[SOLVED] Malware/Virus just won't go away

[gurbleeek]

My stepson has downloaded a virus onto my laptop.
I ran a full scan using malwarebytes, superantispyware, & avast and removed everything they found but my computer still isn't working properly.
The task manager has been remotely disabled and i can't seem to turn it back on, i cannot sytem restore, & everytime i open a new web page avast flags up as finding a virus 'HTML:Iframe.inf' as many as 5 times per page, so many per page that I have had to disable on avast on accessscanning. (When I ran avast it found over 1000 of these). Also I cannot install udates from microsoft anymore for some reason though I don't know if this problem is related or not.
I have followed your first step instructions and am including the DDS logs, however, on downloading and extracting the GMER rootkit it will not run it comes up with an error report.( I would attach this if i knew how to)
I really need help here as I don't know what I am doing when i get beyond the basics.
If you require more info please ask as I am not sure if I have given you enough of what you need.
Thanks in advance.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Shelley Pre School at 10:22:02.48 on 03/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.204 [GMT 0:00]

AV: avast! antivirus 4.8.1296 [VPS 090202-1] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\TPSBattM.exe
svchost.exe C:\WINDOWS\TEMP\VRT8.tmp
C:\Documents and Settings\Shelley Pre School\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm098YYGB&fl=0&ptb=T1S71ppGozzIe0eUCT_Emw&url=http://www.uk.ask.com/web&q={searchTerms}&l=omws&o=sb
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,c:\windows\system32\windres.exe,c:\windows\system32\regwiz.exe,c:\windows\system32\c++.exe,c:\windows\system32\gcc.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\hhupd.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {620395C9-5C2B-4474-89B6-D2A63CEA2EF8} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [services] c:\windows\services.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [services] c:\windows\services.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [autochk] rundll32.exe c:\docume~1\shelle~1\protect.dll,_IWMPEvents@16
dRun: [ntplglwo.exe] c:\windows\ntplglwo.exe
dRun: [services] c:\windows\services.exe
dRun: [piysntof.exe] c:\windows\piysntof.exe
uExplorerRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\documents and settings\shelley pre school\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\shelle~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-2-2 18944]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-1 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-1 155160]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2008-12-4 226640]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-13 1174152]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-1 352920]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-2-13 225792]
S1 ethwksbc;ethwksbc;c:\windows\system32\drivers\ethwksbc.sys [2009-2-2 138080]
S3 Belkin701F;Belkin Wireless G Notebook Card Service v7;c:\windows\system32\drivers\blkwgnv7.sys --> c:\windows\system32\drivers\BLKWGNv7.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]

