Infected by Win32:sirefef-FQ

[GregW]

I have submited the file and am unsure of which results you need. Hopefully these are the ones.

SHA256:    9113a32b60d482ba398137c70d9e1d77ddf35f1dc49014f8ab4c7262cf41261e
SHA1:    40430a4ce6840156bddccac0d7a7f0af3af4c482
MD5:    7c850c13c8e707fed2bdb580cb5e6351
File size:    191.5 KB ( 196096 bytes )
File name:    nY.exe
File type:    unknown
Detection ratio:    0 / 42
Analysis date:    2012-04-23 15:26:42 UTC ( 1 minute ago )

Upon searching for the file on my PC I found the following info in the file properties. I dont know if its helpful but I think the programme is part of my flight sim stuff as its copyrighted by a company called Saitek who sell gaming controls and whos programmes I have installed.

File name/Description: NukeUYp Application
Type: Application
Origional File Name: NukeUYp.exe

[jeffce]

Hi,

Please download ERUNT (Emergency Recovery Utility NT).  This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.  **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {60F82C0B-7E22-497D-958E-5146D875FB53}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{60F82C0B-7E22-497D-958E-5146D875FB53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {60F82C0B-7E22-497D-958E-5146D875FB53}
IE - HKLM\..\SearchScopes\{60F82C0B-7E22-497D-958E-5146D875FB53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2719949982-2696988471-487218896-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
[2012/04/19 13:14:25 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\tfhhn7o0.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
[2012/04/19 13:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/04/19 13:14:18 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Conduit
[2012/04/19 13:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2
[2012/04/19 13:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/04/19 13:12:32 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\uTorrent
[1 C:\Users\Greg\Documents\*.tmp files -> C:\Users\Greg\Documents\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[createrestorepoint]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

[GregW]

I have attatched both of the OTL logs. One from the reboot and the other from the scan afterwards.

[jeffce]

Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer.  Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


[list=1]

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the Start button.
  
• Accept any security warnings from your browser.
• Check
  
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the Back button.
  
• Push Finish
  

http://www.eset.com/onlinescan/
----------

In your next reply please attach the logs made by Malwarebytes and ESET. 

[GregW]

Hi,

I have ran the scans, both logs are attatched.

[jeffce]

Hi Greg,

First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.


Copy the contents of the code box > right click in the command window and select paste

Code: [Select]

del "C:\Users\Greg\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120324022601300.rsc"
Press Enter
Now close the Command Prompt

How is your system running now? 

[GregW]

My system seems to be running okay.

I am still having a couple of problems with the ESET NOD32 antivirus component on my system. I am unable to use the interface and it continually prompts me that it is unable to communicate with the "kernal". I dont know if this is to do with the virus.

Besides this everything is running smoothly.

[jeffce]

Hi,

Let's get a new scan with OTL and attach the new log so we can get a fresh look. 

[GregW]

okay, thankyou very much. Here is the log.

[jeffce]

Hi,

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
IE - HKU\S-1-5-21-2719949982-2696988471-487218896-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 C8 28 DE 79 1C CB 01  [binary data]
IE - HKU\S-1-5-21-2719949982-2696988471-487218896-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
[2011/07/08 04:04:23 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\tfhhn7o0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetTools.lnk =  File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

----------

[GregW]

Attatched are the two logs produced. Upon system restart, after running the OTL fix, my system seemed unable to boot. After a number of attempts the loading screen finally appeared and the system booted as normal. I wasnt sure if this was to do with the fix or whether it had just overheated .

[jeffce]

Hi,

Any improvements? 

[GregW]

I have had no further problems when booting my system although I have recently had my system crash a couple of times when running pretty standard applications or processes, i.e. internet browser. Again i did wonder if this was just down to overheating and the need for abit of fan cleaning.

With regards to ESET it still seems to be having problems, prompting me that it cannot communicate with the kernal, however i think the best/easiest fix would perhaps be to re-install it

I haven’t noticed any more symptoms/problems to do with the original virus, but then again I’m no expert .

[jeffce]

Yeah I was going to have you reinstall ESET if you were still having problems with it and see if that fixed it up.