Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Ramnit.AE has taken over my laptop :(


  • This topic is locked This topic is locked

#1
Dippy.B

Dippy.B

    New Member

  • Member
  • Pip
  • 3 posts
Hi, I was wondering if you could help me remove ramnit.AE virus from my dell vostro 1500 laptop... I was away on holiday last week and my 22yr old son had free reign on my system. He informed me upon my getting home that my laptop appeared to have a virus because Microsoft Security Essentials kept popping up in the corner with instructions to click to clean computer but it couldn't solve the problem as the infection number just kept increasing.
I am not sure how this virus was acquired as he says he only went on Sky Sports and Facebook.
I have tried Malwarebytes (which cannot detect it), Panda Cloud which does a full scan, but cancels at the end as it doesn't detect an internet connection (although I am connected at the time of scan). Windows Defender cannot check for new definitions/updates. Windows Malicious software predicts I have 1854 infected files but can only partially remove it, and it just seems to replicate as soon as I reboot.

I cannot load any Microsoft pages from the internet, or other anti virus pages.

And most of all I cannot boot into SAFE mode as the thing prevents me from doing so. Here is the OTL log:

OTL logfile created on: 11/10/2011 23:04:53 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\deafadmin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.52% Memory free
3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.87 Gb Total Space | 76.22 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive D: | 687.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DMOBILE-006 | User Name: deafadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 17:00:20 | 000,699,921 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deafadmin\Desktop\OTL.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/10/30 17:29:58 | 000,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/10/30 17:29:02 | 000,361,728 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/04/16 12:02:46 | 003,055,976 | ---- | M] () -- C:\Program Files\Keyboard Driver\PS2USBKbdDrv.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 00:17:46 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\BluetoothEventapi\iTunesMobileplugin.dll
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/16 12:02:46 | 003,055,976 | ---- | M] () -- C:\Program Files\Keyboard Driver\PS2USBKbdDrv.exe
MOD - [2007/02/14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll
MOD - [2007/02/14 12:55:12 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll
MOD - [2006/03/14 08:46:40 | 000,041,078 | ---- | M] () -- C:\Program Files\Keyboard Driver\keydll.dll
MOD - [2004/04/25 09:27:46 | 000,429,568 | ---- | M] () -- C:\Program Files\Keyboard Driver\Dllmkkbd.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/30 17:29:58 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2009/10/30 16:18:02 | 000,146,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2009/10/13 15:50:56 | 000,114,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2009/10/13 15:50:56 | 000,101,512 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2009/10/13 15:50:56 | 000,095,880 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 18:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/07 17:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.g...smb&ibd=1080424
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.g...smb&ibd=1080424


