Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
41 - 60 of 115 Posts
Discussion starter · #41 ·
SystemLook 30.07.11 by jpshortstuff
Log created at 17:39 on 22/04/2012 by Derek
Administrator - Elevation successful
========== dir ==========
c:\documents and settings\LocalService\Local Settings\Application Data - Parameters: "/sub"
---Files---
avqfnftv.log --a---- 551408 bytes [21:23 13/04/2012] [21:24 13/04/2012]
bnxbxwgj.log --a---- 0 bytes [18:21 06/04/2012] [18:21 06/04/2012]
bvgulmwm.log --a---- 239 bytes [21:24 13/04/2012] [22:16 16/04/2012]
eoemwbgq.log --a---- 4048 bytes [21:30 13/04/2012] [21:30 13/04/2012]
FontCache3.0.0.0.dat --a---- 296384 bytes [19:47 08/01/2012] [23:49 09/03/2012]
lxkvoxxm.log --a---- 2633 bytes [21:30 13/04/2012] [21:30 13/04/2012]
nqbpxwcp.log --a---- 120364 bytes [21:30 13/04/2012] [21:30 13/04/2012]
rftfdgcn.log --a---- 3265 bytes [21:24 13/04/2012] [21:24 13/04/2012]
tpyfnrir.log --a---- 0 bytes [18:21 06/04/2012] [21:42 13/04/2012]
uimqgfvs.log --a---- 0 bytes [23:40 12/03/2012] [23:40 12/03/2012]
WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat --a---- 256768 bytes [22:30 23/02/2012] [22:30 23/02/2012]
WPFFontCache_v0400-System.dat --a---- 123526 bytes [22:30 23/02/2012] [22:30 23/02/2012]
wwvngfkl.log --a---- 0 bytes [23:04 17/03/2012] [21:43 13/04/2012]
yfjruipv.log --a---- 24 bytes [13:32 11/03/2012] [22:23 16/04/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft d------ [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19 d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Portable Devices d------ [10:27 15/05/2011]
wpdlog00.sqm --a---- 320 bytes [10:27 15/05/2011] [10:27 15/05/2011]
wpdlog01.sqm --a---- 290 bytes [21:19 23/02/2012] [21:19 23/02/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows d------ [18:39 03/05/2011]
UsrClass.dat --a---- 8192 bytes [18:39 03/05/2011] [21:12 23/02/2012]
UsrClass.dat.LOG --ah--- 1024 bytes [18:39 03/05/2011] [16:25 22/04/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj d------ [21:23 13/04/2012]
C:\Documents and Settings\Derek\Bmnw4HwPl - Unable to find folder.
C:\Documents and Settings\Derek\Desktop\UjPrn7vu - Unable to find folder.
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe - Unable to find folder.
C:\Documents and Settings\All Users\Application Data\462siw7cfe - Unable to find folder.
C:\4dccc7ee1d20cbdce7877a489daa - Parameters: "/sub"
---Files---
$shtdwn$.req --ah--- 788 bytes [23:10 28/09/2011] [23:10 28/09/2011]
mrt.exe._p --a---- 854561 bytes [09:47 16/09/2011] [09:47 16/09/2011]
mrtstub.exe --a---- 83912 bytes [09:38 16/09/2011] [09:38 16/09/2011]
No folders found.
C:\ae4857cf8a2db1e047a0b67fde094f - Parameters: "/sub"
---Files---
None found.
C:\ae4857cf8a2db1e047a0b67fde094f\amd64 d------ [19:56 03/05/2011]
filterpipelineprintproc.dll ------- 147456 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.cat ------- 10929 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.inf ------- 2204 bytes [19:56 03/05/2011] [05:33 19/06/2008]
msxpsinc.gpd ------- 73 bytes [10:03 19/06/2008] [10:03 19/06/2008]
msxpsinc.ppd ------- 72 bytes [19:56 03/05/2011] [05:33 19/06/2008]
mxdwdrv.dll ------- 748032 bytes [19:56 03/05/2011] [12:06 06/07/2008]
xpssvcs.dll ------- 2936832 bytes [16:36 06/07/2008] [16:36 06/07/2008]
C:\ae4857cf8a2db1e047a0b67fde094f\i386 d------ [19:56 03/05/2011]
filterpipelineprintproc.dll ------- 189952 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.cat ------- 10929 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.inf ------- 2204 bytes [19:56 03/05/2011] [05:33 19/06/2008]
msxpsinc.gpd ------- 73 bytes [19:56 03/05/2011] [10:03 19/06/2008]
msxpsinc.ppd ------- 72 bytes [19:56 03/05/2011] [05:33 19/06/2008]
mxdwdrv.dll ------- 866304 bytes [19:56 03/05/2011] [12:06 06/07/2008]
xpssvcs.dll ------- 1777152 bytes [19:56 03/05/2011] [12:06 06/07/2008]
========== file ==========
c:\windows\system32\drivers\MyBusinessWorks.sys - File found and opened.
MD5: B8E08BFCAB2BE31804CEA983D2094FAF
Created at 14:00 on 14/05/2011
Modified at 06:17 on 29/03/2011
Size: 54776 bytes
Attributes: --a----
FileDescription: Mozy Change Monitor Filter Driver
FileVersion: 2,4,0,0
ProductVersion: 2,4,0,0
OriginalFilename: mozy.sys
InternalName: mozy.sys
ProductName: Mozy
CompanyName: Mozy, Inc.
LegalCopyright: Copyright © 2005-2010 - Mozy, Inc.
c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe - File found and opened.
MD5: DD6550A84EA03C97DE5F0FB62D5EA80F
Created at 06:17 on 29/03/2011
Modified at 06:17 on 29/03/2011
Size: 3571520 bytes
Attributes: --a----
FileDescription: MozyPro Remote Backup Status Application
FileVersion: 2.4.3.0
ProductVersion: 2.4.0.0
InternalName: stat.exe
ProductName: MozyPro Remote Backup
CompanyName: MyBusinessWorks
LegalCopyright: Copyright © 2005-2008 - %1%ntest
C:\Documents and Settings\Derek\Bmnw4HwPl - File found and opened.
MD5: F0E3970EA616B1217D7663AB4878EAB7
Created at 21:29 on 13/04/2012
Modified at 21:29 on 13/04/2012
Size: 98224 bytes
Attributes: --ah---
No version information available.
C:\Documents and Settings\Derek\Desktop\UjPrn7vu - File found and opened.
MD5: F0E3970EA616B1217D7663AB4878EAB7
Created at 21:00 on 13/04/2012
Modified at 21:00 on 13/04/2012
Size: 98224 bytes
Attributes: --ah---
No version information available.
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe - File found and opened.
MD5: F3E6467D8BB9138F88DDCA8DCFE9BC49
Created at 11:06 on 21/05/2011
Modified at 12:23 on 21/05/2011
Size: 11878 bytes
Attributes: --ahs--
No version information available.
C:\Documents and Settings\All Users\Application Data\462siw7cfe - File found and opened.
MD5: F3E6467D8BB9138F88DDCA8DCFE9BC49
Created at 11:06 on 21/05/2011
Modified at 12:23 on 21/05/2011
Size: 11878 bytes
Attributes: --ahs--
No version information available.
========== filefind ==========
Searching for "*462siw7cfe*"
C:\Documents and Settings\All Users\Application Data\462siw7cfe --ahs-- 11878 bytes [11:06 21/05/2011] [12:23 21/05/2011] F3E6467D8BB9138F88DDCA8DCFE9BC49
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe --ahs-- 11878 bytes [11:06 21/05/2011] [12:23 21/05/2011] F3E6467D8BB9138F88DDCA8DCFE9BC49
C:\Documents and Settings\Derek\Templates\462siw7cfe --ahs-- 11878 bytes [11:06 21/05/2011] [12:23 21/05/2011] F3E6467D8BB9138F88DDCA8DCFE9BC49
Searching for "*UjPrn7vu*"
C:\Documents and Settings\Derek\Desktop\UjPrn7vu --ah--- 98224 bytes [21:00 13/04/2012] [21:00 13/04/2012] F0E3970EA616B1217D7663AB4878EAB7
Searching for "*Bmnw4HwPl*"
C:\Documents and Settings\Derek\Bmnw4HwPl --ah--- 98224 bytes [21:29 13/04/2012] [21:29 13/04/2012] F0E3970EA616B1217D7663AB4878EAB7
Searching for "*Micorsoft*"
C:\Qoobox\Quarantine\Registry_backups\Legacy_MICORSOFT_WINDOWS_SERVICE.reg.dat --a---- 1304 bytes [21:17 13/04/2012] [21:17 13/04/2012] 8E771BAB94713F4A4AA3DF67BD558386
C:\Qoobox\Quarantine\Registry_backups\Service_Micorsoft Windows Service.reg.dat --a---- 2888 bytes [21:17 13/04/2012] [21:17 13/04/2012] 8AA8196C8058931E1BEE253595CA9736
========== folderfind ==========
Searching for "*462siw7cfe*"
No folders found.
Searching for "*UjPrn7vu*"
No folders found.
Searching for "*Bmnw4HwPl*"
No folders found.
Searching for "*Micorsoft*"
No folders found.
========== regfind ==========
Searching for "Micorsoft"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"Service"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"DeviceDesc"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"Service"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"DeviceDesc"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control]
"ActiveService"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Micorsoft Windows Service\Enum]
"0"="Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"Service"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"DeviceDesc"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control]
"ActiveService"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum]
"0"="Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000"
-= EOF =-
 
