[Ramnit- Not curable] Webpages constantly redirecting when clicking links in Google

By 87morris87
Jun 20, 2011
Topic Status:
Not open for further replies.
  1. Hi,

    Whenever I try to access a webpage via 'Google search' the website is automatically redirecting to random sites.

    I've followed the instructions on this site as closely as I could, but would appreciate some further assistance.

    Thanks in advance for any help.

    Edit: Deleted extra Mbam log by Bobbye.

    Results for Quick Scan were as follows:

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6884

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    19/06/2011 23:09:47
    mbam-log-2011-06-19 (23-09-46).txt

    Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
    Objects scanned: 269360
    Time elapsed: 1 hour(s), 11 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help with the redirect.

    Please follow the additional steps in the Preliminary Virus and Malware Removal thread HERE.
    Note: You do not need to run Malwarebytes again. And since all of the scans were clean, I am going to delete all but the last Mbam log.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ==========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. 87morris87

    87morris87 Newcomer, in training Topic Starter

    GMER Results

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-20 19:54:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BB-98DWA0 rev.15.05R15
    Running: f9kyjdgb.exe; Driver: C:\DOCUME~1\Mary\LOCALS~1\Temp\uwndapog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- System - GMER 1.0.15 ----

    SSDT spch.sys ZwEnumerateKey [0xF8533CA4]
    SSDT spch.sys ZwEnumerateValueKey [0xF8534032]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F8471B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F8471B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8471B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F8471B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F8471B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \FileSystem\Ntfs \Ntfs 82F6B1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsxp.sys (AVG Resident Anti-Virus Shield/GRISOFT, s.r.o.)
    AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

    Device \FileSystem\Fastfat \Fat 8276B500

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat avg7rsxp.sys (AVG Resident Anti-Virus Shield/GRISOFT, s.r.o.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:132] 82E84E7A
    Thread System [4:136] 82E87008

    ---- EOF - GMER 1.0.15 ----
  4. 87morris87

    87morris87 Newcomer, in training Topic Starter

    Not great with computers and need a bit of assistance here! I've followed the instructions carefully so far but I'm stuck at Step 4 where it's asking me to disable script blocking protection in order to run DDS. How do I disable script blocking protection???
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please try to observe this:
    Questions are best asked on the thread.

    AVG
    Please open the AVG Control Center
    • Double-click on the "AVG Resident Shield" component [​IMG])[/color]
    • Uncheck "Turn on AVG Resident Shield"
    • Save the setting.
    ==================================================
    If this doesn't work, let me know. The only thing I have to go on is that it appears you run AVG.
  6. 87morris87

    87morris87 Newcomer, in training Topic Starter

    Hi thanks for your reply,

    When double clicking 'AVG Resistant Shield', I am presented with this screen.

    Attached Files:

    • avg.GIF
      avg.GIF
      File size:
      12 KB
      Views:
      2
  7. 87morris87

    87morris87 Newcomer, in training Topic Starter

    Also, here's a screenshot of my desktop too so you can see from the icons, the main programs I'm running/using. Would really appreciate if you could tell me which of them contain script blocking protection and how to disable for each if that is what's required.

    (Please note Firefox is my default browser and pretty much the only one I use.)

    Hope this helps.

    Thanks again.

    David

    Attached Files:

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Disable AVG Script Blocking:
    AVG 9.0
    Resident Shield:
    * Open AVG User Interface.
    * Double-click on the Resident Shield.
    * Un-tick the option Resident Shield active.
    * Save the changes.
    * Also see: AVG FAQ 2429: How to temporarily disable AVG Free Edition 9.0
    Reverse to re-enable.

    AVG 2011
    Please open the AVG 2011 Control Center, by right clicking on the AVG icon on task bar.
    * Click on Open AVG User Interface.
    * On the Menu Bar, click on Tools
    * Click Advanced Settings
    * In the new screen which opens, scroll down to Temporarily disable AVG protection. Click on it to highlight it.
    * In the right hand pane, tick the box for Temporarily disable AVG protection
    * Click Apply
    * In the next screen which opens, select 15 minutes from the drop down menu, then click the Disable real time protection button.
    * Click OK

    Re-enable:
    Tick Enable on the main GUI interface to Re-enable. You may also need to click Fix (enable becomes Fix if all components do not start)

    ==================
    Open Internet Options in Control Panel or Tools in IE> Security tab> Custom button> Scripting section> Check 'Enable scripting in Active X Controls marked as safe'> Apply> OK.
  9. 87morris87

    87morris87 Newcomer, in training Topic Starter

    DDS Results

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Run by Mary at 1:03:34 on 2011-06-25
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Software Informer\softinfo.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Documents and Settings\Mary\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Belkin\F5D7051\WLService.exe
    C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Mary\My Documents\Downloads\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    mDefault_Page_URL = hxxp://uk.yahoo.com
    mStart Page = hxxp://uk.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
    uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
    uRun: [fsm]
    uRun: [Google Update] "c:\documents and settings\mary\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [NI.UERS_0001_NI57M1124] "c:\documents and settings\mary\local settings\temporary internet files\content.ie5\nafxxlnn\ErrorSafeScannerInstall[1].exe" -nag
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [Mouse Suite 98 Daemon] ICO.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [adiras] adiras.exe
    mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [ksdfghk.Bin.exe] c:\ksdfghk.bin\ksdfghk.Bin.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
    IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunApp.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: sony-europe.com
    Trusted Zone: sonystyle-europe.com
    Trusted Zone: vaio-link.com
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{64C668CC-06CB-4CD5-AAD4-E008CCB35A71} : DhcpNameServer = 192.168.1.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\mary\application data\mozilla\firefox\profiles\iaf7mgo1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\documents and settings\mary\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\documents and settings\mary\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============
    .
    R? AVG Security Toolbar Service;AVG Security Toolbar Service
    R? AVGIDSAgent;AVGIDSAgent
    R? AVGIDSEH;AVGIDSEH
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? nosGetPlusHelper;getPlus(R) Helper 3004
    R? NPF;NetGroup Packet Filter Driver
    R? StumbleUponUpdateService;StumbleUponUpdateService
    R? XobniService;XobniService
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSFilter;AVGIDSFilter
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgwd;AVG WatchDog
    .
    =============== Created Last 30 ================
    .
    2011-06-24 23:48:33 -------- d-----w- c:\documents and settings\mary\application data\AVG10
    2011-06-24 23:44:17 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
    2011-06-24 23:39:49 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-06-24 23:39:49 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-06-24 23:38:42 -------- d-----w- c:\program files\AVG
    2011-06-24 23:23:08 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-06-24 23:22:21 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-06-19 00:13:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-06-19 00:13:52 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-17 13:22:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-17 13:22:02 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-17 13:21:01 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-06-17 13:20:45 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-17 13:18:45 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-17 13:17:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-06-17 13:17:11 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-06-17 13:12:51 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-06-17 13:08:30 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    .
    ==================== Find3M ====================
    .
    2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2004-11-12 12:54:02 10156943 ----a-w- c:\program files\avg70free_289a392.exe
    2004-10-16 12:25:12 474256 ----a-w- c:\program files\GoogleToolbarInstaller.exe
    2004-10-10 17:39:26 1068498 ----a-w- c:\program files\bma_fishtank.exe
    2004-09-09 15:42:12 59992 ----a-w- c:\program files\msnaddin.exe
    .
    ============= FINISH: 1:05:21.14 ===============
  10. 87morris87

    87morris87 Newcomer, in training Topic Starter

    DDS Results cont.

    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat Elements 6.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Premiere 6 LE
    Adobe Reader 7.0
    Agere Systems AC'97 Modem
    Amazon MP3 Downloader 1.0.4
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AVG 2011
    Belkin High-Speed Mode Wireless G USB Network Adapter
    Bluemountain Fish Tank Screen Saver
    Bonjour
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DAEMON Tools Toolbar
    DNA
    DVgate Plus
    getPlus(R) for Adobe
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Intel(R) PRO Network Adapters and Drivers
    InterVideo WinDVD 5 for VAIO
    IPIX ActiveX Viewer
    ISP Selector
    ISP Selector (English)
    iTunes
    Jasc Paint Shop Pro 8
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    LucasArts' Curse of Monkey Island
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee Security Scan
    Memory Stick Formatter
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Outlook Connector
    Microsoft Office Small Business Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works 7.0
    MoodLogic
    Mozilla Firefox 4.0.1 (x86 en-GB)
    MSN Toolbar
    MSVCRT
    Music Visualizer Library 1.4.00
    NVIDIA Windows 2000/XP Display Drivers
    OpenMG Secure Module 3.3.01
    Photodex Presenter
    QuickTime
    RealPlayer
    SAGEM F@st 800-840
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype™ 5.3
    Software Informer 1.0 BETA
    SonicStage
    Sony USB Mouse
    Sony Video Shared Library
    Spotify
    Spybot - Search & Destroy
    StumbleUpon IE Toolbar
    TouchCopy
    TweetDeck
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VAIO BrightColor Wallpaper
    VAIO Clock Screen Saver
    VAIO DeepSea Wallpaper
    VAIO Edit Components
    VAIO Media 2.5
    VAIO Media Music Server 2.5
    VAIO Media Photo Server 2.5
    VAIO Media Platform 2.5
    VAIO Media Redistribution 2.5
    VAIO Media Setup 2.5
    VAIO Online Registration (English)
    VAIO Product Survey (English)
    VAIO System Information
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.1.9
    VOR
    vPod (Remove Only)
    VPS
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinPcap 4.0.2
    WinRAR 4.00 (32-bit)
    Xobni
    Xobni Core
    .
    ==== End Of File ===========================
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    We need to get you down to just 1 antivirus program. Right now, you have 3:
    AVG
    Symantec
    McAfee

    Please decide which you want to keep and remove the other 2 using the tool I left.
    Note: I am going to have you run Combofix and it will not run with AVG So you can remove that temporarily per my instructions below. Do NOT get one of the temporary AV programs suggested!
    =================================
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    You do not need to add a Temporary AV
    =============================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =============================
    Please either disable or uninstall Bit Torrent. It is a file sharing program and you will get malware using it.
    Note: Some adware/spyware entries on the system are frequently pre-checked options on download screen-such as the Ask Bar. Please check the d/l screens carefully before the download and remove any off the pre-checked processes.
     
  12. 87morris87

    87morris87 Newcomer, in training Topic Starter

    ComboFix 11-06-28.05 - Mary 29/06/2011 1:44.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.160 [GMT 1:00]
    Running from: c:\documents and settings\Mary\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Mary\Application Data\Adobe\plugs
    c:\documents and settings\Mary\Application Data\Adobe\plugs\mmc18720000.txt
    c:\documents and settings\Mary\Application Data\Adobe\shed
    c:\documents and settings\Mary\Application Data\Adobe\shed\thr1.chm
    c:\documents and settings\Mary\WINDOWS
    c:\windows\system32\_000013_.tmp.dll
    c:\windows\system32\rnaph.dll
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_SPYWARECLEANERSERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-28 20:38 . 2011-06-28 21:24 -------- d-----w- c:\program files\nspcjtgv
    2011-06-25 10:24 . 2011-06-25 10:24 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\AVG Security Toolbar
    2011-06-24 23:39 . 2011-06-28 23:45 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-06-24 23:23 . 2011-06-24 23:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-06-19 00:13 . 2011-06-19 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-17 13:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-17 13:22 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-17 13:21 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-06-17 13:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-17 13:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-17 13:17 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-06-17 13:17 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-06-17 13:12 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-06-17 13:08 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-06-16 19:58 . 2011-06-16 20:00 -------- d-s---w- c:\documents and settings\Administrator
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-29 08:11 . 2011-04-19 17:21 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-02 15:31 . 2003-03-03 15:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2003-12-01 15:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2003-12-01 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2003-12-01 15:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2003-12-01 15:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2003-12-01 15:29 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2004-11-12 12:54 . 2004-11-12 12:53 10156943 ----a-w- c:\program files\avg70free_289a392.exe
    2004-10-16 12:25 . 2004-10-16 12:24 474256 ----a-w- c:\program files\GoogleToolbarInstaller.exe
    2004-10-10 17:39 . 2004-10-10 17:39 1068498 ----a-w- c:\program files\bma_fishtank.exe
    2004-09-09 15:42 . 2004-09-09 15:42 59992 ----a-w- c:\program files\msnaddin.exe
    2011-05-09 00:36 . 2011-05-09 00:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-08 323392]
    "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 45056]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Mary\Start Menu\Programs\Startup\
    wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
    backup=c:\windows\pss\DSLMON.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^wkcalrem.LNK]
    path=c:\documents and settings\Mary\Start Menu\Programs\Startup\wkcalrem.LNK
    backup=c:\windows\pss\wkcalrem.LNKStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2003-11-15 21:00 335872 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    2002-08-20 10:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-08-18 16:56 4841472 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SNDSrvc"=2 (0x2)
    "navapsvc"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58261:TCP"= 58261:TCP:BitTorrent
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/05/2009 15:32 721904]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/08/2010 17:00 136176]
    S2 XobniService;XobniService;"c:\program files\Xobni\XobniService.exe" --> c:\program files\Xobni\XobniService.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/08/2010 17:00 136176]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [01/12/2003 16:30 14336]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
    S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [03/06/2009 21:52 120168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-18 14:49]
    .
    2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-18 14:49]
    .
    2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3506826373-3119739353-1898927670-1005Core.job
    - c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 09:12]
    .
    2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3506826373-3119739353-1898927670-1005UA.job
    - c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 09:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://uk.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
    IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
    Trusted Zone: sony-europe.com
    Trusted Zone: sonystyle-europe.com
    Trusted Zone: vaio-link.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Mary\Application Data\Mozilla\Firefox\Profiles\iaf7mgo1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ffds1&p=
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
    HKCU-Run-fsm - (no file)
    HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
    HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
    HKLM-Run-adiras - adiras.exe
    HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    HKU-Default-Run-ksdfghk.Bin.exe - c:\ksdfghk.bin\ksdfghk.Bin.exe
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-Drag'n Drop CD+DVD - c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
    MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
    MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
    MSConfigStartUp-NI - c:\documents and settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\WinFixer2005ScannerInstall[1].exe
    MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
    MSConfigStartUp-Spyware Cleaner - c:\program files\Spyware Cleaner\SpywareCleaner.Exe
    AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
    AddRemove-XobniMain - c:\program files\Xobni\UninstallerWizard.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-29 01:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3506826373-3119739353-1898927670-1005\RemoteAccess\Profile\x *]
    "EnableAutodisconnect"=dword:00000001
    "EnableExitDisconnect"=dword:00000001
    "DisconnectIdleTime"=dword:00000014
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1680)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\Belkin\F5D7051\WLanCfgG.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\ICO.EXE
    c:\windows\AGRSMMSG.exe
    c:\program files\Microsoft ActiveSync\wcescomm.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-29 02:08:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-29 01:08
    .
    Pre-Run: 2,616,770,560 bytes free
    Post-Run: 6,336,253,952 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - D797ADF8C73EE686A03F01BE7561EAB8
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You cannot run the Norton/Symantec Security and AVG 2011. Please remove one of them.
    Reboot the computer.
    =======================================
    Please run this Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ================================
    Please go ahead and run the Eset Online scan.

    I will have script for you to run through Combofix when I've gotten the logs.
  14. 87morris87

    87morris87 Newcomer, in training Topic Starter

    C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\All Users\Application Data\DivX\Setup\RunAsUser\RUNASUSERPROCESS.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\All Users\Application Data\NOS\nosget_start_manager_15235.html Win32/Ramnit.A virus
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm Win32/Ramnit.A virus
    C:\Documents and Settings\All Users\Application Data\Skype Extras\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\crashreporter.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\freebl3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\js3250.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\mozctl.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\mozctlx.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\msvcr71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\nspr4.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\nss3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\nssckbi.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\nssutil3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\plc4.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\plds4.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\smime3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\softokn3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\sqlite3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\ssl3.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\updater.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xpcom.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xpcshell.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xpidl.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xpt_link.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xul.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\xulrunner.exe a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\auth.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\pippki.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\iaf7mgo1.default\bookmarks.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Application Data\Mozilla\Plugins\npPxPlay.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Netscape\Plugins\npPxPlay.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Spotify\Gracenote\gnsdk_dsp.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\12\3cc664c-280a4a37 probably a variant of Java/Exploit.CVE-2010-4452.A trojan
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-571b765a-n\Decora-D3D.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-6d51bfb6-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-6d51bfb6-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-6d51bfb6-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-6d51bfb6-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-6d51bfb6-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\16\488e63d0-43e5b6d1 Java/Exploit.CVE-2010-3562.A trojan
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-156644df-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-156644df-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-224d4f38-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-224d4f38-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-30db85e5-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-30db85e5-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-30db85e5-n\msvcr71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-79d04e2c-n\Decora-D3D.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-465180e4-n\Decora-SSE.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-291dc331-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-291dc331-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-291dc331-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-6001b7c5-n\gluegen-rt.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-2041c898-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-2041c898-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-2041c898-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-2041c898-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-2041c898-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5f921f24-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5f921f24-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5f921f24-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\50\5535ab32-58d5e0ed-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\50\5535ab32-58d5e0ed-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-506b20dd-n\Decora-SSE.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-2d125554-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-2d125554-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-2d125554-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\60\240bc57c-57d9aca1 probably a variant of Win32/Agent.ZVRMM trojan
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\61\7ae6b8bd-549d5cea probably a variant of Win32/Agent.CDGQEWH trojan
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f98cbe-n\jogl.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f98cbe-n\jogl_awt.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f98cbe-n\jogl_cg.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-556e3088-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-556e3088-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-556e3088-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-556e3088-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-556e3088-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\63\25097d3f-70844568 Java/Exploit.CVE-2009-2843.B trojan
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-221b5422-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-221b5422-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-221b5422-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-720a4d1b-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-720a4d1b-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-681f7359-n\jmc.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-681f7359-n\msvcp71.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-681f7359-n\msvcr71.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1593ff9c-n\decora-d3d.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1593ff9c-n\decora-sse.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\jre1.6.0_12\lzma.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\jre1.6.0_13\lzma.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\jre1.6.0_15\lzma.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\jre1.6.0_16\lzma.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Sun\Java\jre1.6.0_17\lzma.dll a variant of Win32/Ramnit.H virus
    C:\Documents and Settings\Mary\Application Data\Uniblue\Registry Booster2\problems.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{83946D06-AA8A-4996-957F-0A2537D9EDFD}\2128\IMSTP.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{83946D06-AA8A-4996-957F-0A2537D9EDFD}\2129\IMSTP.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{83946D06-AA8A-4996-957F-0A2537D9EDFD}\2130\IMSTP.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\2\IMSWD.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\2\IMSWM.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\2\KeepMyStartHomepageDeffered[1].htm Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\2\KeepMyStartHomepageImmidiate[1].htm Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\3\IMSWD.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\3\IMSWM.html Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\3\KeepMyStartSearchDeffered[1].htm Win32/Ramnit.A virus
    C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{7D36D8F6-323A-415C-8D40-B11FEEB75FE0}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\3\KeepMyStartSearchImmidiate[1].htm Win32/Ramnit.A virus
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay- bad news. The system has been badly hit by the Ramnit malware infection. You do not need to do any more scans because we consider Ramnit incurable:


    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.
    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
    (Thanks to Boni for Ramnit tutorial)

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

    * Backup all your documents and important items only.
    * DON'T backup any executable files (,exe .scr .html or .htm)
    * DON'T back up compressed files (zip/cab/rar) that may contain .exe or .scr files

    You will find excellent reformat/reinstall instructions here:
    http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.