We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
virus - now computer won't connect to the internet help please
Options
Comments
-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23/07/2010 01:40:09
mbam-log-2010-07-23 (01-40-09).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 219454
Time elapsed: 32 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\drivers\ofkorr.sys (Trojan.Bubnix) -> Quarantined and deleted successfully.:love: married to the man of my dreams! 9-08-09
0 -
TICK AND FIX in hijackthislog:
O23 - Service: BullGuard scanning service (BsScanner) - Unknown owner - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (file missing)
O23 - Service: BullGuard update service (BsUpdate) - Unknown owner - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (file missing)
I'm hoping the new trojan found is the same one you hadn't removed earlier...
Better have alienRIK look at this for you.0 -
C:\Windows\System32\drivers\ofkorr.sys (Trojan.Bubnix) -> Quarantined and deleted successfully
this seems to be hanging on for grim death......
1. Run CCleaner, both cleaner and registry parts
2. Do a disk cleanup (open My Computer, right-click on C: drive, properties, disk cleanup, let it scan and tick ALL the boxes, then click the More Options tab, click to clean up old Restore points (may take a while to scan this bit), and click Yes to let it clean up everything.
3. Download Dr Web Cureit and do a full scan (it'll start a quick scan automatically, stop this and set a full scan running). Let it delete anything it finds and post the log back on here. (this wil take a good while to scan)
http://www.freedrweb.com/?lng=en
p.s. DON'T go anywhere near bt's security, especially if it's McCrapaffee-based....asking for trouble
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
hi i still haven't been able to get this to work even in safe mode with networking:love: married to the man of my dreams! 9-08-090 -
C:\Windows\System32\drivers\ofkorr.sys (Trojan.Bubnix) -> Quarantined and deleted successfully
this seems to be hanging on for grim death......
1. Run CCleaner, both cleaner and registry parts
2. Do a disk cleanup (open My Computer, right-click on C: drive, properties, disk cleanup, let it scan and tick ALL the boxes, then click the More Options tab, click to clean up old Restore points (may take a while to scan this bit), and click Yes to let it clean up everything.
3. Download Dr Web Cureit and do a full scan (it'll start a quick scan automatically, stop this and set a full scan running). Let it delete anything it finds and post the log back on here. (this wil take a good while to scan)
http://www.freedrweb.com/?lng=en
p.s. DON'T go anywhere near bt's security, especially if it's McCrapaffee-based....asking for trouble
ok, i've done all this but everytime i try to run cureit it jams my computer and the screen goes into funny lines?:love: married to the man of my dreams! 9-08-090 -
-
ComboFix 10-07-22.01 - CLAIRE 23/07/2010 13:55:00.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.2335 [GMT 1:00]
Running from: c:\users\CLAIRE\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.
2010-07-23 12:58 . 2010-07-23 12:58
d
w- c:\users\Public\AppData\Local\temp
2010-07-21 22:39 . 2010-07-21 22:39
d
w- c:\users\CLAIRE\AppData\Roaming\Motive
2010-07-21 22:38 . 2010-07-21 22:45
d
w- c:\programdata\Motive
2010-07-21 22:38 . 2010-07-21 22:39
d
w- c:\program files\Common Files\Motive
2010-07-21 22:38 . 2010-07-21 22:38
d
w- c:\program files\BT Broadband Desktop Help
2010-07-21 22:14 . 2010-07-21 22:14 388096 ----a-r- c:\users\CLAIRE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 22:14 . 2010-07-21 22:14
d
w- c:\program files\Trend Micro
2010-07-21 22:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 22:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 16:54 . 2010-07-21 16:54
d
w- c:\users\CLAIRE\AppData\Roaming\Malwarebytes
2010-07-21 16:53 . 2010-07-21 22:10
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 16:53 . 2010-07-21 16:53
d
w- c:\programdata\Malwarebytes
2010-07-21 12:07 . 2010-07-22 07:00
d
w- c:\program files\Common Files\Mcafee
2010-07-21 12:07 . 2010-07-21 12:07
d
w- c:\program files\McAfee.com
2010-07-21 12:07 . 2010-07-22 07:00
d
w- c:\program files\McAfee
2010-07-21 11:46 . 2010-07-21 15:11
d
w- c:\programdata\McAfee
2010-07-19 22:59 . 2010-07-19 22:59
d
w- c:\users\admin\AppData\Local\Google