Discussion starter · #42 ·
Eddie, the first two is relatively straight forward, however the RKUnhooker does not give me the option to 'run as administrator'. I'm guessing its because I'm already the administrator. The parasite warning would return the moment I click 'ok', and keeps returning, but by the 4th time the main window opened. The rest of the actions were as instructed.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB824D000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0x9EFFF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4894720 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0xB8032000 C:\WINDOWS\system32\DRIVERS\athw.sys 1589248 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)
0x9A101000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xB9E23000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D0A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9A1DB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7F20000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9A308000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x99BB9000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF48D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x994C6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB7FF9000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 233472 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB81B6000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 225280 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB7F7E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F53000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9A084000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CDD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x99010000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9A24B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB81ED000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9A2E0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F81000 d347bus.sys 155648 bytes ( , PnP BIOS Extension)
0xB9EFD000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9A2BA000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9EFDB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8215000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB7FD6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9A298000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9A276000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DD3000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F23000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9A3A7000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xB9CC3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E0B000 98304 bytes
0xB9DF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DAA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7FBF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9A01F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8239000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9A361000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0x9A394000 C:\WINDOWS\system32\DRIVERS\MyBusinessWorks.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xB9D97000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DC1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F42000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7FAE000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x9AE97000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB4724000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA128000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA268000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB4734000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA188000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA318000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9B431000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA148000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB87EC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA168000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9911B000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9B461000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA308000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9B441000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9B451000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9A7AE000 C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys 32768 bytes
0x9B39E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB3499000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB34E9000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA440000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA430000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0x9B396000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA420000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9B3AE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9B3A6000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA450000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA458000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB3489000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB95EB000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA5A4000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9A508000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9BE84000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9BE80000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB95E3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9BE74000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9B894000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA640000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 d347prt.sys 8192 bytes ( , SCSI miniport)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA63E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5F0000 C:\WINDOWS\system32\DRIVERS\FwLnk.sys 8192 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA642000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA644000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5F2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA72E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA689000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0x9AA40000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x89A9D1A8 unknown_irp_handler 3672 bytes
0x897FE1C0 unknown_irp_handler 3648 bytes
0x8996B1F8 unknown_irp_handler 3592 bytes
0x89B501F8 unknown_irp_handler 3592 bytes
0x8A5F8288 unknown_irp_handler 3448 bytes
0x899D02B0 unknown_irp_handler 3408 bytes
0x89A55978 unknown_irp_handler 1672 bytes
0x89A01B18 unknown_irp_handler 1256 bytes
0x897E8C10 unknown_irp_handler 1008 bytes
0x89A63CF0 unknown_irp_handler 784 bytes
==============================================
>Stealth
==============================================


 
Okay, the OTL log is incorrect, as that is a scan, not a remove. However, we'll leave that for now, and try and shift the actual files.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\LocalService\Local Settings\Application Data\avqfnftv.log
c:\documents and settings\LocalService\Local Settings\Application Data\bnxbxwgj.log
c:\documents and settings\LocalService\Local Settings\Application Data\bvgulmwm.log
c:\documents and settings\LocalService\Local Settings\Application Data\eoemwbgq.log
c:\documents and settings\LocalService\Local Settings\Application Data\lxkvoxxm.log
c:\documents and settings\LocalService\Local Settings\Application Data\nqbpxwcp.log
c:\documents and settings\LocalService\Local Settings\Application Data\rftfdgcn.log
c:\documents and settings\LocalService\Local Settings\Application Data\tpyfnrir.log
c:\documents and settings\LocalService\Local Settings\Application Data\uimqgfvs.log
c:\documents and settings\LocalService\Local Settings\Application Data\wwvngfkl.log
c:\documents and settings\LocalService\Local Settings\Application Data\yfjruipv.log
C:\Documents and Settings\Derek\Bmnw4HwPl
C:\Documents and Settings\Derek\Desktop\UjPrn7vu
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe
C:\Documents and Settings\All Users\Application Data\462siw7cfe
C:\Documents and Settings\Derek\Templates\462siw7cfe
C:\Documents and Settings\Derek\Local Settings\Temp\fshhtddm.sys
Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-----------------------------

Then, can you run a scan here:

Please go to here to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan

------------------

eddie
 
Discussion starter · #44 ·
ComboFix 12-04-24.02 - Derek 24/04/2012 20:15:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1569 [GMT 1:00]
Running from: c:\documents and settings\Derek\Desktop\username123.exe
Command switches used :: c:\documents and settings\Derek\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Application Data\462siw7cfe"
"c:\documents and settings\Derek\Bmnw4HwPl"
"c:\documents and settings\Derek\Desktop\UjPrn7vu"
"c:\documents and settings\Derek\Local Settings\Application Data\462siw7cfe"
"c:\documents and settings\Derek\Local Settings\Temp\fshhtddm.sys"
"c:\documents and settings\Derek\Templates\462siw7cfe"
"c:\documents and settings\LocalService\Local Settings\Application Data\avqfnftv.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\bnxbxwgj.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\bvgulmwm.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\eoemwbgq.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\lxkvoxxm.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\nqbpxwcp.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\rftfdgcn.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\tpyfnrir.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\uimqgfvs.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\wwvngfkl.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\yfjruipv.log"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\462siw7cfe
c:\documents and settings\Derek\Desktop\UjPrn7vu
c:\documents and settings\Derek\Local Settings\Application Data\462siw7cfe
c:\documents and settings\Derek\Local Settings\Application Data\avqfnftv.log
c:\documents and settings\Derek\Local Settings\Application Data\bvgulmwm.log
c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
c:\documents and settings\Derek\Local Settings\Application Data\yfjruipv.log
c:\documents and settings\Derek\Templates\462siw7cfe
c:\documents and settings\LocalService\Local Settings\Application Data\bnxbxwgj.log
c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj
c:\documents and settings\LocalService\Local Settings\Application Data\tpyfnrir.log
c:\documents and settings\LocalService\Local Settings\Application Data\uimqgfvs.log
c:\documents and settings\LocalService\Local Settings\Application Data\wwvngfkl.log
c:\documents and settings\LocalService\Local Settings\Application Data\yfjruipv.log
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-19 18:50 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-19 18:50 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-06 18:44 . 2012-04-06 18:44 -------- d-----w- c:\documents and settings\Derek\Application Data\SUPERAntiSpyware.com
2012-04-06 18:43 . 2012-04-08 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-06 18:43 . 2012-04-06 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-06 18:40 . 2012-04-08 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-06 18:40 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 21:21 . 2012-04-19 19:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 19:44 . 2012-01-24 16:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 11:39 . 2012-03-18 11:39 388096 ----a-r- c:\documents and settings\Derek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-01 11:01 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 05:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 05:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 05:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2008-04-14 01:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-24_19.07.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-24 19:20 . 2012-04-24 19:20 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks]
@="{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}"
[HKEY_CLASSES_ROOT\CLSID\{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks2]
@="{5d606e62-8440-1151-0d25-e99829da7470}"
[HKEY_CLASSES_ROOT\CLSID\{5d606e62-8440-1151-0d25-e99829da7470}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks3]
@="{e19471c0-bfb1-d9a0-9377-161e1a848d0e}"
[HKEY_CLASSES_ROOT\CLSID\{e19471c0-bfb1-d9a0-9377-161e1a848d0e}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XejAtgha"="c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-03-04 360448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyPro Status.lnk - c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe [2011-3-29 3571520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 184320 ----a-w- c:\program files\Daemon Virtual Drive\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 11:34 162328 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27 147456 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 11:34 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 11:34 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 524288 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 15:47 16859648 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [07/05/2011 13:38 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [07/05/2011 13:38 5248]
R1 MyBusinessWorksFilter;MyBusinessWorksFilter;c:\windows\system32\drivers\MyBusinessWorks.sys [14/05/2011 15:00 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
R2 MyBusinessWorksbackup;MozyPro Backup Service;c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe [29/03/2011 07:17 46912]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [03/05/2011 22:42 5888]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\Derek\LOCALS~1\Temp\fshhtddm.sys --> c:\docume~1\Derek\LOCALS~1\Temp\fshhtddm.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 22:21 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 06:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:44]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-24 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Derek\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1744)
c:\windows\system32\WININET.dll
c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
c:\program files\MozyPro (Corporate Edition)\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\vssvc.exe
.
**************************************************************************
.
Completion time: 2012-04-24 20:24:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 19:24
ComboFix2.txt 2012-04-13 21:27
.
Pre-Run: 29,407,125,504 bytes free
Post-Run: 29,387,689,984 bytes free
.
- - End Of File - - A0C02C3587B407EA598AE47AB08BFD3A
 
Discussion starter · #45 ·
Eddie, I have not selected "uninstall application on close" or "delete quarantined files". Looking at this ESET scan, should I be worried? 1576 threats found, all from this ramnit virus.

********************************

C:\ae4857cf8a2db1e047a0b67fde094f\i386\filterpipelineprintproc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\ae4857cf8a2db1e047a0b67fde094f\i386\mxdwdrv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\ae4857cf8a2db1e047a0b67fde094f\i386\xpssvcs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\EvidenceCollectors\EvidenceCollector.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\EvidenceCollectors\GeneralEvidenceCollector.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\EvidenceCollectors\ProductEventEvidenceCollector.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\mplayerc.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\DELDIR0.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\QTInstallerHelper.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\SrcWMA.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\binkw32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\CreatureUpload.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\drvmgt.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\e.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\IFC22.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\lhlogr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\QMixer.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\wearasr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_Code.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_eReg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_EZ.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_uninst.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\go_ez.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\Plug Ins\LanguageR.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\Plug Ins\ScriptLibraryR.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\VIRUS\UjPrn7vu a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Esl\AiodLite.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Acrofx32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRdIF.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeLinguistic.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXE16SharedExpat.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXE8SharedExpat.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXEParser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXSLE.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\edb1drv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\edb500x.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\epic_eula.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\esdupdate.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\eularesen_US.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\JP2KLib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\libaglcnv28.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\rt3d.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\vdk150.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\SVGCore.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\OnlineServices.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Atheros\athdiag.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\Aac.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\aacenc32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\Aiff.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\DefConvertor.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\lame_enc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PP.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PRO.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PRO_dmo.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PRO_hlp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\ogg.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\wav.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\aacplus.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\ndvddisc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\NeAMR.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\NeNDGui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\neroapl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\BCGCBPRO730u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\CaptureAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\em2v.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\GCCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\GCHW.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\Lib\MediaLibraryNSE.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\MPVInterface.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\MultiChannel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeAcEnc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeEm2a.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroCBUI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroFileDialog.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroMediaCon.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroSearch.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeVcr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMDvdContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMFileContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMPlaybackComponent.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSearch.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginFileSystem.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginMediaLibrary.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSlideShow.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSSContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSSEffects.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSVCDContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMThumbnailIconsGen.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMTvWizard.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMVDS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\ShellManager.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Nero Web\nps.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\MSMCERCPlugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroAti.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRcPluginAti.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRcPluginHauppauge.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRemoteCtrlHandler.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRemoteCtrlInterfaces.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Designer\MSADDNDR.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Hewlett-Packard\Scanjet\hpgscnsv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Hewlett-Packard\Scanjet\bin\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Hewlett-Packard\Scanjet\bin\Lager\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqcc3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqcutil.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqfmt02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqiml01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\HPQIML02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqpsb01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqpsb02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqthbg2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\HPQXMPP.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\IScript\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Artgalry\QRYCTRL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DATAINST.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DIINTL.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DMINTL.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DMTMDL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DMTMINTL.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\MSMAP.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Equation\EQNEDT32.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Euro\MSOEURO.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\OrgChart\ORGCHART.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\CHALKCHA.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\EMBOSS.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\GRAPHICP.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\NOTEPAPE.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\STAINEDG.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\STAMP.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\TEXTURIZ.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\WATERCOL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Proof\MSLID.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Proof\MSTHES3.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Reference Titles\MSREFTL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBACV10.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBACV10D.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBACV20.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\MSMDCUBE.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\MSMDGDRV.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\MSOLAP.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\System\Ole DB\MSOLAPSL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\sqloledb.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Daemon Virtual Drive\daemon.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Daemon Virtual Drive\pfctoc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\earthflashsol.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\ge_expat.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Google\Google Earth\client\googleearth.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\googleearth_free.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\gpsbabel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\geplugin.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\ge_expat.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\ie\6.1.0.5001\ge_expat.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Google\Update\1.3.21.111\8JqHb17E6 a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Program Files\HP\Digital Imaging\bin\DestTest.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpianlyz.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpiscncc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpiscnex.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfbmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfcmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplffax14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplffpx14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplffpx7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfgif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfjbg14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfkodak.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfpcx14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfpng14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplftif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltdis14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltfil14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltkrn14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltwvc14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpodeb08.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpodev08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpomem07.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposva08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposvc08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposvi08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqacdse.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqaol08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqbts01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqbwapi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqclpbd.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqcsaha.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdash.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdlg08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdstcp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqeaio.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqEmlsz.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HPQES002.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqfxdoc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtmain.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqkiosk.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqmfc10.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqmsg10.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqpmet.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqpprop.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqprjdoc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HPQPrntW.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqptc08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqqpapp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqqpawp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqsoa08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HpqSplFix08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqss001.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqstd08.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtbc01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtbp02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtbx01.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqthbg1.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtscmn.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtscmnctrl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtsshctui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqudc08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpquig01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqxml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqxmlul.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpzjsn01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\otlk00.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\ppt8dll.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\svtf.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\vc8_xerces-c_2_7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\word8dll.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\xmlparse.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\crm\hpqcrmcm.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\AIODevice.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpianlyz.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscncc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnex.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfbmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfcmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplffax14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfgif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfjbg14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfpng14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplftif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpltdis14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpltfil14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpltkrn14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqprint.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqprntUI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqss001.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqteml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqtscmn.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqtscmnctrl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqtsshctui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DigitalImaging\hpDocCvt.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\DocProc.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\format5.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\ir_fe.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJENG32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJOCRI32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJPP32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJSEG32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\regstr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\xerces-c_2_3_0.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_env.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_letter.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_original.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_small.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_paperjam.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\LGT plugins\Plugin_HP.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\LGT plugins\Plugin_Standard.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\c4dll.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbeh.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbxml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqanipl.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqchmsr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqhlp01.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqlvsr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqsrlp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqsrres.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzswp01.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\libtiff3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\PDFCreatorPilot3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\doccd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\util\ccc\hpqrrx08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpcommunication.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpediag.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpscripting.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\installmetrics.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\internetutil.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\msxml3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\rulesengine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\ExtExport.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\jsdbgui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\jsdebuggeride.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\JSProfilerCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\jsprofilerui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\sqmapi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\psvince.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ffmpeg.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_kernelDeint.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_liba52.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libdts.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_samplerate.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_wmv9.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\FLT_ffdshow.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\libmpeg2_ff.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\TomsMoComp_ff.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\GenDMOProp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\libFLAC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\MpegVideo.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\OptimFROG.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\avi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\avs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\avss.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\dxr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mp4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ogm.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ts.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\ltmoh\mohapi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\CSS.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\HLP95EN.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\MDHELPER.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\MSO97FX.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\MSQRY32.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\REFEDIT.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\SELFREG.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\SETLANG.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\XLQPW.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\1033\SCHDMAPI.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\Library\Msquery\XLODBC32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\Library\Solver\SOLVER32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\MSE\1033\CSOF.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\MSE\1033\HHSETUP.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MozyPro (Corporate Edition)\msvcm90.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obelog.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\iasvcstb.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\msdbxi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\msninst.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\msnsign.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\AudioPluginMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\BCGCBPRO730.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\CDCopy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\cdr50s.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\CDROM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\DVDREALLOC.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\em2v.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GENCUSH.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\Generatr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GenFAT.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\geniso.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GenPCHy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GenUDF.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\image.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\ImageGen.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\ISOFS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\MMC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeEm2a.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeHDBlkAccess.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\nero.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroCmd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\neroDB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroErr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroMediaCon.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroNET.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\neroscsi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeVCDEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\newtrf.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\TMPVImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\UDFImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\VCDMenu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\VMpegEnc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\VMPEGEncNDX.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\LBFC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBFtp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBHDMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBSFtp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBVS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBVSS_03.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBVSS_xp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDCopy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\cdr50s.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\FATImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\geniso.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\image.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\isofs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\MMC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroErr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\neroscsi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\newtrf.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\NeroBurnPlugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\WMPBurn.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NeroMediaBrowserCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NeroMediaBrowserCorePlugins.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NMUIEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NMUIGDIPlus.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\idriveinst.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\imagedrv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NMSIndexService.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NMSMediaServer.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NMSTranscoder.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\BasicFilters.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\FImgPlg.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\FreeImage.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\InstanceMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\NSPluginMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoEffects.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoEffectsLib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\XImgPlg.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\HDDImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\ndvddisc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\NeroFSStandalone.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\TMPVImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\UDFImporter.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\DriveSpeed.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\NMSUPnPIndexService.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\InfoTool.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRightsHelp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCDocBase.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCDOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCLib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCUIBase.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDBlockAcc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDDoc.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDUI.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\em2v.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\ExpressDoc.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\ExpressUI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCFX.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCHWCfg.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCLib.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GDIPainter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\HDCC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\HTMLGallery.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\MMTools.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeAcEnc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeAnalyzer.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeEm2a.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeMediaOut.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeroMediaCon.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVisionAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeVcr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFXW.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NVDV.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NVECommonFX.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\VCDDoc.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\VCDEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\VCDUI.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\AudioEffectLibrary.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\Controls.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\DXBridge.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\DXEnum.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\VSTBridge.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\waveedit.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\waveedit.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\ANISPRI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\libeay32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\PurePlay\Poker\libpng.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\PurePlayPoker.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\ssleay32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\PurePlay\Poker\TNObjMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\TNSock.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\TNUtil.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\TNXml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\PictureViewer.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTTask.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin5.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin6.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\ExportControllerPS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QTCF.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QTJNative.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QTMLClient.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\Alcmtr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RTCOMDLL.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RtkUpd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RtlCPAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\SoundMan.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\msvcr71.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\SynMood.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\SynToshiba.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\SynTPCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\SynTPRes.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\SynZMetr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Tutorial.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\InstNT.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynCtrl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynISDLL.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynMood.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynToshiba.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCo4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCpl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPRes.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynZMetr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\Tutorial.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Toshiba\Bluetooth Monitor\BtMon.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll a variant of Win32/Ramnit.T virus deleted (after the next restart) - quarantined
C:\Program Files\Windows Desktop Search\dbsetup.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\mapine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\MSNLDl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\MSNLDlPs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\msnlRed.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\WdsMktTools.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\wdsView.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\WindowsSearch.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\wordwheel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\xppreviewproxy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmdbexport.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmlaunch.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpenc.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpnscfg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpnssci.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpshare.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmsetsdk.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Derek\Bmnw4HwPl.vir a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Derek\NxJFkglv.vir a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Derek\Desktop\UjPrn7vu.vir a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147582.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147671.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147672.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147676.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147677.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147682.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147683.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147688.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP131\A0147993.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP131\A0147994.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP131\A0147995.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP132\A0148066.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP132\A0148161.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148390.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148391.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148392.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148393.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148394.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148395.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148396.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148397.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148398.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148399.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148400.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148401.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148402.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148403.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148404.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148405.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148406.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148407.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148408.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148409.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148410.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148411.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148412.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148413.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148414.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148415.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148416.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148417.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148418.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148419.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148420.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148421.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148422.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148423.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148424.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148425.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148426.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148427.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148428.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148429.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148430.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148431.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148438.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148439.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148440.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148441.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148442.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148443.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148444.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148445.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148446.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148447.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148448.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148449.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148450.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148451.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148452.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148453.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148454.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148455.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148456.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148457.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148458.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148459.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148460.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148461.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148462.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148463.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148464.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148465.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148466.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148467.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148468.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148469.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148470.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148471.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148472.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148473.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148474.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148475.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148476.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148477.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148478.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148479.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148480.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148481.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148482.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148483.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148484.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148485.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148486.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148487.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148488.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148489.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148490.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148491.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148492.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148493.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148494.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148495.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148496.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148497.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148498.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148499.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148500.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148501.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148502.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148503.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148504.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148505.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148506.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148507.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148508.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148509.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148510.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148511.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148512.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148513.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148514.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148515.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148516.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148517.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148518.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148519.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148520.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148521.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148522.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148523.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148524.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148525.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148526.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148527.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148528.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148529.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148530.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148531.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148532.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148533.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148534.