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080424
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=1080424
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080424
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=1080424
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/06/23 05:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deafadmin\Application Data\Mozilla\Extensions
[2011/03/02 06:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/14 21:03:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/12/14 21:03:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/12/17 18:16:14 | 000,184,757 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npkimi.dll
[2010/03/08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/02/02 00:33:12 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...ie=utf8&oe=utf8
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.0.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to call with Skype = C:\Documents and Settings\deafadmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2231839A-F38E-4066-BF3C-959006189942} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (304434 Class) - {7A2F3A2E-4B59-4932-B2C3-2E7F13B03207} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (384043 Class) - {E6823149-FB2D-492B-BBF3-7389334DDD97} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe File not found
O4 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005..\Run: [iTunesMobileplugin] C:\Documents and Settings\deafadmin\Local Settings\Application Data\BluetoothEventapi\iTunesMobileplugin.dll ()
O4 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005..\Run: [JxfHrwla] C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj\jxfhrwla.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1334133724-2762677326-734048796-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.micros...b?1139406804265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Imikimi_activex_plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABBC4CF9-F751-4882-9256-B45B46681103}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj\jxfhrwla.exe) -C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj\jxfhrwla.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deafadmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/03 11:56:41 | 000,000,030 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{79fffa22-7038-11dd-aca4-001d09cf54bf}\Shell\AutoRun\command - "" = E:\umenu.exe
O33 - MountPoints2\{9cf6eaf0-162d-11dd-abbc-001d09cf54bf}\Shell - "" = AutoRun
O33 - MountPoints2\{9cf6eaf0-162d-11dd-abbc-001d09cf54bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cf6eaf0-162d-11dd-abbc-001d09cf54bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 17:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/10/11 17:00:06 | 000,699,921 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deafadmin\Desktop\OTL.exe
[2011/10/11 03:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2011/10/11 00:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Application Data\QuickScan
[2011/10/11 00:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/10/11 00:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/10/10 21:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\My Documents\MY PICTURES
[2011/10/06 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\brnuhwcj
[2011/10/03 12:52:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\deafadmin\Recent
[2011/09/29 13:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\BluetoothEventapi
[2011/09/20 15:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Application Data\Unity
[2011/09/20 15:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\Unity
[2011/09/14 03:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deafadmin\My Documents\VIRUS INFO
[2011/09/14 01:58:15 | 000,000,000 | ---D | C] -- C:\394176c79af041a89388
[2011/09/14 01:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/14 01:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/13 01:22:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/09/13 01:22:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\deafadmin\Start Menu\Programs\Administrative Tools
[2011/09/13 00:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/12 21:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/09/12 13:40:05 | 000,000,000 | ---D | C] -- C:\temp
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 23:06:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/11 23:03:48 | 000,041,638 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/10/11 23:03:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 23:03:19 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 23:03:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/11 23:03:03 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 22:33:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1334133724-2762677326-734048796-1005UA.job
[2011/10/11 22:28:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 20:33:03 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1334133724-2762677326-734048796-1005Core.job
[2011/10/11 17:01:02 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\deafadmin\My Documents\Shortcut to OTL.lnk
[2011/10/11 17:00:20 | 000,699,921 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deafadmin\Desktop\OTL.exe
[2011/10/11 16:53:15 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 03:52:28 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/10/11 03:50:41 | 000,095,329 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1318301298.bdinstall.bin
[2011/10/11 01:40:46 | 000,454,960 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2011/10/11 01:24:18 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/11 01:06:07 | 000,015,155 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/11 01:03:06 | 000,156,434 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1318291022.bdinstall.bin
[2011/10/11 01:01:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/10 20:53:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/10 16:45:44 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011/10/09 20:36:58 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\deafadmin\Desktop\Shortcut to MICROSOFT SECURITY SCANNER.lnk
[2011/10/07 09:42:22 | 000,041,638 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/09/28 10:23:18 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/28 10:23:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/14 18:47:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/14 03:36:08 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\deafadmin\Desktop\MSE.lnk
[2011/09/13 22:42:55 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\deafadmin\My Documents\SECURITY_WINDOWS DEFENDER.msi
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/11 17:05:33 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/11 17:02:21 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/10/11 17:01:02 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\deafadmin\My Documents\Shortcut to OTL.lnk
[2011/10/11 03:52:28 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/10/11 03:50:41 | 000,095,329 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1318301298.bdinstall.bin
[2011/10/11 01:24:11 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/11 01:06:07 | 000,015,155 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/11 01:03:05 | 000,156,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1318291022.bdinstall.bin
[2011/10/11 01:01:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/10 16:45:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/10/09 20:36:58 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\deafadmin\Desktop\Shortcut to MICROSOFT SECURITY SCANNER.lnk
[2011/09/28 10:23:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/09/28 10:23:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/09/14 23:09:59 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials (2).lnk
[2011/09/14 03:36:08 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\deafadmin\Desktop\MSE.lnk
[2011/09/13 22:42:47 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\deafadmin\My Documents\SECURITY_WINDOWS DEFENDER.msi
[2011/09/12 17:46:58 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/11 21:00:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/22 16:14:22 | 000,695,642 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/08/22 16:14:22 | 000,003,558 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/06/29 20:24:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/25 15:53:06 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2011/01/13 15:59:33 | 000,855,641 | ---- | C] () -- C:\Documents and Settings\deafadmin\Application Data\PandaIDProtectHelp.chm
[2010/12/24 14:01:52 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\deafadmin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/08 18:04:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/18 12:25:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/06/18 12:23:41 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2008/05/06 09:23:55 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/30 09:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/29 20:01:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/24 06:22:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/24 06:14:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/24 06:10:05 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/04/24 06:08:52 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/04/24 05:46:24 | 000,041,638 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/04/24 05:39:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/24 05:39:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/04/24 05:38:43 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/24 05:38:43 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/04/24 05:38:43 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/24 05:38:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/24 05:38:42 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/24 05:38:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/04/24 05:38:40 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/04/24 05:38:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/04/24 05:36:52 | 000,001,201 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,879 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,486,496 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,081,674 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2010/03/03 15:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/09/11 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dD01610AiOoL01610
[2008/04/29 20:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/06/26 03:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2011/01/13 00:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2008/04/29 19:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/12 02:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D76DB64A-6787-493A-8CB7-B5039C330204}
[2008/04/29 20:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\ESET
[2011/01/18 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\ICAClient
[2011/05/07 17:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\LG Electronics
[2011/04/29 02:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\Opera
[2011/01/13 03:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\Panda Security
[2011/10/11 00:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\QuickScan
[2011/01/13 00:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\SurfSecret Privacy Suite
[2011/03/16 18:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\tmp
[2011/09/20 15:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deafadmin\Application Data\Unity
[2011/02/08 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\pandasecuritytb
[2011/02/08 23:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SurfSecret Privacy Suite
[2011/10/11 23:06:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Dippy.B

Dippy.B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Update: I just tried to download SUPERAntiSpyware portable scanner as it sounded as though it might be clever enough to get round the virus, but alas, it detected it and would not allow IE to display the page. . . The same happened when I tried to download your Recovery Disks :)
  • 0

#3
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
Hi Dippy.B,

I'll try and help you with this infection.

Ramnit is a file infector and is difficult to remove completely. I have to warn you that the odds are not good, file infecters are very difficult to clear. If too many system files are damaged, we may have an unbootable machine.

Very Important, please read before going any further

Ramnit often includes a backdoor trojan which could allow hackers to remotely control your computer and steal critical system information including passwords.
I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. Alos change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
More Information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

This infection can possibly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, otherwise I'll continue with instructions for cleaning.

 

» Step 1 «
On a clean machine, download Malwarebytes' Anti-Malware from Here or Here and save to a flash /usb disk

» Step 2 «
Again, on a clean machine download Combofix from either of the links below, and save it to your USB disk.

Link 1
Link 2

» Step 3 «
On a clean machine, download Avira Rescue CD from here. Follow the intructions here, to burn a bootable CD.

» Step 4 «
Insert Avira, and boot and run in the infected machine again follow the instructions from here . I suggest you print out the instructions from the Avira forum.

Once that's done, reboot your system normally, if you can (let me know if you can't before doing anything else)

» Step 5 «
Insert your flash disk into the infected machine and double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 6 «
Copy the ComboFix we downloaded in step 2 to your desktop.

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.

Please post the C:\ComboFix.txt with the MBAM log, for further review.
  • 0

#4
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP