Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects & TDSSkiller won't run


  • This topic is locked This topic is locked
12 replies to this topic

#1 j-mans

j-mans

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 May 2011 - 05:19 AM

Hi,

I am having some very annoying problems with my computer, any help would very appreciated.
Google keeps redirecting and upon starting up Internet Explorer 9 automatically opens, 3-4 times. Occassionally, strange sound clips keep playing as well, no more than 5-10 seconds each, swapping between speach and music. These problems have started since trying to remove the Windows Vista Recovery virus following the steps in this post: http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-recovery. I managed to cure most of the issues - I think, but was unable to launch the TDSSkiller, despite trying several variations on file names. I than followed these steps: www.bleepingcomputer.com/forums/topic372491.html. I have McAfee Security Centre and have spent several hours with their technicians but with no success. I have backed up my system on an external hardrive but am concerned that this harddrive could also be infected now.

Please help, I really need my computer to be able to work.

Please find the DDS files and GMER log attached:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jamie at 18:38:13 on 2011-05-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1216 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\mmc.exe
C:\Windows\System32\vds.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jamie\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uSearch Bar = Preserve
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110520175846.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Desktop Disc Tool] "c:\program files\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\jamie\appdata\roaming\microsoft\windows\start menu\programs\startup\guixpiat.exe
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-8 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-11-8 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-11-8 165032]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-10-14 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-8 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-8 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-8 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-8 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-8 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-8 141792]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-10-13 27648]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-10-13 689472]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-8 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-8 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-8 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-8 314088]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-8 84488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-21 14:40:16 -------- d-----w- c:\users\jamie\appdata\local\Citrix
2011-05-21 14:25:48 -------- d-----w- c:\users\jamie\appdata\roaming\McAfee
2011-05-21 13:42:06 210884 --s---w- c:\users\jamie\appdata\roaming\microsoft\windows\start menu\programs\startup\guixpiat.exe
2011-05-21 12:33:08 -------- d-----w- c:\program files\BBC iPlayer Desktop
2011-05-21 12:32:25 -------- d-----w- c:\users\jamie\appdata\local\{7C5A3206-0496-4DEE-A4A3-7F7E357D1D06}
2011-05-20 12:54:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-20 12:09:43 -------- d-----w- c:\users\jamie\appdata\local\{CEC41FA8-540B-4024-AB8A-27714B3E3E4B}
2011-05-18 14:49:11 -------- d-----w- c:\users\jamie\appdata\roaming\GetRightToGo
2011-05-18 09:11:20 -------- d-----w- c:\users\jamie\appdata\local\{748CDF6A-71B1-4CFF-8462-6AA69D29381E}
2011-05-17 09:10:24 -------- d-----w- c:\users\jamie\appdata\local\{EDD34A43-93B5-40D5-A53E-70C8DFC31D70}
2011-05-16 09:09:25 -------- d-----w- c:\users\jamie\appdata\local\{9BAA73E1-A014-451F-AAB1-9D11E47F3A19}
2011-05-15 10:49:48 -------- d-----w- c:\users\jamie\appdata\local\{B55C68D2-76F1-4E5F-A6EB-9A2FDFC0BB6F}
2011-05-13 17:24:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 17:11:23 -------- d-----w- c:\users\jamie\appdata\local\{0633DFE1-3674-4EF5-B9D6-2BFBA1ED8C62}
2011-05-12 07:58:28 -------- d-----w- c:\users\jamie\appdata\local\{8BBCF0D6-C042-4D84-87CE-2A4459C8E643}
2011-05-11 06:28:37 -------- d-----w- c:\users\jamie\appdata\local\{142968E1-E22E-427F-AA26-F81B03A14230}
2011-05-10 19:03:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-10 17:10:20 -------- d-----w- c:\users\jamie\appdata\local\{2B638BC9-481E-48AD-B69A-8CC4F17CFA14}
2011-05-09 18:33:07 -------- d-----w- c:\users\jamie\appdata\local\{1F0C1460-2BBD-4D11-AA6C-2666BCB443F7}
2011-05-09 06:25:55 -------- d-----w- c:\users\jamie\appdata\local\{1B13AF4E-E02C-43FC-9044-8DC10D152C96}
2011-05-08 10:18:26 -------- d-----w- c:\users\jamie\appdata\local\{85A126F4-DB98-4B86-99E8-E5EE970790A4}
2011-05-07 20:29:39 -------- d-----w- c:\users\jamie\appdata\local\{0F9F2744-A9DD-48BF-9354-221BF09CF9DE}
2011-05-06 10:42:39 -------- d-----w- c:\users\jamie\appdata\local\{A49C02E2-9BE6-486F-8E54-0F77AC76E1C4}
2011-05-05 20:12:59 -------- d-----w- c:\users\jamie\appdata\local\{50D8BFD1-8F7F-4150-A10F-8FCF6CC835BF}
2011-05-05 08:12:16 -------- d-----w- c:\users\jamie\appdata\local\{544D190C-8A7F-447E-B9CB-5316F0CFD659}
2011-05-04 08:30:54 -------- d-----w- c:\users\jamie\appdata\local\{444E57F2-2A15-4D61-8BC7-092BB8409C36}
2011-05-03 08:06:14 -------- d-----w- c:\users\jamie\appdata\local\{5C5CFF66-D50D-40EC-B98C-782D32AB641C}
2011-05-01 16:18:31 -------- d-----w- c:\users\jamie\appdata\local\{C4C97946-BF18-41F4-83AB-D304C37B535A}
2011-04-28 08:29:11 -------- d-----w- c:\users\jamie\appdata\local\{22A9A888-E66B-41A1-90FC-EAE26298FA23}
2011-04-27 07:42:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 07:42:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 07:42:43 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 07:37:36 -------- d-----w- c:\users\jamie\appdata\local\{03BC047C-7C64-4D80-9DF0-461211D90775}
2011-04-26 19:54:29 -------- d-----w- c:\users\jamie\appdata\local\{D3939F4B-6CAB-424C-8E25-13E9E215268B}
2011-04-26 07:12:20 -------- d-----w- c:\users\jamie\appdata\local\{D2502F01-BCFD-4B27-A229-BF690D07004F}
.
==================== Find3M ====================
.
2011-05-21 14:40:12 103784 ----a-w- c:\users\jamie\GoToAssistDownloadHelper.exe
2011-04-14 13:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 13:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01:38 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 13:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24:10 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24:02 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
============= FINISH: 18:39:06.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:51 PM