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148535.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148536.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148537.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148538.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148539.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148540.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148541.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148542.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148543.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148544.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148545.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148546.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148547.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148548.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148549.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148550.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148551.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148552.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148553.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148554.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148555.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148556.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148557.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148558.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148559.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148560.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148561.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148562.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148563.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148564.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148565.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148566.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148567.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148568.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148569.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148570.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148571.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148572.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148573.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148574.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148575.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148576.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148577.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148578.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148579.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148580.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148581.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148582.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148583.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148584.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148585.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148586.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148587.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148588.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148589.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148590.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148591.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148592.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148593.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148594.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148595.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148596.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148597.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148598.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148599.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148600.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148601.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148602.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148603.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148604.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148605.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148606.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148607.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148608.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148609.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148610.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148611.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148612.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148613.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148614.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148615.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148616.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148617.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148618.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148619.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148620.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148621.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148622.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148623.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148624.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148625.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148626.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148627.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148628.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148629.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148630.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148631.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148632.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148633.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148634.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148635.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148636.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148637.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148638.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148639.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148640.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148641.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148642.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148643.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148644.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148645.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148646.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148647.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148648.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148649.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148650.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148651.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148652.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148653.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148654.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148655.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148656.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148657.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148658.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148659.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148660.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148661.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148662.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148663.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148664.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148665.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148666.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148667.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148668.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148669.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148670.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148671.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148672.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148673.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148674.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148675.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148676.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148677.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148678.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148679.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148680.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148681.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148682.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148683.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148684.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148685.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148686.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148687.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148688.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148689.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148690.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148691.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148692.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148693.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148694.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148695.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148696.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148697.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148698.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148699.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148700.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148701.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148702.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148703.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148704.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148705.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148706.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148707.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148708.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148709.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148710.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148711.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148712.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148713.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148714.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148715.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148716.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148717.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148718.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148719.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148720.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148721.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148722.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148723.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148724.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148725.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148726.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148727.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148728.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148729.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148730.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148731.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148732.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148733.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148734.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148735.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148736.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148737.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148738.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148739.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148740.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148741.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148742.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148743.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148744.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148745.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148746.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148747.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148748.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148749.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148750.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148751.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148752.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148753.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148754.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148755.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148756.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148757.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148758.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148759.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148760.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148761.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148762.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148763.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148764.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148765.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148766.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148767.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148768.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148769.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148770.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148771.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148772.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148773.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148774.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148775.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148776.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148777.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148778.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148779.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148780.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148781.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148782.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148783.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148784.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148785.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148786.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148787.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148788.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148789.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148790.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148791.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148792.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148793.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148794.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148795.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148796.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148797.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148798.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148799.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148800.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148801.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148802.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148803.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148804.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148805.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148806.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148807.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148808.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148809.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148810.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148811.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148812.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148813.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148814.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148815.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148816.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148817.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148818.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148819.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148820.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148821.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148822.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148823.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148824.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148825.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148826.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148827.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148828.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148829.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148830.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148831.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148832.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148833.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148834.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148835.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148836.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148837.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148838.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148839.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148840.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148841.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148842.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148843.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148844.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148845.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148846.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148847.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148848.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148849.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148850.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148851.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148852.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148853.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148854.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148855.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148856.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148857.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148858.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148859.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148860.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148861.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148862.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148863.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148864.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148865.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148866.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148867.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148868.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148869.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148870.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148871.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148872.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148873.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148874.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148875.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148876.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148877.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148878.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148879.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148880.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148881.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148882.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148883.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148884.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148885.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148886.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148887.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148888.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148889.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148890.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148891.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148892.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148893.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148894.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148895.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148896.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148897.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148898.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148899.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148900.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148901.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148902.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148903.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148904.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148905.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148906.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148907.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148908.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148909.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148910.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148911.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148912.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148913.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148914.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148915.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148916.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148917.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148918.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148919.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148920.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148921.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148922.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148923.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148924.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148925.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148926.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148927.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148928.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148929.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148930.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148931.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148932.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148933.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148934.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148935.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148936.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148937.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148938.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148939.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148940.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148941.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148942.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148943.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148944.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148945.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148946.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148947.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148948.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148949.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148950.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148951.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148952.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148953.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148954.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148955.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148956.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148957.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148958.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148959.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148960.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148961.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148962.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148963.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148964.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148965.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148966.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148967.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148968.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148969.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148970.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148971.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148972.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148973.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148974.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148975.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148976.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148977.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148978.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148979.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148980.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148981.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148982.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148983.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148984.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148985.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148986.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148987.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148988.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148989.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148990.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148991.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148992.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148993.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148994.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148995.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148996.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148997.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148998.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148999.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149000.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149001.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149002.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149003.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149004.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149005.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149006.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149007.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149008.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149009.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149010.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149011.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149012.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149013.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149014.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149015.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149016.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149017.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149018.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149019.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149020.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149021.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149022.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149023.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149024.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149025.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149026.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149027.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149028.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149029.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149030.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149031.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149032.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149033.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149034.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149035.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149036.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149037.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149038.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149039.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149040.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149041.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149042.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149043.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149044.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149045.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149046.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149047.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149048.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149049.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149050.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149051.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149052.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149053.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149054.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149055.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149056.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149057.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149058.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149059.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149060.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149061.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149062.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149063.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149064.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149065.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149066.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149067.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149068.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149069.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149070.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149071.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149072.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149073.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149074.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149075.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149076.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149077.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149078.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149079.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149080.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149081.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149082.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149083.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149084.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149085.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149086.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149087.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149088.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149089.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149090.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149091.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149092.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149093.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149094.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149095.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149096.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149097.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149098.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149099.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149100.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149101.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149102.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149103.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149104.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149105.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149106.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149107.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149108.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149109.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149110.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149111.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149112.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149113.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149114.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149115.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149116.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149117.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149118.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149119.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149120.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149121.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149122.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149123.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149124.exe Win32/Ramnit.R virus cleaned - quarantined
C:\WINDOWS\ie8updates\KB2675157-IE8\iedvtool.dll Win32/Ramnit.R virus cleaned - quarantined
C:\WINDOWS\ie8updates\KB2675157-IE8\ieproxy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\WINDOWS\ie8updates\KB2675157-IE8\xpshims.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\DELDIR0.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\QTInstallerHelper.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\SrcWMA.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\binkw32.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\CreatureUpload.exe a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\drvmgt.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\e.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\IFC22.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\lhlogr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\QMixer.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\wearasr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_Code.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_eReg.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_EZ.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_uninst.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\go_ez.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\Plug Ins\LanguageR.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\Plug Ins\ScriptLibraryR.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\Toshiba Downloads\pro-ncs-20080416140552\iProData\iconvrtr.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\MdmXSdk.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\UCI32M25.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\UIU32m.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\xaudio.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ARB\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\CHS\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\CHT\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\CSY\Aboutn.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\DAN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\DEU\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ELL\Aboutn.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ENU\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ESP\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\FIN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\FRA\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\HEB\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\HRV\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\HUN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ITA\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\JPN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\KOR\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\NLD\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\NOR\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\PLK\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\PTB\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\PTG\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ROM\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\RUS\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\SKY\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\SLV\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\SVE\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\THA\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\TRK\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\DRIVER\drivers\UMDF\wpdmtpdr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\drivers\UMDF\wpdmtpdr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\si32.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\VISTAXP2K\x86\sm56.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\VISTAXP2K\x86\sm56co76.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\VISTAXP2K\x86\sm56hlpr.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectConexant\cselect.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectConexant\CSELLANG.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectConexant\TOSMREG.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectMotorola\cselect.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectMotorola\CSELLANG.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectMotorola\TOSMREG.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\SWHelper\SWHelper.exe a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agrscoin.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agrsmsvc.exe a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agsetup1.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agsetup2.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\CSELECT.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\CSELLANG.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\mohapi.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\TOSMREG.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TRSDriver\SPSInstall32.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\HideWin.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\Atheros\AthInst.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\Intel\IMDGInst.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\Intel\NETw4c32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\WLAN\Intel\Utility\iProData\iconvrtr.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Info\TRebootRequest.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Info\TSetRes.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Info\MDA\chklogo6.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Updates\TCallUPD.exe Win32/Ramnit.R virus cleaned - quarantined
Operating memory a variant of Win32/Ramnit.L virus
 
The main problem with a Ramnit infection is that it infects many files and changes them to its file structure. Many times its easier to format, as this is the safest way to ensure its all clean.

There's not many threads out there where I or anyone else suggests formatting, but Ramnit is one, I'm afraid :(

So, if you want to carry on, can you try the following:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    :Files
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

Then, if you can post a fresh OTL log as well, that would be great :)

I'm away for two weeks from tonight, but I'm letting other's know so someone else will reply whilst I'm away.

eddie
 
Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.


Select all drivers connected in your computer:



Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

 
Discussion starter · #48 ·
OTL logfile created on: 30/04/2012 23:27:21 - Run 3
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.34% Memory free
3.83 Gb Paging File | 3.40 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 32.06 Gb Free Space | 57.52% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/19 20:44:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\username123\catchme.sys -- (catchme)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKCU\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/30 23:22:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 20:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/24 19:58:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/24 19:58:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/24 19:58:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/24 19:58:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/24 19:52:18 | 004,479,582 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/19 19:55:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/19 19:50:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/04/19 19:50:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/04/13 22:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 22:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/06 19:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 19:40:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/06 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/06 16:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 23:24:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 23:22:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 23:22:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 23:22:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 23:06:11 | 004,479,582 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/29 17:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 17:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 17:28:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/22 17:23:15 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 22:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/19 22:07:05 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 22:07:05 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/19 22:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/19 20:44:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/19 20:44:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/13 22:14:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 22:08:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/09 20:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/08 15:19:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 19:38:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 19:58:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/24 19:58:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/24 19:58:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/24 19:58:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/24 19:58:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/22 17:28:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/19 22:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/13 22:14:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 22:14:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 20:56:18 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/06 20:07:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 19:40:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 23:30:43 | 000,256,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 20:47:21 | 000,296,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Custom Scans ==========

< :OTL >

< SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) >

< DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) >

< DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) >

< DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service) >

< DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) >

< DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) >

< DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) >

< DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) >

< DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) >

< DRV - File not found [Kernel | System | Stopped] -- -- (Changer) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme) >

< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found >
Invalid Switch: iTunes,version=: File not found

< O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found >

< O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found >

< O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found >

< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)

< O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found >

< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

< [emptyjava] >

< [EMPTYFLASH] >

< [Reboot] >
< End of report >
 
Discussion starter · #49 ·
This one is without your OTL code.

==============

OTL logfile created on: 30/04/2012 23:52:10 - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.13% Memory free
3.83 Gb Paging File | 3.32 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 31.91 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/19 20:44:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\username123\catchme.sys -- (catchme)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKCU\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/30 23:22:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 20:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/24 19:58:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/24 19:58:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/24 19:58:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/24 19:58:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/24 19:52:18 | 004,479,582 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/19 19:55:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/19 19:50:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/04/19 19:50:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/04/13 22:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 22:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/06 19:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 19:40:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/06 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/06 16:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 23:51:27 | 133,330,512 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_01_01_37.exe
[2012/04/30 23:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 23:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 23:24:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 23:22:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 23:22:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 23:22:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 23:06:11 | 004,479,582 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/22 17:28:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/22 17:23:15 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 22:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/19 22:07:05 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 22:07:05 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/19 22:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/19 20:44:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/19 20:44:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/13 22:14:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 22:08:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/09 20:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/08 15:19:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 19:38:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 23:51:22 | 133,330,512 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_01_01_37.exe
[2012/04/24 19:58:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/24 19:58:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/24 19:58:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/24 19:58:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/24 19:58:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/22 17:28:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/19 22:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/13 22:14:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 22:14:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 20:56:18 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/06 20:07:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 19:40:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 23:30:43 | 000,256,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 20:47:21 | 000,296,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
< End of report >
 
Discussion starter · #50 ·
I was able to find the 'Automatic Scan' report from the saved report section, however the 'Manual Disinfection' scan did not create a zip file;

C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

But I did find a report from the above saved report section, under the name gathering system information. I hope its the same report you were referring to.
 
Discussion starter · #51 ·
Gathering system information: completed 6 minutes ago (events: 254, time: 00:02:03)
02/05/2012 20:52:07 Task completed Gathering system information
02/05/2012 20:52:07 Main script of analysis
02/05/2012 20:52:07 Deleting service/driver: ujqwmzex
02/05/2012 20:52:07 Delete file:C:\WINDOWS\system32\Drivers\utqwmzex.sys
02/05/2012 20:52:07 [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\utqwmzex
02/05/2012 20:52:07 Deleting service/driver: utqwmzex
02/05/2012 20:52:07 System Analysis - complete
02/05/2012 20:51:07 System Analysis in progress
02/05/2012 20:51:04 >> Disable removable media autorun
02/05/2012 20:51:04 >> Disable CD/DVD autorun
02/05/2012 20:51:04 >> Disable autorun from network drives
02/05/2012 20:51:04 >> Disable HDD autorun
02/05/2012 20:50:59 >> Security: sending Remote Assistant queries is enabled
02/05/2012 20:50:59 >> Security: anonymous user access is enabled
02/05/2012 20:50:59 >> Security: administrative shares (C$, D$ ...) are enabled
02/05/2012 20:50:59 >> Security: disk drives' autorun is enabled
02/05/2012 20:50:59 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: TermService (Terminal Services)
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
02/05/2012 20:50:12 Checking - complete
02/05/2012 20:50:12 Driver loaded successfully
02/05/2012 20:50:12 1.5 Checking of IRP handlers
02/05/2012 20:50:12 Checking not performed: extended monitoring driver (AVZPM) is not installed
02/05/2012 20:50:12 1.4 Searching for masking processes and drivers
02/05/2012 20:50:11 Checking IDT and SYSENTER - complete
02/05/2012 20:50:11 Disable callback OK
02/05/2012 20:50:11 CmpCallCallBacks = 00093D84
02/05/2012 20:50:11 Analysis for CPU 2
02/05/2012 20:50:11 Analysis for CPU 1
02/05/2012 20:50:11 1.3 Checking IDT and SYSENTER
02/05/2012 20:50:11 Functions checked: 284, intercepted: 62, restored: 64
02/05/2012 20:50:11 >>> Function restored successfully !
02/05/2012 20:50:11 Function IoIsOperationSynchronous (804EF912) - machine code modification Method of JmpTo. jmp 9DB0B3AC \SystemRoot\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:11 >>> Function restored successfully !
02/05/2012 20:50:11 Function FsRtlCheckLockForReadAccess (804EAF84) - machine code modification Method of JmpTo. jmp 9DB0AFD0 \SystemRoot\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:11 >>> Hook code blocked
02/05/2012 20:50:11 >>> Function restored successfully !
02/05/2012 20:50:11 Function NtWriteVirtualMemory (115) intercepted (805B43CC->9DB18B52), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtUnmapViewOfSection (10B) intercepted (805B2E48->9DB1C552), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtTerminateThread (102) intercepted (805D2BDC->9DB189C8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtTerminateProcess (101) intercepted (805D29E2->9DB18A68), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSystemDebugControl (FF) intercepted (806180BA->9DB1BA3E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSuspendThread (FE) intercepted (805D48F4->9DB1CA2A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSuspendProcess (FD) intercepted (805D4A82->9DB1C8F0), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSetValueKey (F7) intercepted (80622662->9DB17816), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSetSystemPowerState (F1) intercepted (80653E18->B9F8E0B0), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSetSystemInformation (F0) intercepted (8060FD06->9DB1C7FE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSetSecurityObject (ED) intercepted (805C062E->9DB1BDAA), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSetInformationToken (E6) intercepted (805FA7B4->9DB1B154), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSetContextThread (D5) intercepted (805D173A->9DB18E38), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSecureConnectPort (D2) intercepted (805A3D64->9DB19B0E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtSaveKey (CF) intercepted (80625BCC->9DB16EAE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtResumeThread (CE) intercepted (805D49BA->9DB1CBC8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtRestoreKey (CC) intercepted (80625AD0->9DB1728E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtRequestWaitReplyPort (C8) intercepted (805A2D76->9DB1B8B4), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtReplyWaitReceivePort (C3) intercepted (805A64B4->9DB1A6F2), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtReplyPort (C2) intercepted (805A54EC->9DB1A82C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtReplaceKey (C1) intercepted (806261C4->9DB16F16), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtRenameKey (C0) intercepted (80623B12->9DB17C2C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtQueueApcThread (B4) intercepted (805D1276->9DB1BFA0), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtQueryValueKey (B1) intercepted (80622314->9DB1799C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtQuerySection (A7) intercepted (805B85E0->9DB1C6AE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtQueryMultipleValueKey (A1) intercepted (8062323E->9DB17D72), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtQueryKey (A0) intercepted (80625810->9DB1813A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenThread (80) intercepted (805CB6CC->9DB187BE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenSemaphore (7E) intercepted (80615148->9DB1A4C8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenSection (7D) intercepted (805AA3EC->9DB1C10E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenProcess (7A) intercepted (805CB440->9DB188CC), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenMutant (78) intercepted (80617776->9DB1A288), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenKey (77) intercepted (806254CE->9DB176C0), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenFile (74) intercepted (8057A1A6->9DB19016), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtOpenEvent (72) intercepted (8060F04E->9DB1A3A8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtNotifyChangeKey (6F) intercepted (806262DE->9DB181CE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtMapViewOfSection (6C) intercepted (805B203A->9DB1C374), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtLoadKey2 (63) intercepted (80625F20->9DB174EE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtLoadKey (62) intercepted (80626314->9DB174DC), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtLoadDriver (61) intercepted (80584160->9DB1BC0C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtFsControlFile (54) intercepted (805792A2->9DB19500), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtEnumerateValueKey (49) intercepted (80624BA6->9DB180A2), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtEnumerateKey (47) intercepted (8062493C->9DB1800A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtDuplicateObject (44) intercepted (805BE008->9DB1CD26), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtDeviceIoControlFile (42) intercepted (8057926E->9DB196F2), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtDeleteValueKey (41) intercepted (8062475C->9DB17EBE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtDeleteKey (3F) intercepted (8062458C->9DB17B0A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtDebugActiveProcess (39) intercepted (80643B30->9DB1BB1A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateWaitablePort (38) intercepted (805A5110->9DB1A162), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateThread (35) intercepted (805D1018->9DB18C1C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateSemaphore (33) intercepted (8061504E->9DB1A432), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateSection (32) intercepted (805AB3C8->9DB18426), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreatePort (2E) intercepted (805A50EC->9DB1A0CC), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreatePagingFile (2D) intercepted (805AB9EE->B9F82A20), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateNamedPipeFile (2C) intercepted (805790E2->9DB1827E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateMutant (2B) intercepted (8061769E->9DB1A1F8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateKey (29) intercepted (806240F0->9DB17500), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateFile (25) intercepted (805790A8->9DB19270), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtCreateEvent (23) intercepted (8060EF4E->9DB1A312), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtConnectPort (1F) intercepted (805A45D0->9DB19DC8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtClose (19) intercepted (805BC530->9DB18F94), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 >>> Hook code blocked
02/05/2012 20:50:10 >>> Function restored successfully !
02/05/2012 20:50:10 Function NtAdjustPrivilegesToken (0B) intercepted (805EC464->9DB18690), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted
02/05/2012 20:50:10 KiST = 80504480 (284)
02/05/2012 20:50:10 SDT = 8055C700
02/05/2012 20:50:10 Kernel ntkrnlpa.exe found in memory at address 804D7000
02/05/2012 20:50:10 SDT found (RVA=085700)
02/05/2012 20:50:10 Driver loaded successfully
02/05/2012 20:50:10 1.2 Searching for kernel-mode API hooks
02/05/2012 20:50:09 Analysis: netapi32.dll, export table found in section .text
02/05/2012 20:50:09 Analysis: urlmon.dll, export table found in section .text
02/05/2012 20:50:09 Analysis: rasapi32.dll, export table found in section .text
02/05/2012 20:50:09 Analysis: wininet.dll, export table found in section .text
02/05/2012 20:50:09 Analysis: ws2_32.dll, export table found in section .text
02/05/2012 20:50:09 Analysis: advapi32.dll, export table found in section .text
02/05/2012 20:50:08 Analysis: user32.dll, export table found in section .text
02/05/2012 20:50:08 Analysis: ntdll.dll, export table found in section .text
02/05/2012 20:50:08 IAT modification detected: GetProcAddress - 00BA0390<>7C80AE40
02/05/2012 20:50:08 IAT modification detected: LoadLibraryA - 00BA0320<>7C801D7B
02/05/2012 20:50:08 IAT modification detected: LoadLibraryW - 00BA02B0<>7C80AEEB
02/05/2012 20:50:08 IAT modification detected: CreateProcessW - 00BA01D0<>7C802336
02/05/2012 20:50:08 IAT modification detected: GetModuleFileNameW - 00BA0160<>7C80B475
02/05/2012 20:50:08 IAT modification detected: FreeLibrary - 00BA00F0<>7C80AC7E
02/05/2012 20:50:08 IAT modification detected: GetModuleFileNameA - 00BA0080<>7C80B56F
02/05/2012 20:50:08 IAT modification detected: CreateProcessA - 00BA0010<>7C80236B
02/05/2012 20:50:08 Analysis: kernel32.dll, export table found in section .text
02/05/2012 20:50:08 1.1 Searching for user-mode API hooks
02/05/2012 20:50:07 System Restore: enabled
02/05/2012 20:50:07 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
02/05/2012 20:50:07 Main script of analysis
02/05/2012 20:50:04 Task started Gathering system information
 
