Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 32.ramnit.N


  • This topic is locked This topic is locked
10 replies to this topic

#1 thewalruschild

thewalruschild

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 AM

Posted 12 August 2011 - 03:23 PM

My antivirus is saying my laptop is infected with the virus "win32.ramnit.N" I have ran mbam several times and it had been unsuccessful in removing it.

The virus first appeared by trying to get me to approve the running of the c:// you input commands with, which I declined, even when i declined it persistently poped up. I ran mbam several times, It found the virus and I deleted it, restarted my laptop, but the problem was still not fixed, I kept trying this, and my antivirus kept telling me it was still infected/mbam finding the virus/ cc:// wanting to be approved to run. Windows live messenger and Skype will not run.This virus is a tough wee bugger and I am having a difficult time solving this one and would greatly appreciate help. I have enclosed the required files. I hope someone out there can help me.

Thank you in advance,
Korrie.

DDS TXT ~ BELOW~
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Thewalruschild at 20:09:27 on 2011-08-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1913.841 [GMT 1:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
C:\windows\System32\svchost.exe -k BullGuard
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Giraffic\GirafficWatchdog.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\windows\System32\IgrsSvcs.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\program files\bullguard ltd\bullguard\BgWsc.exe
C:\windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\windows\System32\TPHDEXLG.exe
C:\Program Files\Giraffic\Giraffic.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
uRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [BfiSkypx] c:\users\thewalruschild\appdata\local\syqgwyjh\bfiskypx.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TpShocks] c:\windows\system32\TpShocks.exe
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\thewalruschild\appdata\roaming\microsoft\windows\start menu\programs\startup\bfiskypx.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\thewalruschild\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\BGLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{751289DD-49B4-4084-9923-F7094E777D61} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{751289DD-49B4-4084-9923-F7094E777D61}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{751289DD-49B4-4084-9923-F7094E777D61}\244584F6D65684572623D215A59305 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{751289DD-49B4-4084-9923-F7094E777D61}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{751289DD-49B4-4084-9923-F7094E777D61}\F40756E602143636563737 : DhcpNameServer = 10.0.35.1 10.0.35.2
TCP: Interfaces\{751289DD-49B4-4084-9923-F7094E777D61}\F42377962756C6563737236483130363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E14B6F48-AC15-415A-BEA7-0FEC57049317} : DhcpNameServer = 61.13.0.1 61.13.0.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\thewalruschild\appdata\roaming\mozilla\firefox\profiles\uj2tqdcc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-11-7 54800]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2010-12-25 55504]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-11-7 21520]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-18 122880]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-20 273448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-11-7 63240]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
.
=============== Created Last 30 ================
.
2011-08-12 18:22:54 -------- d-----w- c:\users\thewalruschild\appdata\local\{AD13B096-4C7F-4886-806A-8C249F5B4EB6}
2011-08-12 18:22:39 -------- d-----w- c:\users\thewalruschild\appdata\local\{619BB461-F5E7-4950-B28B-C8167ADCCC2E}
2011-08-12 17:49:34 -------- d-----w- c:\users\thewalruschild\appdata\local\{D7B0FF83-5EF1-4852-A269-6692EBDD934C}
2011-08-12 17:49:19 -------- d-----w- c:\users\thewalruschild\appdata\local\{B3065852-48AC-4B0B-8071-13B6C955167E}
2011-08-12 17:45:01 -------- d-----w- c:\users\thewalruschild\appdata\local\{AB7DD4E7-2325-406D-8AD3-1BF535D59C57}
2011-08-12 17:44:38 -------- d-----w- c:\users\thewalruschild\appdata\local\{A223DAB0-DFD7-4F2D-98A0-87C6A2329D08}
2011-08-12 15:47:11 -------- d-----w- c:\users\thewalruschild\appdata\local\{B056CB08-BC6A-44DE-8257-120D2C0BF7BD}
2011-08-12 15:47:00 -------- d-----w- c:\users\thewalruschild\appdata\local\{A15107A3-821C-40F3-90A3-2DB1696143B1}
2011-08-12 15:45:12 -------- d-----w- c:\users\thewalruschild\appdata\local\{7B4048E2-0B3A-4DC5-A4E5-639F3D50298C}
2011-08-12 15:33:59 -------- d-----w- c:\users\thewalruschild\appdata\local\{9F1E2838-E782-4439-83F6-DD0AB879D71C}
2011-08-12 15:33:30 -------- d-----w- c:\users\thewalruschild\appdata\local\{C9D29701-3D8F-4CA6-8388-5B30508CDB7E}
2011-08-12 15:23:49 -------- d-----w- c:\users\thewalruschild\appdata\local\{FFEAF7A9-CE01-4F1E-9474-60D4CAB9D98B}
2011-08-12 15:23:39 -------- d-----w- c:\users\thewalruschild\appdata\local\{F6EA8890-C08F-4BB8-B361-0B61218EEAB3}
2011-08-12 15:22:04 -------- d-----w- c:\users\thewalruschild\appdata\local\{AFA8D612-B346-4F8D-8F6E-9EE1C8AE8CA4}
2011-08-12 15:21:48 -------- d-----w- c:\users\thewalruschild\appdata\local\{92590C75-1A92-44D5-A270-ADF6708070CD}
2011-08-12 15:13:41 -------- d-----w- c:\users\thewalruschild\appdata\local\{80D4F875-BA70-46CC-89F7-CFEC18EE8B1D}
2011-08-12 15:13:20 -------- d-----w- c:\users\thewalruschild\appdata\local\{311BB4EB-DFA5-4BEA-9580-FCC82C7A2576}
2011-08-12 13:37:55 119265 --s-a-w- c:\users\thewalruschild\appdata\roaming\microsoft\windows\start menu\programs\startup\bfiskypx.exe
2011-08-12 13:37:55 -------- d-----w- c:\users\thewalruschild\appdata\local\syqgwyjh
2011-08-11 06:49:58 -------- d-----w- c:\users\thewalruschild\appdata\local\{7BFCFF19-5EAC-4119-9FE7-0FF35C1DE7F9}
2011-08-11 06:49:42 -------- d-----w- c:\users\thewalruschild\appdata\local\{C51E2EF3-387C-4210-940B-5344330E83A3}
2011-08-10 21:22:09 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-08-10 21:22:04 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 21:22:01 673040 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-08-10 21:21:50 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-10 21:21:49 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-10 21:21:46 386048 ----a-w- c:\windows\system32\html.iec
2011-08-10 21:21:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-10 21:05:25 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 21:05:17 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 21:04:09 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 21:00:20 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 20:46:54 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 20:46:54 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 20:46:53 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-10 20:46:53 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 20:46:53 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 20:46:52 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-10 04:10:19 -------- d-----w- c:\users\thewalruschild\appdata\local\{2F488490-BDD0-4EDB-AD23-D6E85D426DA5}
2011-08-10 04:10:08 -------- d-----w- c:\users\thewalruschild\appdata\local\{0EB0BDFB-B849-46E8-ADC4-6A4B1881CB31}
2011-08-09 15:53:56 -------- d-----w- c:\users\thewalruschild\appdata\local\{6F69243A-7E08-4D11-8669-096166A451C4}
2011-08-09 15:53:45 -------- d-----w- c:\users\thewalruschild\appdata\local\{BE11DDAB-985D-45A5-95CD-AF3C6A7783D2}
2011-08-06 10:50:55 -------- d-----w- c:\users\thewalruschild\appdata\local\{D256AB89-9791-469E-B782-40F6C66C7641}
2011-08-06 10:50:36 -------- d-----w- c:\users\thewalruschild\appdata\local\{3ED41AA6-D78C-44A2-AEE5-9615A12324DE}
2011-08-04 18:03:13 -------- d-----w- c:\users\thewalruschild\appdata\local\{D543B388-5A35-4376-8B06-348F6C4A7E97}
2011-08-04 18:02:57 -------- d-----w- c:\users\thewalruschild\appdata\local\{4DB46930-A5F3-458C-8792-72A692DB7D1F}
2011-08-04 11:04:02 -------- d-----w- c:\users\thewalruschild\appdata\local\{A2297BFA-5A73-4B9A-BB9A-57A0C13B6A24}
2011-08-03 23:03:50 -------- d-----w- c:\users\thewalruschild\appdata\local\{A0839CDE-5D60-4656-8CE7-1B4CDD590FC3}
2011-08-03 11:03:35 -------- d-----w- c:\users\thewalruschild\appdata\local\{1B7E5644-6DEE-4731-9029-759FB788E4A2}
2011-08-02 19:51:02 -------- d-----w- c:\users\thewalruschild\appdata\local\{8C70ABA6-6830-4FDC-A768-BE09533E5ECF}
2011-08-02 07:50:51 -------- d-----w- c:\users\thewalruschild\appdata\local\{5E613311-335D-4AB5-92DA-FC05149D5BAB}
2011-08-01 19:50:39 -------- d-----w- c:\users\thewalruschild\appdata\local\{4E3DC367-B186-4E7A-860A-BBEECA0528C3}
2011-07-17 21:04:54 -------- d-----w- c:\program files\iPod
2011-07-17 21:04:52 -------- d-----w- c:\program files\iTunes
2011-07-17 16:36:16 -------- d-----w- c:\users\thewalruschild\appdata\local\{B55A9DCC-AD78-4386-8C60-0D6C4CDAE9F2}
2011-07-17 04:35:50 -------- d-----w- c:\users\thewalruschild\appdata\local\{177978A4-F56B-45DF-A073-6CEED63ECC56}
2011-07-16 16:35:24 -------- d-----w- c:\users\thewalruschild\appdata\local\{126D1C33-BAF2-4ADC-8BDA-7DCEF47A1AB4}
2011-07-16 03:33:35 -------- d-----w- c:\users\thewalruschild\appdata\local\{821E407C-D5F9-472D-B578-8EEC45B8DF44}
2011-07-15 15:33:21 -------- d-----w- c:\users\thewalruschild\appdata\local\{836CEDEC-C90A-4FEF-9DD8-67E4CF250C04}
2011-07-15 00:01:04 -------- d-----w- c:\users\thewalruschild\appdata\local\{435E0EC3-A534-4047-A432-D733FB2DA7A8}
2011-07-14 12:00:52 -------- d-----w- c:\users\thewalruschild\appdata\local\{4C774DE1-0B45-4831-9EA3-9651A6F9E804}
.
==================== Find3M ====================
.
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 20:19:24.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 13 August 2011 - 08:49 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ESET log