2010-07-19 22:57 . 2010-07-19 22:57 85208 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Roaming\ATI
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\Power2Go
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\ATI
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\VirtualStore
2010-07-19 22:33 . 2010-07-20 17:38
d
w- c:\users\CLAIRE\AppData\Local\Diagnostics
2010-07-19 21:15 . 2010-05-20 23:14 38784 ----a-w- c:\users\CLAIRE\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-19 21:01 . 2010-07-19 21:57
d
w- c:\users\CLAIRE\AppData\Local\virjjgbie
2010-07-19 21:01 . 2010-07-22 07:00
d-sh--w- c:\users\CLAIRE\AppData\Roaming\lowsec
2010-07-15 22:33 . 2010-07-15 22:33 12124624 ----a-w- c:\users\CLAIRE\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe
2010-07-02 17:31 . 2010-07-02 17:31
d
w- c:\users\CLAIRE\AppData\Local\Gamenauts
2010-06-26 02:18 . 2010-06-26 02:18
d
w- c:\users\CLAIRE\AppData\Roaming\Flood Light Games
2010-06-26 02:17 . 2010-07-20 17:43
d
w- c:\program files\Games
2010-06-25 23:24 . 2010-06-25 23:24
d
w- c:\windows\Profiles
2010-06-25 23:24 . 2010-06-25 23:24
d
w- c:\users\CLAIRE\AppData\Roaming\InterTrust
2010-06-25 23:24 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-24 02:01 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:01 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:01 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:01 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:01 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 14:27 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 14:27 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 14:27 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 23:48 . 2010-07-22 23:31
d
w- c:\programdata\Yahoo! Companion
2010-07-22 23:42 . 2010-07-22 23:42
d
w- c:\program files\Microsoft Security Essentials
2010-07-22 23:41 . 2010-06-13 19:08
d
w- c:\program files\BitComet
2010-07-22 23:31 . 2010-07-22 23:31
d
w- c:\program files\CCleaner
2010-07-22 23:31 . 2010-07-22 23:31
d
w- c:\program files\Yahoo!
2010-07-22 23:31 . 2010-07-22 23:31
d
w- c:\users\CLAIRE\AppData\Roaming\Yahoo!
2010-07-22 23:24 . 2010-06-13 19:08
d
w- c:\users\CLAIRE\AppData\Roaming\BitComet
2010-07-19 21:54 . 2010-02-16 15:12
d
w- c:\program files\Microsoft
2010-06-27 18:09 . 2010-02-16 14:01
d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 23:24 . 2010-02-16 14:56
d
w- c:\program files\Common Files\Adobe
2010-06-25 22:10 . 2010-02-16 15:43
d
w- c:\program files\Microsoft.NET
2010-06-25 00:44 . 2009-07-14 04:52
d
w- c:\program files\Microsoft Games
2010-06-14 22:12 . 2010-06-14 22:12
d
w- c:\users\CLAIRE\AppData\Roaming\CyberLink
2010-06-13 19:09 . 2010-06-13 19:08
d
w- c:\program files\Google
2010-06-11 22:27 . 2010-02-16 15:42
d
w- c:\programdata\Microsoft Help
2010-06-11 01:01 . 2010-04-30 07:00 1008 ----a-w- c:\users\CLAIRE\AppData\Roaming\wklnhst.dat
2010-06-04 21:20 . 2010-02-16 15:14
d
w- c:\program files\Microsoft Silverlight
2010-06-01 17:37 . 2010-02-16 10:43 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24 . 2010-06-11 17:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 17:12 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 06:30 . 2010-05-24 06:30 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-24 06:30 . 2010-05-24 06:30 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-21 05:18 . 2010-06-11 17:12 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 23:14 . 2010-07-19 22:56 38784 ----a-w- c:\users\admin\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-20 23:14 . 2010-05-21 00:07 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-01 14:49 . 2010-06-11 17:12 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-07-22_02.26.46"]SnapShot@2010-07-22_02.26.46[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-29 10:23 . 2010-07-23 12:50 35066 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-07-23 12:50 41540 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-25 20:30 . 2010-03-25 20:30 42368 c:\windows\System32\drivers\MpNWMon.sys
- 2010-03-25 18:25 . 2010-07-22 02:06 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 18:25 . 2010-07-23 12:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-25 18:25 . 2010-07-22 02:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-25 18:25 . 2010-07-23 12:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-07-23 12:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-22 02:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-25 19:09 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 19:09 . 2010-07-23 12:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-25 19:09 . 2010-07-22 02:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-25 19:09 . 2010-07-23 12:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-25 19:09 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-25 19:09 . 2010-07-23 12:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-25 18:36 . 2010-07-23 12:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-25 18:36 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-26 15:07 . 2010-07-23 12:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-26 15:07 . 2010-07-22 02:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-26 15:07 . 2010-07-23 12:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-03-26 15:07 . 2010-07-22 02:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-03-26 15:07 . 2010-07-22 02:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-03-26 15:07 . 2010-07-23 12:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-03-25 18:36 . 2010-07-22 02:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-25 18:36 . 2010-07-23 12:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-25 18:36 . 2010-07-23 12:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-25 18:36 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-25 18:32 . 2010-07-23 12:50 9356 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-156472762-2403522986-494797692-1001_UserData.bin
+ 2010-07-23 12:38 . 2010-07-23 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-22 02:06 . 2010-07-22 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-22 02:06 . 2010-07-22 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-23 12:38 . 2010-07-23 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2010-07-22 02:11 628024 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-07-23 12:42 628024 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-07-23 12:42 110208 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-07-22 02:11 110208 c:\windows\System32\perfc009.dat
+ 2010-03-25 20:30 . 2010-03-25 20:30 151216 c:\windows\System32\drivers\MpFilter.sys
- 2009-07-14 02:03 . 2010-07-21 23:05 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-07-23 08:37 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-06-01 12:53 . 2010-06-01 12:53 1062400 c:\windows\Installer\d997.msi
+ 2010-06-01 14:01 . 2010-06-01 14:01 5654528 c:\windows\Installer\d991.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
c:\users\CLAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-5-21 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BdInstHk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [x]
R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 135664]
R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
--- Other Services/Drivers In Memory ---
*Deregistered* - ofkorr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
.
Contents of the 'Scheduled Tasks' folder
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.aldi.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ofkorr]
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-23 13:59:13
ComboFix-quarantined-files.txt 2010-07-23 12:59
ComboFix2.txt 2010-07-22 15:02
ComboFix3.txt 2010-07-22 02:27
Pre-Run: 951,903,997,952 bytes free
Post-Run: 952,157,970,432 bytes free
- - End Of File - - 4DE5B03198253C61B2C0E79425F8A6BB:love: married to the man of my dreams! 9-08-090 -
Youve not installed dr web have you??
If so uninstall it (your only supposed to use the scan mode, not install the actual program)
Manually remove this folder ~
c:\program files\BullGuard Ltd
TICK and FIX these in hijack ~
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5643
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
O20 - AppInit_DLLs: C:\Windows\System32\BdInstHk.dll:idea:0 -
hi, i don't think i installed it, as i can't find anywhere on the comp to uninstall it. i only have it as an icon on my screen to run.
i can't find the bullguard folder -think i already uninstalled it.
hijack can't fix 09 or either 10 as it says error.
10 said to use spybot so i am trying that now.
thanks:love: married to the man of my dreams! 9-08-090 -
Its easy to find the folder if it exists
Follow the address ~ c:\program files\BullGuard Ltd
So open C drive
Open PROGRAM FILES folder
look for BULLDOG folder:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards