Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and lord knows what else!


  • Please log in to reply
18 replies to this topic

#1 Simtim

Simtim

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 24 September 2010 - 10:56 AM

Hi
I'm new here and I must begin by saying I know as much about computers as my 3yr old! I should also apoloogise in advance for using the wrong jargon and often sounding like I don't know what I'm doing (its because I don't)
I'm not even sure what is wrong with my computer but I wish I had just come here first.
I installed o2 broadband a week ago when I moved house and excitedly installed the disk and got something called McAfee. It all sounded good but then the computer had an icon for My Security Shield. After a day I realised this was a virus and was very excited when I followed instructions on this site and successfully removed it (I think). I didn't do anything to the host file as I thought the instructions were beyond my level of comprehension and the problem seemed fixed anyway.
Then I realised I had google redirect virus. I have tried the microsoft fix it option and to some degree the original instructions on this site. As I said at the beginning what I know about computers you could write on the back of a 5p!
Anyway the problem is still here and after a 3hr scan using Windows Live onecare safety scanner I think I have "12 severe issues" (not to mention my ever increasing thinning hair). There was a reference to Protection issues which were not able to be cleaned.
This doesn't mean much to me other than the fact the problem is not as easy as I had hoped.
So here I am. Can anyone help?

Edited by Orange Blossom, 24 September 2010 - 11:50 AM.
Moved to AII for initial assistance. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 25 September 2010 - 03:06 PM

Hello lets see what we can do with this:
Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


>><><><><><><><><><>
Please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 27 September 2010 - 11:02 AM

Ok this could be a long sow process.
It's taken me 40mins to get here with Google redirecting me to a few other sites along the way (including an adult one!).
Having tried to follow your first set of instructions (twice) I realised the computer does not list the equipment on the machine. There is a blank page which takes me to aToshiba page and then it takes me to Windows XP on a black background followed by the screensaver and usual icons I have.
nonetheless I have pressed F8 throughout this process but to no avail.
I use McAfee which I dare not remove yet as I fear it will take even longer to get here next time.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 27 September 2010 - 11:24 PM

Hi, this is XP ??
You can try to kill the power on the computer to turn it off and then turn it back on. If Windows shuts down unexpectedly, it will usually bring up the Advanced Boot Options menu automatically. The second down is Safe Mode with Networking.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 28 September 2010 - 12:34 PM

This is the 2nd time I'm posting this so not sure what I did last time but here are the logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/28/2010 at 05:23 PM

Application Version : 4.43.1000

Core Rules Database Version : 5594
Trace Rules Database Version: 3406

Scan type : Complete Scan
Total Scan Time : 01:35:46

Memory items scanned : 305
Memory threats detected : 0
Registry items scanned : 5612
Registry threats detected : 1
File items scanned : 48164
File threats detected : 53

Trojan.SVCHost/Fake
[svchost] C:\DOCUMENTS AND SETTINGS\SANDY\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\SANDY\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-2AC3275B.pf

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[2].txt
cdn5.specificclick.net [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
findel.scene7.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
gw.callingbanners.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
ia.media-imdb.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
img-cdn.mediaplex.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
m1.emea.2mdn.net [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
media.scanscout.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
objects.tremormedia.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
s0.2mdn.net [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
secure-us.imrworldwide.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
spe.atdmt.com [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
tracking.onefeed.co.uk [ C:\Documents and Settings\sandy\Application Data\Macromedia\Flash Player\#SharedObjects\SQBKSB3S ]
C:\Documents and Settings\sandy\Cookies\sandy@ad.yieldmanager[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@adbrite[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@admarketplace[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@ads.bleepingcomputer[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@advertising[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@adviva[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@apmebf[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@at.atwola[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@atdmt[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@azjmp[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@bizzclick[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@bridge2.admarketplace[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@bs.serving-sys[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@chitika[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@collective-media[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@content.yieldmanager[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@content.yieldmanager[3].txt
C:\Documents and Settings\sandy\Cookies\sandy@doubleclick[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@invitemedia[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@kontera[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@media6degrees[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@mediaplex[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@questionmarket[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@serving-sys[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@specificclick[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@statse.webtrendslive[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@tacoda[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@tribalfusion[2].txt
C:\Documents and Settings\sandy\Cookies\sandy@uk.at.atwola[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@xiti[1].txt
C:\Documents and Settings\sandy\Cookies\sandy@yieldmanager[1].txt

Trojan.Dropper/Gen-NV
C:\DOCUMENTS AND SETTINGS\SANDY\LOCAL SETTINGS\TEMP\PDFUPD.EXE

Adware.Search-Exe
C:\PROGRAM FILES\SYS1\SE.EXE
C:\WINDOWS\Prefetch\SE.EXE-150BC7A7.pf

And the TDSS log:
2010/09/28 18:15:59.0171 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/28 18:15:59.0171 ================================================================================
2010/09/28 18:15:59.0171 SystemInfo:
2010/09/28 18:15:59.0171
2010/09/28 18:15:59.0171 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/28 18:15:59.0171 Product type: Workstation
2010/09/28 18:15:59.0171 ComputerName: YOUR-0744C60846
2010/09/28 18:15:59.0171 UserName: Administrator
2010/09/28 18:15:59.0171 Windows directory: C:\WINDOWS
2010/09/28 18:15:59.0171 System windows directory: C:\WINDOWS
2010/09/28 18:15:59.0171 Processor architecture: Intel x86
2010/09/28 18:15:59.0171 Number of processors: 2
2010/09/28 18:15:59.0171 Page size: 0x1000
2010/09/28 18:15:59.0171 Boot type: Safe boot with network
2010/09/28 18:15:59.0171 ================================================================================
2010/09/28 18:15:59.0656 Initialize success
2010/09/28 18:16:02.0750 ================================================================================
2010/09/28 18:16:02.0750 Scan started
2010/09/28 18:16:02.0750 Mode: Manual;
2010/09/28 18:16:02.0750 ================================================================================
2010/09/28 18:16:06.0218 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/28 18:16:06.0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/28 18:16:06.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/28 18:16:06.0656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/28 18:16:06.0875 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/28 18:16:07.0390 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2010/09/28 18:16:07.0484 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2010/09/28 18:16:07.0609 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2010/09/28 18:16:07.0750 ALCXWDM (69cbb79ccccb7ab08f5e00109e9703bd) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/28 18:16:08.0296 AR5211 (466708ae500e11cfa56483ee7fb9ad11) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/09/28 18:16:08.0406 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/28 18:16:08.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/28 18:16:09.0015 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/28 18:16:09.0468 ati2mtag (59485150d0388e07772ead4999a5afc2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/28 18:16:09.0593 atiide (899c9f94ed5ec5eff71aa6e17a084419) C:\WINDOWS\system32\DRIVERS\atiide.sys
2010/09/28 18:16:09.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/28 18:16:09.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/28 18:16:10.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/28 18:16:10.0296 caboagp (906fcf0d1dc5b573015bbd21ef54bd88) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
2010/09/28 18:16:10.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/28 18:16:10.0671 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/28 18:16:10.0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/28 18:16:10.0906 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/28 18:16:11.0250 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/28 18:16:11.0562 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/28 18:16:12.0281 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
2010/09/28 18:16:12.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/28 18:16:12.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/28 18:16:12.0812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/28 18:16:13.0000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/28 18:16:13.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/28 18:16:13.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/28 18:16:13.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/28 18:16:13.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/28 18:16:14.0093 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/28 18:16:14.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/28 18:16:14.0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/28 18:16:14.0468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/28 18:16:14.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/28 18:16:14.0687 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/28 18:16:14.0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/28 18:16:15.0156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/28 18:16:15.0531 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/28 18:16:15.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/28 18:16:16.0078 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/28 18:16:16.0203 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/28 18:16:16.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/28 18:16:16.0406 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/28 18:16:16.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/28 18:16:16.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/28 18:16:16.0812 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/09/28 18:16:16.0906 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/28 18:16:17.0078 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/28 18:16:17.0187 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/28 18:16:17.0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/28 18:16:17.0406 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/28 18:16:18.0031 mfeavfk (21dd45cae791d0cde10631b80f16f653) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/09/28 18:16:18.0140 mfebopk (decde1c615c256fa2893b5962b0b91e5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/09/28 18:16:18.0281 mfehidk (f85cd2b918202b7ee49757c361c7eac2) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/09/28 18:16:18.0375 mferkdk (5f33a57f904b64d1c6a548eca47a8656) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/09/28 18:16:18.0484 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/09/28 18:16:18.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/28 18:16:18.0718 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/28 18:16:18.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/28 18:16:18.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/28 18:16:19.0109 MPFP (e454f42ae5524d695d76eab5d363b8ac) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/09/28 18:16:19.0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/28 18:16:19.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/28 18:16:19.0906 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/28 18:16:20.0093 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/28 18:16:20.0250 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/28 18:16:20.0421 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/28 18:16:20.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/28 18:16:20.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/28 18:16:20.0812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/28 18:16:21.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/28 18:16:21.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/28 18:16:21.0265 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/28 18:16:21.0390 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/28 18:16:21.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/28 18:16:21.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/28 18:16:21.0921 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2010/09/28 18:16:22.0203 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/28 18:16:22.0375 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/28 18:16:22.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/28 18:16:22.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/28 18:16:23.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/28 18:16:23.0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/28 18:16:23.0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/28 18:16:23.0578 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/28 18:16:23.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/28 18:16:23.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/28 18:16:23.0968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/28 18:16:24.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/28 18:16:24.0421 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/28 18:16:25.0375 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/28 18:16:25.0593 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/28 18:16:25.0703 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/28 18:16:26.0765 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/28 18:16:27.0000 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/09/28 18:16:27.0140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/28 18:16:27.0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/28 18:16:27.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/28 18:16:27.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/28 18:16:27.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/28 18:16:28.0015 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/28 18:16:28.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/28 18:16:28.0484 RTL8023 (d88f6c53b637abe4c23de29db40a9f05) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
2010/09/28 18:16:28.0593 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/09/28 18:16:28.0875 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/28 18:16:29.0000 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/28 18:16:29.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/28 18:16:29.0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/28 18:16:29.0718 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/28 18:16:30.0140 SMCIRDA (f5fec5b4b985fbf81927844e75dd5bd1) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/09/28 18:16:30.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/28 18:16:30.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/28 18:16:30.0812 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/28 18:16:30.0984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/28 18:16:31.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/28 18:16:31.0843 SynTP (36460e94bbb8c1a1a1c22e45a28fb955) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/28 18:16:31.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/28 18:16:32.0343 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/28 18:16:32.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/28 18:16:32.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/28 18:16:32.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/28 18:16:33.0031 tiumfwl (65e8e81c2f40abce9db98fd232f86bf8) C:\WINDOWS\system32\drivers\tiumfwl.sys
2010/09/28 18:16:33.0296 TVALD (7420b0c35be9d7e9651ceb1456948c87) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2010/09/28 18:16:33.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/28 18:16:33.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/28 18:16:33.0875 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/28 18:16:33.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/28 18:16:34.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/28 18:16:34.0187 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/28 18:16:34.0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/28 18:16:34.0421 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/28 18:16:34.0546 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/28 18:16:34.0765 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/28 18:16:34.0953 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/28 18:16:35.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/28 18:16:35.0921 ================================================================================
2010/09/28 18:16:35.0921 Scan finished
2010/09/28 18:16:35.0921 ================================================================================

Hope this helps.
Would be really interested in knowing what all this means in simple terms.
As an additional point. My computer is working really slow (bit like me).

#6 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 28 September 2010 - 02:25 PM

I should also mention that google redirects is still happening.

#7 Eraser23

Eraser23

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 28 September 2010 - 06:06 PM

Hitman Pro has helped numerous people in the past, friends of mine who have had this problem.

You may want to wait around here for another answer, but I know that HAS helped people in the past with Google redirect viruses, after no other method. The programme is free for 30 days, enough time for you to run the programme and hopefully fix the problem.

Up to you if you want to go down that road, or wait for a moderator etc here.

Hitman Pro does not need to be installed. It can be run straight from a USB flash drive, a CD/DVD, local or network attached hard drive.


Edited by Eraser23, 28 September 2010 - 06:09 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 28 September 2010 - 07:32 PM

Hello, Well we found and removed a Dropper. Malware that drops more malware. Some adware was removed and other trojans ,probably drooped by our found friend. Then we scanned for a few types of TDDS rootkits and none were found.

Hitman is OK. It basically will do what we havve just done. But it is a Trial software not free like thes and has to be removed (except in the USB drive)or purchased later so I just avoid those.

So now .. still redirecting // we have a couple ppaths to go down yet to kill it. So first swe sdo an MBAM and an Online scan and see how we are.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



ESET Online
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 28 September 2010 - 07:33 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 29 September 2010 - 11:29 AM

Thanks Eraser23 but I'll keep using the freebies for now.
Hey Boop me. here's the log for Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4715

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/09/2010 15:17:07
mbam-log-2010-09-29 (15-17-07).txt

Scan type: Quick scan
Objects scanned: 148826
Time elapsed: 16 minute(s), 39 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 19
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\Documents and Settings\sandy\Local Settings\Temp\dwm.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.
C:\Program Files\ses\seta.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.
C:\Documents and Settings\sandy\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{742ea7b6-7ef3-d456-3ddc-7c98e4890659} (Trojan.ZbotR.Gen) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6535dce2-510c-5dd2-ae57-6353a36483c5} (Trojan.ZbotR.Gen) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\sandy\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\sandy\Local Settings\Temp\dwm.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Program Files\ses\seta.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\sandy\Application Data\Microsoft\svchost.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\sandy\Local Settings\Temp\A3.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\sandy\Application Data\Idviav\ogbi.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\sandy\Application Data\Dyfew\esemy.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\sandy\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.

Tried to copy the log for Eset scan but got told the report was too big. (1037 viruses found).
How do I attach the report for you to view?

#10 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 29 September 2010 - 11:35 AM

May be a long way of doing it but I'll send it in bits.
Here goes:
C:\3003656b7ef98cc45f\i386\filterpipelineprintproc.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\3003656b7ef98cc45f\i386\mxdwdrv.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\3003656b7ef98cc45f\i386\xpssvcs.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll Win32/Ramnit.B virus deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll Win32/Ramnit.B virus deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\ads[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\iframe[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\sas_processlistrelated[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\sas_processlist[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\search[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GTMJSDMR\superantispyware_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\bleepingcomputer_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\forums[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\Include[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\index[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9Y7WLUV\solutions[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SDMBG96B\downloadfile[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SDMBG96B\homepage_top[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SDMBG96B\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SDMBG96B\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SDMBG96B\index[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SDMBG96B\search[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SDMBG96B\Sync[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SHU38LAF\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SHU38LAF\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SHU38LAF\sabupdate[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SHU38LAF\topic349353[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SHU38LAF\tweet_button[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\6e4ff7\57.mof Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\McAfee\HackerWatch\sum_04_hw.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Application Data\Microsoft\Windows\shellSrv.exe a variant of Win32/Kryptik.FTE trojan cleaned by deleting - quarantined
C:\Documents and Settings\sandy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.zip-27e4f15d-5b77c1f5.zip a variant of Java/Mugademel.A trojan deleted - quarantined
C:\Documents and Settings\sandy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\bof.jar-767a76e6-406a0721.zip multiple threats deleted - quarantined
C:\Documents and Settings\sandy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\client.zip-6c899435-5f78d6e2.zip Java/TrojanDownloader.Agent.NBU trojan deleted - quarantined
C:\Documents and Settings\sandy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-13add5a1-609be668.zip multiple threats deleted - quarantined
C:\Documents and Settings\sandy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-6c688995-13434545.zip multiple threats deleted - quarantined
C:\Documents and Settings\sandy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\pul.jar-15482e74-6ef06453.zip multiple threats deleted - quarantined
C:\Documents and Settings\sandy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll Win32/Ramnit.B virus deleted - quarantined
C:\Documents and Settings\sandy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll Win32/Ramnit.B virus deleted - quarantined
C:\Documents and Settings\sandy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Documents and Settings\sandy\Application Data\Towad\eqfe.exe Win32/Spy.Zbot.ZR trojan cleaned by deleting - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_alertevents\1046aea1-7522-4ff2-a47d-065e17c4d38f.10\Alert Content.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_alertevents\b1c5f68c-f371-4933-ad97-f80d2dc33686.10\Alert Content.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_alertevents\da714158-8ad6-4104-9a05-887f479671cf.5\Alert Content.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\14b8e41d-dfdf-469c-8173-49f8410019ee.7\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\29c2a2b4-6352-448f-a78d-f290030a0fe7.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\2fd3012c-442d-493a-b7fa-9f1adc77d087.2\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\3b4ae929-a359-4e95-9258-e29cf129e05c.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\45b284f5-2813-4b7e-aed6-e52673164c74.2\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\5b706832-61bf-4d71-8220-822769af06fd.2\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\5ebf963a-e63d-4417-b313-c303ba9ebf6a.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\67469f2c-55a9-476b-aa32-acd6f0f35fb7.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\a01337d9-bc2b-45bc-afdb-90b8836d66ba.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\a5b80fff-fc1f-497a-878c-6dc1c7183d5d.11\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\af974242-a05c-419f-bf61-5622af0e1335.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\c4259398-8501-4a93-88af-c352d47dd659.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\d1e7f5e1-8d77-4124-bff0-9f69124b0d35.7\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\e1c3974a-3429-489b-ab1f-2bc08d56a01f.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\f5ec31d0-84ba-4959-99f2-24f18e941d8f.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\f6921de1-b67e-4176-b31c-bf2f313b3f6b.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Application Data\SupportSoft\O2\sandy\data\sprt_articlefaq\fcbb85e5-c272-4da7-9a77-38684b5007d1.1\Answer.html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temp\Wise_INI.dll Win32/Ramnit.B virus deleted - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\0_admarketplace_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\11285701619@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\11285701650@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\11285702227@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\120100928201931@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\4716-malwarebytes-anti-malware[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\98906b51ab5d9d97[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ad-ebay[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adfserve[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserveCA37KH6J.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserveCA66226U.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserveCABASH5M.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserveCAS6JO9Y.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[10].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[11].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[7].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[8].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\adserve[9].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[7].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\ads[8].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\AFECheg[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\B4814042[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\CA7A2OZK.HTM Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\clkurl=;ord=1980348907[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\clk[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\default[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\default[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\header_external_g5[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\iframescript[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\iframescript[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\iframe[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\index[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\index[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\index[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\index[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\in[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\mail[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\online-scanner[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\pass[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\pixel[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\searche[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\shopping-1[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\tesco_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14763;c=107792;b=1064312;p=ui=phMsqhoodpAKpB;tr=_vRm1Nhea2G;tm=0-0;ts=20100928203429;dct=;ord=20100928203429[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14764;c=106450;b=1053476;p=ui=phMsqhoodpAKpB;tr=h6XaB7haNvF;tm=0-0;ts=20100928201931;dct=;ord=20100928201931[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14770;c=104135;b=1043460;p=ui=phMsqhoodpAKpB;tr=3MCMaIzEPJG;tm=0-0;ts=20100928203028;dct=;ord=20100928203028[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14770;c=104135;b=1043460;p=ui=phMsqhoodpAKpB;tr=9yNV3u1sPSC;tm=0-0;ts=20100928202943;dct=;ord=20100928202943[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14770;c=104135;b=1043470;p=ui=phMsqhoodpAKpB;tr=emh7qq2zzsC;tm=0-0;ts=20100928202848;dct=;ord=20100928202848[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14770;c=104135;b=1043590;p=ui=phMsqhoodpAKpB;tr=X9z2NL6aQwC;tm=0-0;ts=20100928202857;dct=;ord=20100928202857[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14770;c=107792;b=1064306;p=ui=phMsqhoodpAKpB;tr=pYjUXGsqWWA;tm=0-0;ts=20100928203230;dct=;ord=20100928203230[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\v=4;m=2;l=14770;c=97629;b=978791;p=ui=phMsqhoodpAKpB;tr=6nOPdlMvLJD;tm=0-0;ts=20100928203758;dct=;ord=20100928203758[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\BFG8XEG6\video-iframe[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\11285701979@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\11285702307@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\2628560ed88a0040[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\3993-109930-10420-5[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\402355-xp-cant-boot-into-safe[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\4716-malwarebytes-anti-malware[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\adserve[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\adserve[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\adserve[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\adserve[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\adserve[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[7].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\ads[8].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\click[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\clk[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\clk[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\clk[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\clk[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\d08eb793ff675be5[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\default[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\default[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\default[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\downloadget[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\error404[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\homepage_top[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\index[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\interstitial[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\Malwarebytes-Anti-Malware[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\PageBuilder[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\sitesearchGo[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\topic124092[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\topic124092[2].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\topic349353[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\tpp4[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\Tracker[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\url_info[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\url_info[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\url_info[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\v=4;m=2;l=14770;c=104135;b=1043525;p=ui=phMsqhoodpAKpB;tr=sKPRinA2g_A;tm=0-0;ts=20100928203058;dct=;ord=20100928203058[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\GXFV6UXA\v=4;m=2;l=14770;c=107792;b=1064316;p=ui=phMsqhoodpAKpB;tr=DBn2UePiYaB;tm=0-0;ts=20100928203302;dct=;ord=20100928203302[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\10326464[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\11285701656@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\11285702258@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\120100928203011@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\3993-109930-10420-5[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\4716-malwarebytes-anti-malware[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserveCAIXU261.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserveCAVI52O9.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[10].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[11].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[7].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[8].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\adserve[9].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ads[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ads[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ads[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ads[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ads[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ads[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ads[7].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\ad[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\B4814042[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\B4814042[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\B4814042[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\B4814042[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\B4814042[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\bleepingcomputer_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\clk[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\clk[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\default[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\forums[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\iframe[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\index[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\index[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\index[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\index[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\mail[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\Malwarebytes-Anti-Malware-Download-81598[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\malwarebytes-anti-malware[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\manutd_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\mbam[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\optn=64[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\optn=64[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\pay_as_you_go[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\pixel[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\pixel[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\search[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\SessionValidation[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\topic113548[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\topic124092[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\topic124092[2].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\v=4;m=2;l=14763;c=107792;b=1064302;p=ui=phMsqhoodpAKpB;tr=38rD_FoDOHB;tm=0-0;ts=20100928203230;dct=;ord=20100928203230[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\v=4;m=2;l=14770;c=104135;b=1043485;p=ui=phMsqhoodpAKpB;tr=W1f36k23uKF;tm=0-0;ts=20100928203039;dct=;ord=20100928203039[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\L0J9INQW\v=4;m=2;l=14770;c=106450;b=1053494;p=ui=phMsqhoodpAKpB;tr=WPrBpBwYsvA;tm=0-0;ts=20100928203011;dct=;ord=20100928203011[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\11285702210@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\11285702239@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\14410047885@x50[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ad-msm-credit[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adsCA2CCUJO.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adsCAGKA9YA.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adsCAHU9QLG.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adsCAJEGUT9.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adsCAU49JG0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adserve[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adserve[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\adserve[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[10].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[11].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[7].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[8].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ads[9].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ad[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ad[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ad[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\B4814042[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\clk[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\clk[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\clk[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\ContentLink[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\data_sync[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\default[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\default[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\default[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\default[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\flash[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\footer_external-wide[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\how-to-use-malwarebytes-anti-malware-tutorial[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\iframescript[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\index[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\index[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\index[3].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\index[4].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\index[5].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\index[6].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\minimall[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\optn=64[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\PageBuilder[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\PageBuilder[2].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\SessionValidation[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\sh23[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\sh24[1].html Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\solutions[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\topic114351[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\tweet_button[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\url_info[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Documents and Settings\sandy\Local Settings\Temporary Internet Files\Content.IE5\N0ELG37F\v=4;m=2;l=14770;c=107792;b=1064306;p=u

#11 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 29 September 2010 - 11:38 AM

Is this making sense to you....?
virus deleted - quarantined
C:\I386\NETSETUP.EXE Win32/Ramnit.B virus deleted - quarantined
C:\I386\SYSPARSE.EXE Win32/Ramnit.B virus deleted - quarantined
C:\I386\WINNT32.EXE Win32/Ramnit.B virus deleted - quarantined
C:\I386\WINNT32A.DLL Win32/Ramnit.B virus deleted - quarantined
C:\I386\WINNT32U.DLL Win32/Ramnit.B virus deleted - quarantined
C:\I386\WINNTBBA.DLL Win32/Ramnit.B virus deleted - quarantined
C:\I386\WINNTBBU.DLL Win32/Ramnit.B virus deleted - quarantined
C:\I386\WSDU.DLL Win32/Ramnit.B virus deleted - quarantined
C:\I386\WSDUENG.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Acrofx32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrMin\ENU\setup.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atiiprxx.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atippaxx.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\ATI Technologies\ATI Control Panel\atipuixx.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\AvRack\classic.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\AvRack\rtlrack.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\aw1\setup.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\Layout.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\PicMan.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\PicShare.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\Terminator.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\Uninstal.EXE Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\IP2\Branding.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\IP2\InsertDetect.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Boots F2CD\Picture Suite\IP2\IP2.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CAL\CanonPtpIpForI.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CAL\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\asfCIGLibWrap.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\CALIB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\canonIHL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\CIOS.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\EnoJPEG4.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\rcDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\rcDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\rcParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\rdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\rdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDC\rdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CameraLauncherDVC.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CameraWindowCompDVC.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CameraWindow_ATLDVC.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CamMenuLaunch.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\cdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\cdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\cdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CDPTPCLT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CDRAPCLS.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CDSDK.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\cdsdk2ap.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CL2SDK.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\comndlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\MCSM.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\MyCameraDVC.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\psCamDat.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\pscCSDlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\RCTask.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\SSMaker.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC\unicows.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CALIB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CameraLauncherDVC6.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CameraWindowCompDVC6.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CamSetDlg.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\canonIHL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\comndlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CW2ZB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\CWMarkFile.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImg137.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImg139.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImg140.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImg404.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgJ10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgJ11.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgP01.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgP02.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgP03.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgP04.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT2X.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\DeImgT31.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT40.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT41.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT50.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT60.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT70.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\deImgT72.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\DirectTransfer.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\MyCameraDVC6.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\PspropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\rcDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\rcDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\rcParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\rcPropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\rdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\rdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\rdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CALIB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CamerawindowCommand.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\comndlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\STIReg_DVC.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\canonIHL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\comndlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImg137.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImg139.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImg140.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImg404.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgJ10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgJ11.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgP01.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgP02.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgP03.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgP04.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT2X.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\DeImgT31.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT40.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT41.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT50.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT60.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT70.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\deImgT72.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\MCM.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\MyCamera.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\MyCamSettingsCommand.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\PspropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\rcDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\rcDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\rcParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\rcPropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\rdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\rdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCamera\rdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\CALIB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\canonIHL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\comndlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImg137.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImg139.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImg140.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImg404.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgJ10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgJ11.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgP01.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgP02.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgP03.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgP04.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT2X.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\DeImgT31.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT40.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT41.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT50.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT60.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT70.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\deImgT72.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\MyCameraDC.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\PspropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\rcDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\rcDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\rcParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\rcPropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\rdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\rdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\MyCameraDC\rdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\CALIB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\canonIHL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\cdsdk2ap.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\comndlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\CRemSDK.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\CW2ZB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImg137.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImg139.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImg140.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImg404.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgJ10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgJ11.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgP01.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgP02.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgP03.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgP04.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT2X.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\DeImgT31.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT40.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT41.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT50.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT60.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT70.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\deImgT72.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\PspropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\rcDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\rcDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\rcParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\rcPropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\rdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\rdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\rdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\RemoteCaptureDC.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\CALIB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\canonIHL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\cdsdk2ap.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\comndlg.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\CRemSDK.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\CW2ZB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImg137.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImg139.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImg140.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImg404.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgJ10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgJ11.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgP01.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgP02.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgP03.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgP04.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT2X.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\DeImgT31.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT40.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT41.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT50.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT60.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT70.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\deImgT72.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\PspropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\rcDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\rcDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\rcParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\rcPropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\RCTask.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\rdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\rdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\rdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CSCLIB\CDPROC.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CSCLIB\CDPROCMN.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CSCLIB\CDPTPCLS.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CSCLIB\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CSCLIB\EWatch.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\CSCLIB\IWrap.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\EOS Utility\EDSDK.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\EOS Utility\EdsImage.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\EOS Utility\EOS Utility.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\EOS Utility\ResCW.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\EOS Utility\Unicows.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\EOS Utility\ZbTaskEOSUtility.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\MDP\CanonRotateFilter.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\MDP\MDP.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\MDP\msvcr80.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\360View.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lfbmp13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\LFCMP13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lffax13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lffpx13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lffpx7.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lfkodak.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lflma13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lflmb13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lfpcd13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\Lfpct13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lfpsd13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lftif13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\Lfwmf13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\LTDIS13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\ltefx13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\ltfil13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\ltimg13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\ltkrn13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\lttwn13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\MakeQtvr.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\psParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\stitch.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\PhotoStitch\STViewer.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\RAW Image Task\RAWCommand.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\BJEZPZ.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\CameraWindow_ATL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\CameraWindow_Proxy.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\canonIHL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\cdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\cdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\cdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\CustomInstall.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\CustomResource.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\dbconverter.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImg137.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImg139.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImg140.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImg404.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgJ10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgJ11.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgP01.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgP02.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgP03.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgP04.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT10.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT2X.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\DeImgT31.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT40.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT41.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT50.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT60.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT70.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\deImgT72.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\EnoJPEG4.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\lfbmp13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\LFCMP13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\lffax13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\lfpcd13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\lftif13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\LTCLR13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\LTDIS13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ltefx13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ltfil13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ltimg13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ltkrn13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\MDDDESSTB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\MDDLGS.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\MDDMOVIE.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\MDMTS.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\mfc80u.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\msvcr80.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\PspropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\rcDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\rcDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\rcParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\rcPropSt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\rdDcd.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\rdDvlp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\rdParse.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbCIGPromote.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbCommands.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbDmu.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbHtmlPreview.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbImageTaskAutoAdjustment.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbImageTaskCorrect.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbImageTaskCrop.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbImageTaskInsertText.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbImageTaskRedEye.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbImageTaskSharpness.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbLocalVolumeDevice.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbScreenSaver.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskCameraWindow.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskCDBurn.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskChangeFileName.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskClassifyIntoFolder.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskELP_IJ.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskEPPEX_EPP.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskExport.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskGeneralEdit.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskMovieDeskXP.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskMovieExportXP.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskMovieFrame.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskPhotoRecord.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskPrintCore.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskPrintLaunchOther.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskSearch.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskSendEmail.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZbTaskSlideShow.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_Commands.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_Controls.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_ControlsATL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_ImageCtrl.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_ImageViewer.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_SimpleHelp.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_TaskView.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_Toolbar.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_TreeView.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\ZBUI_Utils.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Canon\ZoomBrowser EX\Program\zb_ui.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Setup.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\iGdiCnv.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IScrCnv.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\ISRT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IUserCnv.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\_ISRES1033.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\IScript\iscript.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\PROOF\CHAPI3T1.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSTHES3.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\SRS\COM_WowXT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\SupportSoft\bin\avmanagerunified.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\SupportSoft\bin\fwmanager.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\SupportSoft\bin\msvcp60.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\SupportSoft\bin\opswatavcommon.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Common Files\SupportSoft\bin\ssctlsma.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Common\UpdateIPR.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\aeffmgr.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\atrc3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\ces_pluginhost.dll Win32/Ramnit.B virus deleted - quarantined

#12 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 29 September 2010 - 11:41 AM

Apologies if you didn't need to see every last bit of the log but here is hte last bit of it.
C:\Program Files\CyberLink\PowerDirector Express\CLDMA.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\CLEdtKrn.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\comctl32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\dnet3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\encn3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\enlv3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\erv13260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\lfbmp13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\LFCMP13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\lfgif13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\lftga13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\LTCLR13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\LTDIS13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\ltefx13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\ltfil13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\ltimg13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\ltkrn13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\pddvdparser.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\pncrt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\pngu3266.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\PowerDirector.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\rmbe3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\rmme3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\rmto3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\rv103260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\rv203260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\rv303260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\sipr3260.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\XTP8510Lib.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\OLRSubmission\OLRStateCheck.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\OLRSubmission\OLRSubmission.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDirector Express\Plugin\ces_plugin.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\AppBarCom.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\cldma.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\CLDShowX.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\CLInet.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\cltest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\dvdrgn.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRStateCheck.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\AEFFMgr.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\AuthorGVD.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\AuthorMVR.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\AuthorUTI.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\BGOLDLIB.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\BurningMgr.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\CDRBS2K.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\CDRBSVSD.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\CES_PlugInHost.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\CGENERAL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\CLDMA.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\CLDrvChk.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\CLEdtKrn.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\COMCDROM.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\DVDParser.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\EditingMgrWrapper.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\EvoParser.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\FSWizDLL.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Honoji.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\HwCtrlMgr.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\lfbmp13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\LFCMP13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\lffax13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\lfgif13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Lfpng13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\lfpsd13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\lftga13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\lftif13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\LTCLR13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\LTDIS13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\ltefx13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\ltfil13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\ltimg13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\ltkrn13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\LTWND13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\MFC71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\msvcr71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\MVRPlayerWrapper.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\PPDShowX.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\PPDShowXCM.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\PPRes.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Producer.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\PVRPlayerWrapper.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\RipDVD.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\RipMVR.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\RipPVR.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\SFFFAKE.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\STDCDR.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\STDCDRS.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\stdsff.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\stdsff2.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\WebUpdate.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\OLRSubmission\OLRStateCheck.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\OLRSubmission\OLRSubmission.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Plugin\CES_Picture.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Plugin\CES_PlugIn.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Plugin\CES_PlugIn_3.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Plugin\CES_PlugIn_4.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Plugin\CES_Template.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\PowerProducer\Plugin\CES_Title2.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\lfbmp13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\LFCMP13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\lffax13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\lfgif13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\Lfpng13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\lfpsd13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\lftga13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\lftif13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\LTCLR13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\LTDIS13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\ltefx13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\ltfil13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\ltimg13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\ltkrn13n.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\CyberLink\Shared Files\LTWND13n.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\InstProt.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\iedvtool.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\jsdbgui.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\jsdebuggeride.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\JSProfilerCore.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\jsprofilerui.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\ComTruSurroundXT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\DHIVI.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\DMO_TSXT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\DownmixDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\DSPDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\expDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\GPIProxy.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\IviContainerDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\timestretchDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\Common\Bin\viFxMvft.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\ComTruSurroundXT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\DHIVI.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\DMO_TSXT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\DownmixDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\DSPDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\expDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\GPIProxy.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\IviContainerDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\SNX_HID.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\timestretchDMO.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\viFxMvft.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\InterVideo\WinDVD\WinDVD.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\acs\AcsInstN.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\asp\aspcheck.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\coach\acpver.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\coach\aolcinst.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\qt\QTInsInf.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\rp\RealChk.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\rp\RealPl8.EXE Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\rp\rp9codec.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\vwpt\AOLVPChk.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\isp\aol\comps\vwpt\VPPrePop.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Java\j2re1.4.2_05\javaws\JavaWebStart.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Java\j2re1.4.2_05\javaws\javaws.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Java\j2re1.4.2_05\javaws\javawspl.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Java\j2re1.4.2_05\javaws\Readme_ja.html Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\ltmoh\ltmoh.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\ltmoh\mohapi.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\McAfee\MBK\ArbusComLib.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\McAfee\MBK\Differential.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\McAfee\MBK\MBKAlert.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\McAfee\MPS\IAEngine.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\McAfee\MPS\IAImageReader.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Microsoft Office\OFFICE11\BIDI32.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Microsoft Office\OFFICE11\GDIPLUS.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Microsoft Office\OFFICE11\HLP95EN.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Microsoft Office\OFFICE11\MULTIQ.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Microsoft Office\OFFICE11\REFEDIT.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Movie Maker\moviemk.exe Win32/Ramnit.B virus unable to clean
C:\Program Files\MSN\MSNCoreFiles\OOBE\obelog.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\O2\bin\libeay32.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\O2\bin\sdcidle.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\O2\bin\sdckillw.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\O2\bin\ssClearCache.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Outlook Express\msoe.dll Win32/Ramnit.B virus unable to clean
C:\Program Files\QuickTime\PictureViewer.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTTask.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin2.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin3.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin4.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin5.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin6.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin7.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\ExportControllerPS.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QTCF.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\QuickTime\QTSystem\QTJNative.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QTMLClient.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\srslabs\wowxt plug-in\DMO_WOWXT.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\srslabs\wowxt plug-in\msvcr70.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\srslabs\wowxt plug-in\WOWXTUIPlugIn.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\SUPERAntiSpyware\deupx.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\SUPERAntiSpyware\msvcr71.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\SUPERAntiSpyware\Plugins\sab_incr.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\SUPERAntiSpyware\Plugins\sab_mapi.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\SUPERAntiSpyware\Plugins\sab_wab.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\InstNT.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\SynTPCpl.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Synaptics\SynTP\Tutorial.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\InstNT.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynCtrl.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPAPI.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCoI.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCpl.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPFcs.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\Tutorial.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\sys2\sol.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\sys2\tnn.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\sys2\ton.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\sys5\sol.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Thomson\SpeedTouch USB\tools\regutil.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\ConfigFree\CFAssoc.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\ConfigFree\CFDropEx.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\ConfigFree\CFSvcsSrv.exe a variant of Win32/Kryptik.FTE trojan cleaned by deleting - quarantined
C:\Program Files\Toshiba\ConfigFree\diagnote.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\ConfigFree\NDSAPI.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\ConfigFree\NDSParts.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\ConfigFree\OpenProp.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\ConfigFree\QCDPJ.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\ConfigFree\VENAPI.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\ConfigFree\_CFTokenN.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PadTouch\PadExe.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\PadTouch\PadHook.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\PCDiag\BasicInfoRc.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\cdromtest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\cputest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\devlist.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\dialtonetest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\disptest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\fddtest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\hddrivetest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\memtest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\miditest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\PCDiag.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\PCDiagRc.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\resultcsv.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\sct.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\PCDiag\wavetest.exe Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\TOSCDSPD\CMDPST.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\TOSHIBA Applet\TF5Unist.dll Win32/Ramnit.B virus deleted - quarantined
C:\Program Files\Toshiba\TOSHIBA Controls\TBtnCommon.dll Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe Win32/Ramnit.B virus deleted (after the next restart) - quarantined
C:\Program Files\Trusteer\Rapport\data\html\rapport_config_console.html Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Trusteer\Rapport\data\html\shutdown_captcha_dialog.html Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Trusteer\Rapport\data\html\uninstall_dialog.html Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Windows NT\Accessories\wordpad.exe Win32/Ramnit.B virus unable to clean
C:\RECYCLER\S-1-5-21-3601365749-3282453344-3735173688-1006\Dc7.old Win32/Qhost trojan cleaned by deleting - quarantined
C:\SUPPORT\TOOLS\FASTWIZ.EXE Win32/Ramnit.B virus deleted - quarantined
C:\SUPPORT\TOOLS\MSRDPCLI.EXE Win32/Ramnit.B virus deleted - quarantined
C:\SUPPORT\TOOLS\SETUP.EXE Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\NET\TOOLS\TTCP.EXE Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\MIGISM_A.DLL Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\SCANSTATE_A.EXE Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\SCRIPT_A.DLL Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\SYSMOD.DLL Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\SYSMOD_A.DLL Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\ANSI\MIGISM.DLL Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\ANSI\SCANSTATE.EXE Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\ANSI\SCRIPT.DLL Win32/Ramnit.B virus deleted - quarantined
C:\VALUEADD\MSFT\USMT\ANSI\SYSMOD.DLL Win32/Ramnit.B virus deleted - quarantined


I should mention that at the end of the scan I was asked if I wanted to delete the quarantined objects. I said yes. Hope that was right.

Will restart machine and see how I get on and update you.
Would be interested to know what the above all means. (in simple terms of course)
Really curious as to how different scans can pick up some things and not others.

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:13 AM

Posted 29 September 2010 - 12:04 PM

Hi SimTim.

Gonna jump in here for a second because of the infection you have. I'm afraid I have very bad news.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smrgsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
-Reimaging the system
-Restoring the entire system using a full system backup from before the backdoor infection
-Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That€š€žs right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


Sorry to be the bearer of bad news.

***************************************************

In answer to your question:

Really curious as to how different scans can pick up some things and not others.

This is because different tools scan using different methods, databases, and algorithms. Sometimes you can only find something by looking for it in a certain way; the same concept applies here.

boopme and/or myself will gladly provide some information on reformatting if you'd like it.

~Blade

Edited by Blade Zephon, 29 September 2010 - 12:07 PM.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#14 Simtim

Simtim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 29 September 2010 - 12:29 PM

OK this is not good!
Not very good at computers or computer jargon but I can see I've got some problems.
Even when I restart I keep getting messages saying various things cannot be found or unable to locate components.

Please can you guide me through what I need to do and let m know when I need to bail out and buy another computer.
Do I take it I cannot safely use interent banking etc.
I have just bought a new printer. I guess I should hold off linking that up?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 29 September 2010 - 01:11 PM

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.


2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.


If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Windows XP Home and Professional forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users