Edited by RPMcMurphy, 13 August 2011 - 08:50 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 thewalruschild

thewalruschild
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 AM

Posted 17 August 2011 - 01:42 PM

hello, Thank you for your reply, I followed your instructions but the scan found nothing, my laptop is now presenting with the wireless function being disabled, i have tried using manual and switch to turn it on but the only way to connect is through ethernet. So there must still be a problem. Thank you for your help so far, and my apologies for taking so long to get back to you.

Thank you,
Korrie.

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 17 August 2011 - 04:40 PM

Hi,

Can you check the logs from your AV and let me know the complete path (ie: c:\windows\system32\file.sys) for a few of the files it's calling infected?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 thewalruschild

thewalruschild
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 AM

Posted 17 August 2011 - 05:06 PM

Files Infected:
c:\Users\thewalruschild\AppData\Roaming\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\thewalruschild\AppData\Local\Temp\0.007468198308305141.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\thewalruschild\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\thewalruschild\AppData\Roaming\Adobe\plugs\mmc154.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\thewalruschild\AppData\Roaming\Adobe\plugs\mmc347764058.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

I hope this is the information you where looking for.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 17 August 2011 - 05:18 PM

It's what I wanted, but I was looking for the "win32.ramnit.N" detections - sorry, I should have been more specific.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 thewalruschild

thewalruschild
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 AM

Posted 17 August 2011 - 05:28 PM

Im sorry, the above seems to be all my logs are showing, but mabye im going wrong somewhere.

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 17 August 2011 - 07:14 PM

That's actually good news. Please do this next:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 thewalruschild

thewalruschild
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 AM

Posted 18 August 2011 - 12:43 PM

hey I done that for you,

~COMBOFIX LOG~


ComboFix 11-08-18.02 - Thewalruschild 18/08/2011 18:00:59.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1913.1093 [GMT 1:00]
Running from: c:\users\Thewalruschild\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thewalruschild\AppData\Local\mfl.exe
c:\users\Thewalruschild\AppData\Local\ytd.exe
c:\users\Thewalruschild\AppData\Roaming\Adobe\plugs
c:\users\Thewalruschild\AppData\Roaming\Adobe\shed
c:\windows\s.bat
c:\windows\system32\oem8.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 17:15 . 2011-08-18 17:16 -------- d-----w- c:\users\Thewalruschild\AppData\Local\temp
2011-08-18 17:15 . 2011-08-18 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 19:30 . 2011-08-17 19:30 -------- d-----w- c:\windows\system32\lenovo
2011-08-17 19:18 . 2011-08-17 21:10 -------- d-----w- c:\program files\Broadcom Wireless
2011-08-17 19:18 . 2011-08-17 19:18 -------- d-----w- c:\users\Thewalruschild\AppData\Roaming\InstallShield
2011-08-17 19:00 . 2011-08-17 19:00 -------- d-----w- C:\Drivers
2011-08-17 18:35 . 2011-08-17 18:35 -------- d-----w- c:\program files\ESET
2011-08-17 15:52 . 2011-08-17 15:52 -------- d-----w- c:\windows\system32\EventProviders
2011-08-13 01:57 . 2011-08-13 01:57 -------- d-----w- c:\windows\en
2011-08-13 01:44 . 2011-08-13 01:44 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-12 13:37 . 2011-08-13 01:12 -------- d-----w- c:\users\Thewalruschild\AppData\Local\syqgwyjh
2011-08-10 21:22 . 2011-06-21 05:34 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-08-10 21:22 . 2011-06-21 05:36 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 21:22 . 2011-06-21 05:37 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-08-10 21:21 . 2011-06-21 05:35 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-10 21:21 . 2011-06-21 05:34 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-08-10 21:21 . 2011-06-21 04:26 386048 ----a-w- c:\windows\system32\html.iec
2011-08-10 21:21 . 2011-07-22 04:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-10 21:05 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 21:05 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 21:04 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 21:00 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 20:46 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 20:46 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 20:46 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 20:46 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 20:46 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-10 20:46 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2011-04-09 16:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-04-09 16:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 02:37 . 2011-07-13 01:16 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35 . 2011-06-28 22:44 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-08-17 15:01 . 2011-07-07 14:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-11-07 08:45 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2010-12-25 304464]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-04-06 2644992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-19 484920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"TpShocks"="c:\windows\system32\TpShocks.exe" [2009-07-27 182088]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2009-11-07 3122440]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2010-12-25 304464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-02-18 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0063221304127654mcinstcleanup;McAfee Application Installer Cleanup (0063221304127654);c:\users\THEWAL~1\AppData\Local\Temp\006322~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-08-14 20496]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-01-23 55504]
S2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Giraffic;Giraffic Video Accelerator;c:\program files\Giraffic\GirafficWatchdog.exe [2011-06-27 2211984]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 22:25]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc2271fafceecd.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 22:25]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 22:25]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc2271fdf1f6f2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 22:25]
.
2011-08-17 c:\windows\Tasks\Norton Security Scan for Thewalruschild.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-02-26 03:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Thewalruschild\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - c:\users\Thewalruschild\AppData\Roaming\Mozilla\Firefox\Profiles\uj2tqdcc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
Toolbar-Locked - (no file)
Toolbar-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-18 18:38:05
ComboFix-quarantined-files.txt 2011-08-18 17:38
.
Pre-Run: 1,834,278,912 bytes free
Post-Run: 1,743,712,256 bytes free
.
- - End Of File - - A745FEB06B67CE8C4C19602ECE4F7973

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 18 August 2011 - 08:12 PM

Posted Image P2P - I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete.

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Folder::
c:\users\Thewalruschild\AppData\Local\syqgwyjh

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 23 August 2011 - 09:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users