Hiya

Back from my holidays, so playing catchup :p

OK could you open AVP and on the manual disinfection tab click the link to avptool sysinfo.zip as that will be small enough to attach and contains the analysis run that I wil need to look at :)

================

Back from my holiday, so playing catchup :p

Okay, looks like I can see the main reason why the OTL fix isn't working. If you open up OTL and copy/paste the following in the Custom Scans/Fixes box as before, but do no click on Run Scan, but select the Run Fix button instead ;)

Code:
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

And it should work this time :)

-------------------------------

eddie
 
Discussion starter · #54 ·
All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service Tosrfcom stopped successfully!
Service Tosrfcom deleted successfully!
Error: No service named pgtdapod was found to stop!
Service\Driver key pgtdapod not found.
File C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Error: No service named Micorsoft Windows Service was found to stop!
Service\Driver key Micorsoft Windows Service not found.
File C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File system32\drivers\InCDRm.sys not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File system32\drivers\InCDPass.sys not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File system32\drivers\InCDFs.sys not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\username123\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XejAtgha deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Derek\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Derek\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Derek
->Temp folder emptied: 69198 bytes
->Temporary Internet Files folder emptied: 135029997 bytes
->Flash cache emptied: 2277 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1108 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 42448305 bytes

Total Files Cleaned = 170.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: Derek

User: LocalService

User: NetworkService

User: TV

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Derek
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: TV
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.40.0 log created on 05142012_200628
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_680.dat moved successfully.
Registry entries deleted on Reboot...
 

Attachments

Thanks :)

  1. Re-run AVPTool
  2. Select the Manual Disinfection tab and press Script execution
  3. Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End

    Code:
    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
    SetAVZPMStatus(True);
     DelBHO('{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}');
     BC_DeleteFile('C:\Documents and Settings\Derek\Local Settings\temp\_uninst_26689776.bat');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
  4. Your system will reboot on completion, if it does not please do so yourself
  5. On completion please run another analysis scan and attach the zip file
 
Okay, looks like its still there, so can you do this for me:

Using SystemLookUp again, can you run the following code:

Code:
:dir
c:\documents and settings\LocalService\Local Settings\Application Data /sub
:file
C:\Documents and Settings\Derek\Local Settings\temp\_uninst_71002904.bat
C:\WINDOWS\system32\DRIVERS\1507056drv.sys
C:\WINDOWS\system32\Drivers\d347bus.sys
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog00.sqm
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog01.sqm
And then, can you upload some files to me for further research. We'll also remove them, once they uploaded :)

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file


C:\WINDOWS\system32\DRIVERS\1507056drv.sys
C:\WINDOWS\system32\Drivers\d347bus.sys
C:\Documents and Settings\Derek\Local Settings\temp\_uninst_71002904.bat
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog00.sqm
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog01.sqm
Let me know when they're uploaded :)
 
Discussion starter · #58 ·
SystemLook 30.07.11 by jpshortstuff
Log created at 15:13 on 20/05/2012 by Derek
Administrator - Elevation successful
========== dir ==========
c:\documents and settings\LocalService\Local Settings\Application Data - Parameters: "/sub"
---Files---
WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat --a---- 256768 bytes [22:30 23/02/2012] [22:30 23/02/2012]
WPFFontCache_v0400-System.dat --a---- 123526 bytes [22:30 23/02/2012] [22:30 23/02/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft d------ [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19 d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Portable Devices d------ [10:27 15/05/2011]
wpdlog00.sqm --a---- 320 bytes [10:27 15/05/2011] [10:27 15/05/2011]
wpdlog01.sqm --a---- 290 bytes [21:19 23/02/2012] [21:19 23/02/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows d------ [18:39 03/05/2011]
UsrClass.dat --a---- 8192 bytes [18:39 03/05/2011] [21:12 23/02/2012]
UsrClass.dat.LOG --ah--- 1024 bytes [18:39 03/05/2011] [13:18 20/05/2012]
========== file ==========
C:\Documents and Settings\Derek\Local Settings\temp\_uninst_71002904.bat - Unable to find/read file.
C:\WINDOWS\system32\DRIVERS\1507056drv.sys - Unable to find/read file.
C:\WINDOWS\system32\Drivers\d347bus.sys - File found and opened.
MD5: 5776322F93CDB91086111F5FFBFDA2A0
Created at 12:38 on 07/05/2011
Modified at 15:31 on 22/08/2004
Size: 155136 bytes
Attributes: --a----
FileDescription: PnP BIOS Extension
FileVersion: 3.47.0.0 built by: WinDDK
ProductVersion: 3.47.0.0
OriginalFilename:
InternalName:
ProductName:
CompanyName:
LegalCopyright: Copyright (C) 2002-2004
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog00.sqm - Unable to find/read file.
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog01.sqm - Unable to find/read file.
-= EOF =-
 
Thanks, looks like its only seen one of the files, which is strange as the systemlook above clearly shows them as there:

wpdlog00.sqm --a---- 320 bytes [10:27 15/05/2011] [10:27 15/05/2011]
wpdlog01.sqm --a---- 290 bytes [21:19 23/02/2012] [21:19 23/02/2012]
Still, they are legit so I'll leave them be ;)

And for the file that did get uploaded, this is a legit driver as well, so that's good :)

Can you run this for me. If you can't enter SafeMode let me know, as it was showing as corrupt a while ago, but I'm hoping some of the file removals have solved that:

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

eddie
 
41 - 60 of 115 Posts
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top