[Not curable - Ramnit] Win32/Heur from AVG

By TheMcDowell
Mar 6, 2012
  1. AVG keeps telling me that there's a threat which is called win32/Heur. Also I have a windows command processor permission window which keeps asking for permission to do something every few seconds.
  2. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    You've been to this very forum twice already so you should know what preliminaries are requested.
  3. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    I know, I started the scans just before posting

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.06.07

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Timeon :: MAGNERS [administrator]

    06/03/2012 22:24:17
    mbam-log-2012-03-06 (22-24-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196676
    Time elapsed: 7 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
  4. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Timeon at 23:39:55 on 2012-03-06
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.5994.3155 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\atieclxx.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskmgr.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    c:\program files (x86)\real\realplayer\update\realsched.exe
    C:\Users\Timeon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI3F6W1Y\b3uORcPBMqx2wFI369Aldy[1]
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\consent.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.searchonme.com/
    mStart Page = hxxp://search.searchonme.com/
    BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: MyTools Class: {c3a44133-7ead-434c-ac9e-7f1da176ba8c} - C:\Program Files (x86)\MyTools\MyTools.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Facebook Update] "C:\Users\Timeon\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [FuvKnyuy] C:\Users\Timeon\AppData\Local\woeypjom\fuvknyuy.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzYtOTUzNTIyNTQzLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=e012efa5339147d1bd15d1422d878156-fe8ff569b80f2f484900e7c69fd0f467631b63cf
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fuvknyuy.exe
    StartupFolder: C:\Users\Timeon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 77.244.128.44 77.244.128.45
    TCP: Interfaces\{1AB62972-70EA-451D-AD14-5B7D095FF2C6} : DhcpNameServer = 77.244.128.44 77.244.128.45
    TCP: Interfaces\{B3A5F3D3-8ACE-4A35-B648-0553907E48B5} : DhcpNameServer = 137.195.151.105 137.195.150.61 137.195.151.110
    TCP: Interfaces\{B3A5F3D3-8ACE-4A35-B648-0553907E48B5}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{B3A5F3D3-8ACE-4A35-B648-0553907E48B5}\8677D2775626 : DhcpNameServer = 137.195.151.105 137.195.150.61 137.195.151.110
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll
    BHO-X64: CrossriderApp0000435 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: MyTools Class: {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\MyTools.dll
    BHO-X64: MyTools - No File
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzYtOTUzNTIyNTQzLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=e012efa5339147d1bd15d1422d878156-fe8ff569b80f2f484900e7c69fd0f467631b63cf
    mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Timeon\AppData\Roaming\Mozilla\Firefox\Profiles\o9kis29y.default\
    FF - prefs.js: browser.search.selectedEngine - SearchOnMe
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: keyword.URL - hxxp://search.searchonme.com/?q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Timeon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/04 09:40:27];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-2-24 146928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]
    R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-06 10:57:21 -------- d-----w- C:\Program Files (x86)\Amazon
    2012-03-06 09:04:53 -------- d-----w- C:\Users\Timeon\AppData\Local\{0A46037A-DAC5-4120-B2AA-5D65BC24DC16}
    2012-03-06 09:04:28 -------- d-----w- C:\Users\Timeon\AppData\Local\{DDAF5B49-FC05-4B00-9F93-B2CAA0CB6D68}
    2012-03-03 23:53:09 -------- d-----w- C:\ProgramData\Premium
    2012-03-03 23:52:43 -------- d-----w- C:\Users\Timeon\AppData\Local\Premiumplay Codec-C
    2012-03-03 23:52:42 -------- d-----w- C:\Program Files (x86)\Premiumplay Codec-C
    2012-03-03 23:52:34 -------- d-----w- C:\codec-info
    2012-03-03 23:52:32 -------- d-----w- C:\Program Files (x86)\MyTools
    2012-03-03 23:52:01 -------- d-----w- C:\ProgramData\InstallMate
    2012-03-03 12:18:10 -------- d-----w- C:\Users\Timeon\AppData\Local\{5ED7E5DD-DC45-48E6-B179-40751485A9C1}
    2012-03-03 12:18:00 -------- d-----w- C:\Users\Timeon\AppData\Local\{C4FBEDE3-D7CA-4653-BB0F-F443FD953FF0}
    2012-02-29 08:41:14 -------- d-----w- C:\Users\Timeon\AppData\Local\{D6EE1BEA-3529-42F1-A24E-9BC5FE2CC301}
    2012-02-28 12:38:10 -------- d-----w- C:\Users\Timeon\AppData\Local\{A24AAD06-C9EA-4F02-9A81-0D896173E615}
    2012-02-28 12:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{3D190476-174D-445C-8691-4F5C6868D361}
    2012-02-28 00:38:11 -------- d-----w- C:\Users\Timeon\AppData\Local\{A58E021F-32D6-414F-88F7-D8C0360688FA}
    2012-02-28 00:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{B581E3F4-A935-4263-9487-DA4C2A7CFC5B}
    2012-02-27 12:38:10 -------- d-----w- C:\Users\Timeon\AppData\Local\{3CE61A20-1C69-4D8E-8D28-E146E218045B}
    2012-02-27 12:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{ADDCB200-335F-489A-A085-CDFF67D07F02}
    2012-02-27 00:38:11 -------- d-----w- C:\Users\Timeon\AppData\Local\{37CF7833-11D0-4119-955C-A0786183EA64}
    2012-02-27 00:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{AE234859-7D21-4A5F-A6F1-32EAADB3DC0E}
    2012-02-26 12:38:11 -------- d-----w- C:\Users\Timeon\AppData\Local\{CAC1344A-BAA7-423D-AAA2-DA822B5751E6}
    2012-02-26 12:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{A700D7E1-BC76-4E33-83AE-C5F970043AF0}
    2012-02-25 20:17:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{C306298A-95D6-4352-A983-9297F7471810}
    2012-02-25 20:17:48 -------- d-----w- C:\Users\Timeon\AppData\Local\{FC80C91A-06FE-48EB-86A0-410132CBFFB9}
    2012-02-25 11:00:23 -------- d-----w- C:\Users\Timeon\AppData\Local\{268A26A1-F7D1-4AA4-B530-E2D32A7BFE01}
    2012-02-25 10:59:39 -------- d-----w- C:\Users\Timeon\AppData\Local\{0296C4C1-B7BE-4EB4-B2C8-F45E5042DA18}
    2012-02-24 22:36:36 -------- d-----w- C:\Users\Timeon\AppData\Local\{86BBA40E-9D14-4E55-9F33-49CE72AE31F8}
    2012-02-24 22:36:26 -------- d-----w- C:\Users\Timeon\AppData\Local\{A847D249-19C7-4242-87DD-B60CDBBE560B}
    2012-02-24 10:36:59 -------- d-----w- C:\Users\Timeon\AppData\Local\{994E6B5D-C1B2-4581-BFC5-5737097F4CA9}
    2012-02-24 10:36:38 -------- d-----w- C:\Users\Timeon\AppData\Local\{79D53E16-EB78-43B1-B09D-27373B28E8EE}
    2012-02-23 20:59:19 -------- d-----w- C:\Users\Timeon\AppData\Local\{6EF6AE3E-6384-4134-A6E5-C09E826CEE78}
    2012-02-23 20:59:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{F658BE31-7F0F-43C9-A39A-AD389413AC19}
    2012-02-23 08:59:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{C7B78A80-F13A-41E3-B1BB-E75E8213D7B4}
    2012-02-23 08:59:20 -------- d-----w- C:\Users\Timeon\AppData\Local\{D95F21B7-4108-41F6-B71A-DE32DD88DC2B}
    2012-02-22 18:17:28 -------- d-----w- C:\Users\Timeon\AppData\Local\{BAE50C20-E338-4FE8-9E41-6B843B7E6723}
    2012-02-22 18:17:18 -------- d-----w- C:\Users\Timeon\AppData\Local\{791CA3D6-35DE-434D-AC48-53451E2053B9}
    2012-02-22 12:24:52 -------- d-----w- C:\Users\Timeon\AppData\Local\{0CBFA17F-6040-4F5D-B6D7-A948D3483601}
    2012-02-22 12:24:41 -------- d-----w- C:\Users\Timeon\AppData\Local\{FEAA545B-CAB8-40EF-B63F-F093D8913C4C}
    2012-02-22 11:46:34 -------- d-----w- C:\Users\Timeon\AppData\Local\{60F70DD2-0B1E-4E91-9925-8802AA1C4794}
    2012-02-22 11:46:23 -------- d-----w- C:\Users\Timeon\AppData\Local\{B04E1C1D-005F-4B00-8600-C018BFD723B7}
