem left?

I see signs of McAfee antivirus, are you still (trying to) run this, or do you use another antivirus program?

[Jack_P]

Elise, my layman eyes don't see any other problem left on my PC, but I do see some new directories like found.001, Qoobox etc. created in C:\ after running Combofix. Yes I use McAfee Antivirus which I'm able to launch as well and this is the only antivirus program I use. Thanks much.

[Elise]

found.000 is caused by a diskcheck, and qoobox is part of combofix, so no need to worry about these.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 7u3.
• Look for "JDK 7u3 (JDK or JRE).
• Click the "Download JRE" button at the right.
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
• Save it to your desktop
• Close any programs you may have running - especially your web browser.
• Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
• Reboot your computer once all Java components are removed.
• Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[Jack_P]

Elise, older version of Java has been uninstalled and the latest JRE 7u3 is installed. ESET Online Scan was also carried out, it took nearly 5 hrs to complete the scan. Below is the export of the quanrantined files:


C:\Applications\cVSX5.P.258.part1.rar a variant of Win32/Keygen.AU application deleted - quarantined
C:\Applications\Winamp 5.581.exe Win32/OpenCandy application deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Windows\wsse.dll.vir a variant of Win32/Kryptik.AEKZ trojan cleaned by deleting - quarantined
C:\Users\Praveen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3d3aec6b-2f536862 Java/Exploit.Agent.NBQ trojan deleted - quarantined
C:\Users\Praveen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\19df5009-28bd1cab Java/Exploit.Agent.NBR trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C40DPGQP\ksfthwflarioyn[1].pdf JS/Exploit.Pdfka.PGF.Gen trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3I81FZB\careerfox_co_uk[1].txt HTML/Iframe.B.Gen virus deleted - quarantined


Thanks a ton...

[Elise]

As you can see, not a good idea to continue to use keygens, as they're bound to come with the latest malware...

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  
  
  • Press windows key + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
    
    
  • This will remove Combofix and other tools we used from your computer.
• You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

• Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • an Anti-Spyware program
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
• Keep your other software up to date as well
  Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
• Stay up to date!
  The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
• So How did I get infected?
• Microsoft - 'Security at home'
• Calendar of Updates: See which updates have been released.
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[Jack_P]

Thanks much Elise for putting time & effort into this. Yes I have uninstalled ComboFix and read through the instructions. Have a nice day !!

[Elise]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.