Posted 23 May 2011 - 11:28 AM

Hi

Please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *volsnap*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 j-mans

j-mans
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 24 May 2011 - 02:33 AM

Hi Catbyte,
Thanky you for your help, this is the results from that scan:

SystemLook 04.09.10 by jpshortstuff
Log created at 08:29 on 24/05/2011 by Jamie
Administrator - Elevation successful

========== filefind ==========

Searching for "*volsnap*"
C:\Windows\inf\volsnap.inf --a---- 1790 bytes [10:25 02/11/2006] [10:25 02/11/2006] E5EE5E075DAB1367001C467C70E8C580
C:\Windows\inf\volsnap.PNF --a---- 4940 bytes [10:25 02/11/2006] [09:21 11/04/2009] 8BB59B2576993A142AF85BAC5D9995F7
C:\Windows\System32\drivers\volsnap.sys --a---- 226280 bytes [07:00 20/10/2009] [06:32 11/04/2009] 147281C01FCB1DF9252DE2A10D5E7093
C:\Windows\System32\drivers\en-US\volsnap.sys.mui --a---- 32768 bytes [02:25 21/01/2008] [02:25 21/01/2008] 2A3DEAD70397152006B4E3CED20B41C4
C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc --a---- 198 bytes [12:41 02/11/2006] [12:41 02/11/2006] F040058B592FE682204B2FC15DDEAC0D
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf --a---- 1790 bytes [10:25 02/11/2006] [06:35 02/11/2006] E5EE5E075DAB1367001C467C70E8C580
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF --a---- 4940 bytes [13:03 02/11/2006] [09:21 11/04/2009] F86E905420A12D5AAE107DBBC25E6A18
C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys --a---- 226280 bytes [07:00 20/10/2009] [06:32 11/04/2009] 147281C01FCB1DF9252DE2A10D5E7093
C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys --a---- 208488 bytes [10:25 02/11/2006] [09:51 02/11/2006] 11EF6C1CAEF76B685233450A126125D6
C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys --a---- 227896 bytes [02:23 21/01/2008] [02:23 21/01/2008] D8B4A53DD2769F226B3EB374374987C9
C:\Windows\winsxs\Manifests\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6.manifest --a---- 1910 bytes [12:39 02/11/2006] [12:39 02/11/2006] 6AB82C548B2381F359B8494398B1A8E1
C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc --a---- 198 bytes [12:41 02/11/2006] [12:41 02/11/2006] F040058B592FE682204B2FC15DDEAC0D
C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui --a---- 14848 bytes [12:41 02/11/2006] [12:41 02/11/2006] F9B09F7E31E49004666C9B3EB0BEBD94
C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui --a---- 32768 bytes [02:25 21/01/2008] [02:25 21/01/2008] 2A3DEAD70397152006B4E3CED20B41C4
C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys --a---- 227896 bytes [02:23 21/01/2008] [02:23 21/01/2008] D8B4A53DD2769F226B3EB374374987C9
C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys --a---- 226280 bytes [07:00 20/10/2009] [06:32 11/04/2009] 147281C01FCB1DF9252DE2A10D5E7093