=============== Created Last 30 ================

2009-02-03 09:54 3,584 a------- c:\windows\piysntof.exe
2009-02-03 09:50 64,512 a------- c:\windows\system32\hhupd.exe
2009-02-03 09:49 61,440 a------- c:\windows\system32\12.tmp
2009-02-03 07:16 0 a------- c:\windows\system32\7.tmp
2009-02-02 23:01 <DIR> --d----- c:\program files\Trend Micro
2009-02-02 22:54 64,512 a------- c:\windows\system32\i386kd.exe
2009-02-02 22:54 61,440 a------- c:\windows\system32\A.tmp
2009-02-02 22:28 <DIR> --d----- c:\program files\common files\PC Tools
2009-02-02 22:27 <DIR> --d----- c:\program files\PC Tools AntiVirus
2009-02-02 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-02 22:12 64,512 a------- c:\windows\system32\gcc.exe
2009-02-02 22:12 61,440 a------- c:\windows\system32\1D.tmp
2009-02-02 22:05 5 a------- c:\windows\_id.dat
2009-02-02 22:05 124 a------- c:\windows\adobe.bat
2009-02-02 22:05 37,376 a------- c:\windows\services.exe
2009-02-02 22:04 64,512 a------- c:\windows\system32\c++.exe
2009-02-02 22:04 61,440 a------- c:\windows\system32\18.tmp
2009-02-02 21:48 138,080 a------- c:\windows\system32\drivers\ethwksbc.sys
2009-02-02 21:48 3,584 a------- c:\windows\ntplglwo.exe
2009-02-02 21:45 61,440 a------- c:\windows\system32\11.tmp
2009-02-02 21:43 164,100 a------- c:\windows\system32\E.tmp
2009-02-02 21:42 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-02-02 21:42 64,512 a------- c:\windows\system32\windres.exe
2009-02-02 21:42 61,440 a------- c:\windows\system32\B.tmp
2009-02-02 19:59 22,016 a--sh--- c:\documents and settings\shelley pre school\protect.dll
2009-02-02 19:49 22,016 a--sh--- c:\windows\system32\autochk.dll
2009-02-01 19:08 61,440 a------- c:\windows\system32\chert13-303374.exe
2009-02-01 18:54 1 a------- c:\windows\system32\uniq.tll
2009-02-01 18:54 1 a------- c:\windows\system32\test.ttt
2009-02-01 18:54 43,520 a------- c:\windows\system32\303374.exe
2009-02-01 18:14 0 a------- c:\windows\system32\drivers\seneka.sys
2009-02-01 12:25 2,656 a------- c:\windows\system32\settings.aaw
2009-01-31 23:19 1,104 a------- c:\windows\system32\history.aaw
2009-01-31 17:44 <DIR> --d----- c:\program files\Microsoft Silverlight(2)
2009-01-30 11:07 <DIR> --d----- c:\windows\system32\Adobe
2009-01-24 16:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MGS
2009-01-24 15:52 <DIR> --d----- C:\MicroGaming
2009-01-21 20:05 <DIR> --d----- c:\program files\SmartDraw 2009
2009-01-20 13:15 <DIR> --d----- c:\program files\HYCAD
2009-01-18 13:46 <DIR> --d----- c:\program files\NT Registry Optimizer
2009-01-18 13:42 <DIR> --d----- c:\program files\PDF Password Cracker v3.0
2009-01-18 13:26 <DIR> --d----- c:\docume~1\shelle~1\applic~1\GlarySoft
2009-01-18 13:24 <DIR> --d----- c:\program files\Glary Registry Repair
2009-01-16 09:51 <DIR> --d----- c:\program files\Paint.NET
2009-01-15 17:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-15 17:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-15 17:42 <DIR> --d----- c:\docume~1\shelle~1\applic~1\SUPERAntiSpyware.com
2009-01-15 12:05 <DIR> --d----- c:\docume~1\shelle~1\applic~1\Malwarebytes
2009-01-15 12:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-15 12:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 12:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-15 12:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 11:31 <DIR> --d----- c:\docume~1\shelle~1\applic~1\Blitware
2009-01-15 11:28 <DIR> --d----- c:\program files\RALINK
2009-01-15 11:11 <DIR> --d----- c:\program files\RadarSync
2009-01-15 10:09 <DIR> --d----- c:\docume~1\shelle~1\applic~1\Any Video Converter
2009-01-15 10:09 <DIR> --d----- c:\program files\Any Video Converter
2009-01-15 10:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-01-15 09:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-01-15 09:31 <DIR> --d----- c:\docume~1\shelle~1\applic~1\AVS4YOU
2009-01-15 09:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-01-15 09:30 <DIR> --d----- c:\program files\common files\AVSMedia
2009-01-15 09:29 974,848 a------- c:\windows\system32\mfc70.dll
2009-01-15 09:29 487,424 a------- c:\windows\system32\msvcp70.dll
2009-01-15 09:29 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-01-15 09:29 344,064 a------- c:\windows\system32\msvcr70.dll
2009-01-15 09:29 24,576 a------- c:\windows\system32\msxml3a.dll
2009-01-15 09:29 <DIR> --d----- c:\program files\AVS4YOU
2009-01-15 09:21 <DIR> --d----- c:\program files\ffdshow
2009-01-13 11:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-12 17:08 <DIR> --d----- c:\docume~1\shelle~1\applic~1\Graboid Inc
2009-01-12 01:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Launcher
2009-01-12 01:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Graboid Inc
2009-01-12 01:40 <DIR> --d----- c:\docume~1\shelle~1\applic~1\MozillaControl
2009-01-12 01:38 <DIR> --d----- c:\program files\VideoLAN
2009-01-11 15:33 <DIR> --d----- c:\program files\Microsoft
2009-01-11 15:24 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-09 15:14 <DIR> --d----- c:\program files\RL-Software
2009-01-08 13:20 <DIR> --d----- c:\windows\AidMaker

==================== Find3M ====================

2009-02-02 21:46 64,512 ac------ c:\windows\system32\regwiz.exe
2009-02-01 19:41 2,864 ac------ c:\windows\system32\winsock.dll
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 00:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 00:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 02:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 02:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR
2008-11-06 16:37 544,768 a------- c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-06 16:35 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-06 16:35 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-06 16:33 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 a------- c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 ac------ c:\windows\system32\DivXWMPExtType.dll
2008-10-14 20:25 35,124,856 ac------ c:\program files\AdbeRdr90_en_US.exe
2007-11-09 23:18 379,392 ac------ c:\program files\Windows Resource Kits Setup.msi
2007-11-09 22:08 15,452,536 ac------ c:\program files\Windows Internet Exp7 Setup.exe
2007-11-04 15:38 19,755,376 ac------ c:\program files\Adaware setup.exe
2007-11-04 14:27 16,892,616 ac------ c:\program files\Avast Setup.exe
2007-11-01 22:54 912,224 ac------ c:\program files\Reg Cleaner Setup.exe
2006-12-05 10:59 0 ac--h--- c:\documents and settings\shelley pre school\hpothb07.dat

============= FINISH: 10:23:13.03 ===============

[Angelfire777]

Hi, welcome to TSF!

Please rename GMER to PMER then re-run it again. Please post the log.

[gurbleeek]

HI Angelfire777,
Thank you for your reply.
I have renamed GMER TO PMER and it still wont run. It asks me if I want to run the program and when I click run it comes up with an error report asking me if i want to debug, send report or don't send.

[Angelfire777]

I'm sorry but your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

Please backup all your important data, EXCEPT for executables (.exe), screensavers (.scr), and compressed files (zip/rar/cab).

These infections usually come from running cracks and keygens. So, if you have tried searching for such software lately, this is the cause.

Let me know if you need help reformatting.

[gurbleeek]

Hi Angelfire777,
Thanks for the info about the cause of the infection. My stepson assures me that he got the infection when he replied to a friend request from someone called micheal on windows live. I don't need keygens etc cos all software is legitimate.
I am ok with reformatting, having reckless kids using the computer has taught me to regularly back up data etc. I have all software on disc apart from security ( avast, malwarebytes & superantispyware ) and I can soon download those again.
Thank you again for your help.
Gurbleeek.

[Angelfire777]

You're welcome.

Read TonyKlein's How Did I Get Infected In The First Place?.

Please check out miekiemoes' "How to Prevent Malware"