    2012-02-22 11:43:17 20 ----a-w- C:\windows\System32\SETCB3A.TMP
    2012-02-22 11:29:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{86D03859-F202-4FBA-BC5C-58BBF0583140}
    2012-02-22 11:29:12 -------- d-----w- C:\Users\Timeon\AppData\Local\{E58F8C43-3D07-4BDC-8239-799D45EFC445}
    2012-02-22 09:18:53 -------- d-----w- C:\Users\Timeon\AppData\Local\{B99B12DA-3E0A-46E4-BE42-C82A05E150E3}
    2012-02-22 09:18:41 -------- d-----w- C:\Users\Timeon\AppData\Local\{A5D28411-F5C6-4729-A74D-D184432C845F}
    2012-02-22 09:07:51 -------- d-----w- C:\Users\Timeon\AppData\Local\{17DF5B00-4962-46B9-9300-E897BE59131B}
    2012-02-22 09:07:41 -------- d-----w- C:\Users\Timeon\AppData\Local\{3098AC11-028F-4803-8AB5-774700C5E9F7}
    2012-02-22 00:06:09 -------- d-----w- C:\Users\Timeon\AppData\Local\{879EFAA6-B5F8-48EF-ACFF-89416C487664}
    2012-02-22 00:05:59 -------- d-----w- C:\Users\Timeon\AppData\Local\{6934E538-7EAB-41A9-B8D3-7A37690114F6}
    2012-02-21 15:20:54 -------- d-----w- C:\Users\Timeon\AppData\Roaming\The Creative Assembly
    2012-02-21 08:44:04 -------- d-----w- C:\Users\Timeon\AppData\Local\{4927DED6-A997-41A4-80C4-848DE880D00A}
    2012-02-21 08:43:42 -------- d-----w- C:\Users\Timeon\AppData\Local\{9E2B20ED-F56D-438C-9546-32E70DD025DB}
    2012-02-20 14:19:44 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-02-20 14:19:43 -------- d-----w- C:\Program Files (x86)\Steam
    2012-02-20 12:29:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{32F8CC54-E0B0-461B-AA09-B025CF0DB6A6}
    2012-02-19 21:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{3823B406-5DE8-4B02-AF05-B7DC6F25A36B}
    2012-02-19 21:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{F62769AA-C351-411B-A407-91F3780753C8}
    2012-02-19 09:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{49D8B769-BC3E-4AAA-B1BB-0FAFB1F2E732}
    2012-02-19 09:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{F42330BD-A39E-4A7F-9584-1F347D3DEA80}
    2012-02-18 21:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{C09B3935-F923-41CE-8654-FCB62DD00CF1}
    2012-02-18 21:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{C38CE92D-5437-4190-9858-86782085B3EB}
    2012-02-18 09:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{1B7F59BE-3FF4-41B3-A685-BDF97A12CAF6}
    2012-02-18 09:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{15541F83-F151-4628-BEBE-2CA6DB846217}
    2012-02-17 21:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{394924BE-05F1-41BD-BED4-329A5CF412F5}
    2012-02-17 21:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{C765B06E-5C8F-4541-81CA-FD315B4CB6F3}
    2012-02-17 09:01:16 -------- d-----w- C:\Users\Timeon\AppData\Local\{A80912A3-5305-4D11-B57E-519061476903}
    2012-02-17 09:01:06 -------- d-----w- C:\Users\Timeon\AppData\Local\{9E9FFE6E-0DB4-482E-93B3-7D6D745BA9DD}
    2012-02-16 20:40:44 -------- d-----w- C:\Users\Timeon\AppData\Local\{A80939BD-EA61-43F6-A0BD-DC2D6EDDB356}
    2012-02-16 20:40:34 -------- d-----w- C:\Users\Timeon\AppData\Local\{F8766856-1FEB-4F2B-BC6F-A838B01145A9}
    2012-02-16 08:41:07 -------- d-----w- C:\Users\Timeon\AppData\Local\{803E6197-4AD7-4FDA-9EA9-650350F6478D}
    2012-02-16 08:40:56 -------- d-----w- C:\Users\Timeon\AppData\Local\{6719EBB9-6D13-4AD6-88A5-09D5D7570F6B}
    2012-02-16 08:40:46 -------- d-----w- C:\Users\Timeon\AppData\Local\{5CE0131D-D6E1-472C-AC63-D73D52C80519}
    2012-02-16 08:40:35 -------- d-----w- C:\Users\Timeon\AppData\Local\{B203E34B-FEF3-4DFA-B873-A12D54D8252C}
    2012-02-15 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{D8172E0A-000C-4EC0-BF2F-F9AA0A0974CA}
    2012-02-15 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{4EDE9884-1C38-4D25-A7E8-623081B626A2}
    2012-02-15 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{1C58CDD9-3839-42D0-A81F-25F3C7112A6E}
    2012-02-15 08:56:14 -------- d-----w- C:\Users\Timeon\AppData\Local\{76550A5F-040D-4AC6-A6D5-C98326647FC5}
    2012-02-15 08:56:04 -------- d-----w- C:\Users\Timeon\AppData\Local\{8890587A-5C81-4856-946F-DB624C94EE45}
    2012-02-15 08:47:15 509952 ----a-w- C:\windows\System32\ntshrui.dll
    2012-02-15 08:47:15 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
    2012-02-15 08:47:14 515584 ----a-w- C:\windows\System32\timedate.cpl
    2012-02-15 08:47:14 478208 ----a-w- C:\windows\SysWow64\timedate.cpl
    2012-02-15 08:47:14 3143168 ----a-w- C:\windows\System32\win32k.sys
    2012-02-15 08:47:11 499200 ----a-w- C:\windows\System32\drivers\afd.sys
    2012-02-15 08:47:08 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
    2012-02-15 08:47:08 634368 ----a-w- C:\windows\System32\msvcrt.dll
    2012-02-14 22:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{83A47342-0795-4C4A-874B-8B3B9A4ED389}
    2012-02-14 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{D466A53A-5B2D-4AD4-9969-8FEEA4B39786}
    2012-02-14 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{D05ADBE3-B60E-4411-9C2F-45F05056AB40}
    2012-02-14 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{A9C292A3-AAE2-4B02-895F-81ED3AA13109}
    2012-02-13 22:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{2E9032DB-2A6B-4994-A240-40B1318BAF01}
    2012-02-13 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{38B0F116-0700-4F2D-AC85-655C67BC75FD}
    2012-02-13 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{13E4791E-C447-4284-AF54-1BC9F0347C49}
    2012-02-13 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{A3FE5201-5B65-4F44-90F1-96883A2FF87F}
    2012-02-12 22:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{269D5244-0BEB-4D55-8FFF-257F46C18EE3}
    2012-02-12 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{088A6541-DCCC-47FA-A166-561A068DCFB6}
    2012-02-12 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{FCB83F0A-3D22-471F-A964-44C1475543F0}
    2012-02-12 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{0EA6DF24-C8CA-495A-8CD4-C66B5D51BBA1}
    2012-02-11 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{B41CFC68-7C6E-42DC-A30C-B8CD55F55D72}
    2012-02-11 22:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{AD5D8414-090E-46AF-93E7-7F088B8061D4}
    2012-02-11 10:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{6AC8386C-2FF2-4FD3-8F29-A78B64DFAA08}
    2012-02-11 10:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{15D347CE-C898-4A7B-8868-744CC57C3224}
    2012-02-10 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{D4C745ED-975E-443A-B024-192921224915}
    2012-02-10 22:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{73D169C6-A1A6-4FAF-A525-36D2E3D284CA}
    2012-02-10 10:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{CF8AA3D5-31C9-40AB-A53F-A8172D76D66C}
    2012-02-10 10:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{B2DF29BF-D95C-456E-BE58-330EA6259C5D}
    2012-02-09 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{8E12DD53-7E64-455C-AD30-E3C622BE5FDF}
    2012-02-09 22:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{DA280597-0788-467F-8B43-58EAB251D857}
    2012-02-09 10:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{E2ED659D-E58D-4630-B58D-37716506557D}
    2012-02-09 10:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{F5C6ADCF-0729-4377-9F80-268A61A2BCBD}
    2012-02-08 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{80271219-2AEC-49C0-A418-B82BBBE1B461}
    2012-02-08 22:03:02 -------- d-----w- C:\Users\Timeon\AppData\Local\{BF495492-67B6-46DC-95EE-D5FD2C8FA828}
    2012-02-08 10:03:59 -------- d-----w- C:\Users\Timeon\AppData\Local\{8AF21186-ECE3-4BAC-925D-8F750F99C1C7}
    2012-02-08 10:03:26 -------- d-----w- C:\Users\Timeon\AppData\Local\{BE881B6E-D4EE-4FC6-8AB6-9C10CC63E8C9}
    2012-02-07 21:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{BC7E4E80-8E85-49A6-9DCA-8B51C3AB4502}
    2012-02-07 21:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{C59461A3-DB6D-4E52-8873-7018EFF18607}
    2012-02-07 20:56:54 -------- d-----w- C:\Users\Timeon\AppData\Local\{D6A9D90E-F80B-4333-8E5D-00B7475DAFA8}
    2012-02-07 09:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{59057672-2472-4933-80C7-8F50C735CA44}
    2012-02-07 09:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{7E807C68-0390-4A47-908B-DC9B225D0F53}
    2012-02-06 21:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{9FC72AAF-E671-45A3-BC02-FD5FCFE75A07}
    2012-02-06 21:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{157B3856-342C-46E8-A27C-79935C0DBC9C}
    2012-02-06 09:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{EF8B5F10-1919-4FA8-A4FF-FE8B0090323A}
    2012-02-06 09:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{251A7BA3-83A1-454D-A041-DD876B2AB697}
    .
    ==================== Find3M ====================
    .
    2012-02-25 20:18:58 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-07 14:23:44 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
    2012-01-06 00:23:58 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
    2011-12-16 08:45:22 1197568 ----a-w- C:\windows\System32\wininet.dll
    2011-12-16 08:41:26 57856 ----a-w- C:\windows\System32\licmgr10.dll
    2011-12-16 08:02:26 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2011-12-16 07:58:33 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
    2011-12-16 07:26:35 482816 ----a-w- C:\windows\System32\html.iec
    2011-12-16 06:49:33 386048 ----a-w- C:\windows\SysWow64\html.iec
    2011-12-16 06:43:48 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2011-12-16 06:15:25 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2011-12-10 15:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 23:40:32.15 ===============
  5. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 23/10/2011 13:14:44
    System Uptime: 28/02/2012 01:07:24 (190 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R540/R580/R780/SA41/E452/E852
    Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 2667/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 231 GiB total, 95.784 GiB free.
    D: is FIXED (NTFS) - 345 GiB total, 277.888 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP97: 28/02/2012 00:13:05 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    "The last Kingdom"
    ?? ??? ?? Windows Live Mesh ActiveX ???
    ??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
    ???? ??? Windows Live
    ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
    ???? Windows Live
    ????? Messenger
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    ???????? ?? Messenger
    ???????? ?????????? Windows Live
    ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
    ????????? Messenger
    ?????????? Windows Live
    ??????????? ?? Windows Live
    888poker
    Acoustica Effects Pack
    Acoustica Mixcraft 5
    ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
    ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
    Adobe Reader 9.1
    Alice Greenfingers
    Amazon MP3 Downloader 1.0.9
    „Messenger“ pagalbine priemone
    Atheros Client Installation Program
    AVG Security Toolbar
    Avid License Control
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    Barbarian Invasion
    BatteryLifeExtender
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Bonbon Quest
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CivCity
    Commander: Conquest of the Americas
    Complemento Messenger
    Complément Messenger
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
    Controle ActiveX do Windows Live Mesh para Conexões Remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    CyberLink Blu-ray Disc Suite
    CyberLink MediaShow
    CyberLink PhotoNow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 9
    CyberLink YouCam
    D3DX10
    Daycare Nightmare
    DivX Setup
    Doplnok programu Messenger
    Easy Content Share
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    EasyFileShare
    Empire: Total War
    Facebook Video Calling 1.1.1.1
    Flip Words
    Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
    Fotogalerija Windows Live
    Galapago
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    Game Pack
    GameSpy Arcade
    Gem Shop
    Google Earth
    Google Update Helper
    Insaniquarium Deluxe
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Kontrola Windows Live Mesh ActiveX za daljinske veze
    Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
    MagicDisc 2.7.106
    Mahjong Escape Ancient China
    Malwarebytes Anti-Malware version 1.60.1.1000
    Marvell Miniport Driver
    Medieval II Total War
    Medieval II Total War : Kingdoms : Britannia
    Mesh Runtime
    Messenger-kumppani
    Messenger ??? ??
    Messenger ????
    Messenger ?????
    Messenger Assistent
    Messenger Companion
    Messenger kíséro
    Messenger Pratilac
    Messenger Suradnik
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Rise Of Nations
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 9.0.1 (x86 en-GB)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    MyTools
    Norton Online Backup
    Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
    Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    PokerStars
    Pomocnik Messenger
    Pošta Windows Live
    Premiumplay Codec-C
    Raccolta foto di Windows Live
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rise of Nations Thrones and Patriots
    Rome - Total War - Alexander
    Rome - Total War(TM)
    S?????? f?t???af??? t?? Windows Live
    Samsung Recovery Solution 4
    Samsung Support Center
    Samsung Update Plus
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Sibelius 7 OpenType Fonts
    Skype™ 4.2
    Slingo
    Spremljevalec Messenger
    St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
    Steam
    The Sims(TM) 3
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    User Guide
    Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
    VC80CRTRedist - 8.0.50727.6195
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.0.1
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Foto-galerija
    Windows Live fotoattelu galerija
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
    Windows Live Mesh ActiveX-objekt til fjernforbindelser
    Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Mesh ActiveX kontrola za daljinske veze
    Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
    Windows Live Meshin etäyhteyksien ActiveX-komponentti
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Pošta
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    .
    ==== Event Viewer Messages From Past Week ========
    .
    05/03/2012 13:28:22, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 109.202.235.91. The computer with the IP address 109.202.235.90 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
  6. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    Ran GMER forgot to save, unable to post since nothing was found when I ran it a second time nothing comes up. Also I don't know if this is related but firefox keeps crashing:
    2830737%2C+%276841166657021360107%27%2C+1331077718%2C+1341445718%2C+288734%2C+147776%2C+0%2C+4%2C+10368000%29%3B&cnd=!dRuOBgjezxEQhaFdGAAgwIIJMAA4h6UFQARInQRQrLstWABg1AdoAHAGeJYBgAEKiAE0kAEBmAEBoAEBqAEAsAEAuQEAAAAAAAAIQMEBAAAAAAAACEDJAbxVCpvEpt8_2QEAAAAAAADwP-ABAA..&ccd=!4QTKKQjezxEQhaFdGMCCCSAE&vpid=45&referrer=http://vidreel.com/video/OTE4NDI3/&media_subtypes=6&dlo=1
    Vendor: Mozilla
    Version: 9.0.1
    Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
    MSAFD Tcpip [UDP/IP] : 2 : 2 :
    MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
    MSAFD Tcpip [TCP/IPv6] : 2 : 1 :
    MSAFD Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
    MSAFD Tcpip [RAW/IPv6] : 2 : 3 :
    RSVP TCPv6 Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
    RSVP TCP Service Provider : 2 : 1 :
    RSVP UDPv6 Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
    RSVP UDP Service Provider : 2 : 2 :

    This report also contains technical information about the state of the application when it crashed.
  7. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  8. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-07 10:28:52
    -----------------------------
    10:28:52.844 OS Version: Windows x64 6.1.7600
    10:28:52.844 Number of processors: 4 586 0x2505
    10:28:52.844 ComputerName: MAGNERS UserName: Timeon
    10:28:53.795 Initialize success
    10:30:47.941 AVAST engine defs: 12030600
    10:30:52.121 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    10:30:52.121 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
    10:30:52.137 Disk 0 MBR read successfully
    10:30:52.153 Disk 0 MBR scan
    10:30:52.199 Disk 0 unknown MBR code
    10:30:52.215 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
    10:30:52.231 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
    10:30:52.231 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 236544 MB offset 42149888
    10:30:52.262 Disk 0 Partition - 00 0F Extended LBA 353354 MB offset 526592000
    10:30:52.277 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 353353 MB offset 526594048
    10:30:52.309 Disk 0 scanning C:\windows\system32\drivers
    10:31:00.936 Service scanning
    10:31:21.434 Modules scanning
    10:31:21.434 Disk 0 trace - called modules:
    10:31:21.450 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    10:31:21.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005eca060]
    10:31:21.450 3 CLASSPNP.SYS[fffff88001a9b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800580f050]
    10:31:22.526 AVAST engine scan C:\windows
    10:31:25.880 AVAST engine scan C:\windows\system32
    10:33:52.739 AVAST engine scan C:\windows\system32\drivers
    10:34:01.677 AVAST engine scan C:\Users\Timeon
    10:34:42.393 File: C:\Users\Timeon\AppData\Local\Microsoft\Toolbar\Applications\bingrewardsclient.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:34:42.815 File: C:\Users\Timeon\AppData\Local\Microsoft\Toolbar\BackUp\bingrewardsclient.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:37:04.713 File: C:\Users\Timeon\AppData\Local\Temp\Addons\CC42B9F0\mytools.exe **INFECTED** Win32:Ramnit-AC [Drp]
    10:37:12.169 File: C:\Users\Timeon\AppData\Local\Temp\drm_dialogs.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:37:12.216 File: C:\Users\Timeon\AppData\Local\Temp\drm_dyndata_7350008.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:37:19.049 File: C:\Users\Timeon\AppData\Local\Temp\stubhelper.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:37:31.669 File: C:\Users\Timeon\AppData\Local\Temp\~rnsetup\GEMSETUP\pnrs3260.dll **INFECTED** Win32:Ramnit-AC [Drp]
    10:43:47.599 AVAST engine scan C:\ProgramData
    10:44:25.866 Disk 0 MBR has been saved successfully to "C:\Users\Timeon\Desktop\MBR.dat"
    10:44:25.866 The log file has been saved successfully to "C:\Users\Timeon\Desktop\aswMBR.txt"
  9. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000005`06500000
    Boot sector MD5 is: b056bbeee0e7c7054bd76bc96e85f56a

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  10. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    I'm afraid I have very bad news.

    You're infected with Ramnit file infector virus.

    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
  11. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    I have a lot of important files (Uni thesis, correspondance, work etc.) is it possible to save them? Also how do I go about reformatting if my harddisk is partioned into C and D?
     
  12. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    Also if amazon memorizes my credit details and my amazon password remembered by firefox is that a problem?
  13. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Yes, you can save your data but you have to scan all those files with your AV program after formatting and before putting them back.

    I suggest you ask that question at Windows or hardware forum.

    I'm not exactly sure what is your question.
  14. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    Is it safe to put the files on a portable harddrive and then reconnect it or is there another way I should do things?
    Also can CD/DVDs be infected?
  15. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    You can put those files on any external media but don't connect those media to any other computer.

    Then when you're done with formatting and reinstalling Windows...
    Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
  16. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    Great thanks.
  17. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Sure thing :)
  18. TheMcDowell

    TheMcDowell Newcomer, in training Topic Starter Posts: 35

    I've reinstalled everything, what scan should I run to be sure my laptop's fine now?
  19. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    If you formatted the drive you don't have to worry about anything.

    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Download and install Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free.
    Use it every couple of weeks.

    Make sure, Windows Updates are current.

    Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.