-= EOF =-

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:51 PM

Posted 24 May 2011 - 08:39 AM

We need to use the Recovery Environment to replace a file. Please review the instructions carefully and ask any questions you have before you start:

Open an elevated command window:
  • Click Start and type cmd in Start Search.
  • When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
Copy the contents of the following code box then right click in the command window, select paste and press "Enter"

copy C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys c:\

You should see "1 file copied on the screen" after the command

Type exit to close the command window.

(if you do not see 1 file copied, do not continue, but instead post back and let me know.)

Print out these instructions to use while in the Recovery Environment:

1. Restart your computer tapping the f8 key while it boots.
2. Select Repair your computer from the list of startup options.

If Repair your computer is not an option on the Advanced Startup menu, insert your Windows Vista DVD and restart the computer, then when prompted, select Repair your computer

3. Select your keyboard layout.
4. Enter your username and password (if you use one).
5. The System Recovery Options Menu should come up.
6. Select Command Prompt from the menu

This should open a x:\sources> prompt. This may vary depending on how you entered the Recovery Environment.

7. At the x:\sources> prompt, type the following bold entries, one at a time and press 'Enter' after each line. (refer to the quote box under the commands for the location of the spaces which are very important):

ren C:\Windows\System32\drivers\volsnap.sys volsnap.old
copy c:\volsnap.sys C:\Windows\System32\drivers\volsnap.sys

exit


ren<space>C:\Windows\System32\drivers\volsnap.sys<space>volsnap.old
copy<space>copy c:\volsnap.sys<space>C:\Windows\System32\drivers\volsnap.sys
exit


8. Reboot normally


Now try running TDSSKiller, post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 j-mans

j-mans
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 24 May 2011 - 10:23 AM

Unfortunately the cmd came back as:

Access is denied.
0 file(s) copied.

C:\users\jamie>

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:51 PM

Posted 24 May 2011 - 07:12 PM

That usually happens when the command window isn't elevated

Please make certain you open the command window as an administrator so that access will be allowed

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 j-mans

j-mans
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 25 May 2011 - 02:51 AM

Hi Catbyte,
Apologies, you were correct with the command prompt window. I ran Tdsskiller but it didn't find anything. Also, upon starting up I-explorer doesn't open up multiple times anymore and google seems to be not redirecting, this is odd because I haven't run malwarbytes or any other virus remover since starting this forum post, any ideas? Is my computer clean, or is the bug "hiding" somewhere, the Tdsskiller results are below:


2011/05/25 08:37:25.0753 4796 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 08:37:26.0162 4796 ================================================================================
2011/05/25 08:37:26.0162 4796 SystemInfo:
2011/05/25 08:37:26.0162 4796
2011/05/25 08:37:26.0162 4796 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/25 08:37:26.0162 4796 Product type: Workstation
2011/05/25 08:37:26.0163 4796 ComputerName: JAMIE-PC
2011/05/25 08:37:26.0163 4796 UserName: Jamie
2011/05/25 08:37:26.0163 4796 Windows directory: C:\Windows
2011/05/25 08:37:26.0163 4796 System windows directory: C:\Windows
2011/05/25 08:37:26.0163 4796 Processor architecture: Intel x86
2011/05/25 08:37:26.0163 4796 Number of processors: 4
2011/05/25 08:37:26.0163 4796 Page size: 0x1000
2011/05/25 08:37:26.0163 4796 Boot type: Normal boot
2011/05/25 08:37:26.0163 4796 ================================================================================
2011/05/25 08:37:28.0222 4796 Initialize success
2011/05/25 08:42:48.0304 5980 ================================================================================
2011/05/25 08:42:48.0304 5980 Scan started
2011/05/25 08:42:48.0304 5980 Mode: Manual;
2011/05/25 08:42:48.0304 5980 ================================================================================
2011/05/25 08:42:48.0854 5980 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/25 08:42:48.0898 5980 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/25 08:42:48.0965 5980 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/25 08:42:48.0993 5980 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/25 08:42:49.0019 5980 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/25 08:42:49.0135 5980 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/25 08:42:49.0182 5980 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/25 08:42:49.0249 5980 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/25 08:42:49.0297 5980 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/25 08:42:49.0335 5980 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/25 08:42:49.0364 5980 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/25 08:42:49.0389 5980 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/25 08:42:49.0416 5980 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/25 08:42:49.0467 5980 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/25 08:42:49.0490 5980 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/25 08:42:49.0523 5980 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/25 08:42:49.0586 5980 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/25 08:42:49.0692 5980 atikmdag (7a46cf1f1075eb0340ea40f12d88a862) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/25 08:42:49.0899 5980 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/05/25 08:42:50.0038 5980 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/25 08:42:50.0093 5980 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/25 08:42:50.0129 5980 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/25 08:42:50.0205 5980 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/25 08:42:50.0235 5980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/25 08:42:50.0257 5980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/25 08:42:50.0305 5980 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/25 08:42:50.0344 5980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/25 08:42:50.0381 5980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/25 08:42:50.0399 5980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/25 08:42:50.0434 5980 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/25 08:42:50.0480 5980 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/25 08:42:50.0521 5980 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/25 08:42:50.0608 5980 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/05/25 08:42:50.0681 5980 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/25 08:42:50.0742 5980 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/25 08:42:50.0791 5980 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/25 08:42:50.0818 5980 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
2011/05/25 08:42:50.0880 5980 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/25 08:42:50.0916 5980 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/25 08:42:50.0969 5980 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/25 08:42:51.0028 5980 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/25 08:42:51.0098 5980 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/25 08:42:51.0171 5980 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/25 08:42:51.0210 5980 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/25 08:42:51.0241 5980 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/25 08:42:51.0328 5980 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/25 08:42:51.0378 5980 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/25 08:42:51.0431 5980 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2011/05/25 08:42:51.0532 5980 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/25 08:42:51.0551 5980 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/25 08:42:51.0608 5980 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/25 08:42:51.0651 5980 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/25 08:42:51.0688 5980 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/25 08:42:51.0736 5980 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/25 08:42:51.0776 5980 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/25 08:42:51.0804 5980 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/25 08:42:51.0845 5980 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/25 08:42:51.0929 5980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/25 08:42:52.0064 5980 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/25 08:42:52.0150 5980 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/25 08:42:52.0185 5980 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/25 08:42:52.0219 5980 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/25 08:42:52.0310 5980 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/25 08:42:52.0352 5980 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/25 08:42:52.0572 5980 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/25 08:42:52.0617 5980 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/25 08:42:52.0676 5980 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/25 08:42:52.0754 5980 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
2011/05/25 08:42:52.0962 5980 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/25 08:42:53.0002 5980 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/25 08:42:53.0635 5980 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/25 08:42:53.0729 5980 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/25 08:42:53.0744 5980 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/25 08:42:53.0814 5980 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/25 08:42:53.0837 5980 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/25 08:42:53.0900 5980 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/25 08:42:53.0946 5980 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/25 08:42:54.0001 5980 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/25 08:42:54.0055 5980 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/25 08:42:54.0110 5980 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/25 08:42:54.0156 5980 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/25 08:42:54.0218 5980 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/25 08:42:54.0432 5980 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/25 08:42:54.0518 5980 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/25 08:42:54.0584 5980 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/25 08:42:54.0610 5980 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/25 08:42:54.0667 5980 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/25 08:42:54.0703 5980 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/25 08:42:54.0797 5980 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/25 08:42:54.0853 5980 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/25 08:42:54.0929 5980 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/05/25 08:42:54.0971 5980 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/05/25 08:42:55.0108 5980 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/05/25 08:42:55.0140 5980 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/05/25 08:42:55.0211 5980 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/05/25 08:42:55.0285 5980 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/05/25 08:42:55.0364 5980 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/05/25 08:42:55.0462 5980 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/05/25 08:42:55.0564 5980 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/25 08:42:55.0600 5980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/25 08:42:55.0615 5980 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/25 08:42:55.0690 5980 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/25 08:42:55.0723 5980 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/25 08:42:55.0743 5980 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/25 08:42:55.0769 5980 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/25 08:42:55.0810 5980 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/25 08:42:55.0866 5980 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/25 08:42:55.0927 5980 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/25 08:42:55.0945 5980 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/25 08:42:55.0964 5980 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/25 08:42:56.0006 5980 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/05/25 08:42:56.0199 5980 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/25 08:42:56.0258 5980 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/25 08:42:56.0307 5980 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/25 08:42:56.0348 5980 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/25 08:42:56.0376 5980 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/25 08:42:56.0403 5980 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/25 08:42:56.0460 5980 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/25 08:42:56.0558 5980 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/25 08:42:56.0594 5980 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/25 08:42:56.0623 5980 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/25 08:42:56.0686 5980 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/25 08:42:56.0758 5980 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/25 08:42:56.0782 5980 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/25 08:42:56.0802 5980 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/25 08:42:56.0862 5980 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/25 08:42:56.0886 5980 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/25 08:42:56.0906 5980 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/25 08:42:56.0965 5980 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/25 08:42:57.0027 5980 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/25 08:42:57.0081 5980 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/25 08:42:57.0130 5980 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/25 08:42:57.0204 5980 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/25 08:42:57.0301 5980 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/25 08:42:57.0320 5980 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/25 08:42:57.0417 5980 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/25 08:42:57.0478 5980 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/25 08:42:57.0516 5980 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/25 08:42:57.0629 5980 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/25 08:42:57.0722 5980 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/25 08:42:57.0753 5980 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/25 08:42:57.0789 5980 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/25 08:42:57.0934 5980 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/05/25 08:42:57.0975 5980 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/25 08:42:58.0030 5980 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/25 08:42:58.0081 5980 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/25 08:42:58.0157 5980 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/25 08:42:58.0254 5980 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/25 08:42:58.0298 5980 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/25 08:42:58.0359 5980 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/25 08:42:58.0393 5980 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/25 08:42:58.0465 5980 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/25 08:42:58.0563 5980 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/25 08:42:58.0631 5980 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/25 08:42:58.0725 5980 R300 (7a46cf1f1075eb0340ea40f12d88a862) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/25 08:42:58.0809 5980 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/25 08:42:58.0877 5980 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/25 08:42:58.0916 5980 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/25 08:42:58.0937 5980 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/25 08:42:58.0993 5980 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/25 08:42:59.0011 5980 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/25 08:42:59.0054 5980 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/25 08:42:59.0083 5980 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/25 08:42:59.0127 5980 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/25 08:42:59.0195 5980 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/25 08:42:59.0231 5980 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/25 08:42:59.0346 5980 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/05/25 08:42:59.0385 5980 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/25 08:42:59.0453 5980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/25 08:42:59.0485 5980 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/25 08:42:59.0521 5980 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/25 08:42:59.0561 5980 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/25 08:42:59.0605 5980 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/25 08:42:59.0633 5980 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/25 08:42:59.0659 5980 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/25 08:42:59.0685 5980 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/25 08:42:59.0738 5980 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/25 08:42:59.0771 5980 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/25 08:42:59.0809 5980 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/25 08:42:59.0863 5980 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/25 08:42:59.0906 5980 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/25 08:42:59.0989 5980 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/25 08:43:00.0038 5980 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/25 08:43:00.0091 5980 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/25 08:43:00.0164 5980 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/25 08:43:00.0187 5980 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/25 08:43:00.0219 5980 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/25 08:43:00.0276 5980 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/25 08:43:00.0305 5980 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/25 08:43:00.0412 5980 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/25 08:43:00.0610 5980 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/25 08:43:00.0683 5980 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/25 08:43:00.0716 5980 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/25 08:43:00.0753 5980 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/25 08:43:00.0820 5980 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/25 08:43:00.0880 5980 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/25 08:43:00.0965 5980 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/25 08:43:01.0015 5980 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/25 08:43:01.0103 5980 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/25 08:43:01.0147 5980 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/25 08:43:01.0191 5980 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/25 08:43:01.0241 5980 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/25 08:43:01.0313 5980 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/25 08:43:01.0358 5980 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/25 08:43:01.0384 5980 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/25 08:43:01.0405 5980 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/25 08:43:01.0490 5980 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/25 08:43:01.0547 5980 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/25 08:43:01.0591 5980 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/25 08:43:01.0701 5980 usbehci (8d75aec2bba8d041976d1831a03e42fc) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/25 08:43:01.0819 5980 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/25 08:43:01.0845 5980 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/25 08:43:01.0906 5980 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/25 08:43:01.0950 5980 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/25 08:43:01.0998 5980 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/25 08:43:02.0056 5980 usbuhci (407fa9318014a409c4575b77493950c8) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/25 08:43:02.0197 5980 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/25 08:43:02.0227 5980 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/25 08:43:02.0262 5980 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/25 08:43:02.0304 5980 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/25 08:43:02.0330 5980 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/25 08:43:02.0357 5980 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/25 08:43:02.0398 5980 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/25 08:43:02.0466 5980 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/25 08:43:02.0502 5980 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/25 08:43:02.0547 5980 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/25 08:43:02.0593 5980 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 08:43:02.0614 5980 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 08:43:02.0662 5980 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/25 08:43:02.0685 5980 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/25 08:43:02.0818 5980 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/25 08:43:02.0919 5980 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/25 08:43:02.0968 5980 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/25 08:43:03.0017 5980 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/25 08:43:03.0094 5980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/05/25 08:43:03.0105 5980 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk6\DR6
2011/05/25 08:43:03.0115 5980 ================================================================================
2011/05/25 08:43:03.0115 5980 Scan finished
2011/05/25 08:43:03.0115 5980 ================================================================================
2011/05/25 08:43:03.0127 4876 Detected object count: 0
2011/05/25 08:43:03.0127 4876 Actual detected object count: 0

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:51 PM

Posted 25 May 2011 - 08:34 AM

I believe the infection was in the volsnap.sys file, so when we replaced that, we removed the infection.

Please run the following:

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 j-mans

j-mans
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 25 May 2011 - 08:59 AM

ComboFix 11-05-24.06 - Jamie 25/05/2011 14:48:06.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1733 [GMT 1:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jamie\AppData\Local\{0066AF11-E043-491B-9FD1-3EFB9A3E3E08}
c:\users\Jamie\AppData\Local\{0066AF11-E043-491B-9FD1-3EFB9A3E3E08}\chrome.manifest
c:\users\Jamie\AppData\Local\{0066AF11-E043-491B-9FD1-3EFB9A3E3E08}\chrome\content\_cfg.js
c:\users\Jamie\AppData\Local\{0066AF11-E043-491B-9FD1-3EFB9A3E3E08}\chrome\content\overlay.xul
c:\users\Jamie\AppData\Local\{0066AF11-E043-491B-9FD1-3EFB9A3E3E08}\install.rdf
c:\users\Jamie\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\Jamie\AppData\Roaming\Adobe\plugs
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast Disk
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast Disk\Fast Disk.lnk
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast Disk\Uninstall Fast Disk.lnk
c:\users\Jamie\g2mdlhlpx.exe
c:\users\Jamie\GoToAssistDownloadHelper.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))
.
.
2011-05-25 16:33 . 2009-04-11 06:32 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-25 07:57 . 2011-05-25 07:57 -------- d-----w- c:\users\Jamie\AppData\Local\{63DFEC88-B598-483A-908B-84E482A1855A}
2011-05-25 07:20 . 2009-04-11 06:32 226280 ----a-w- C:\volsnap.sys
2011-05-24 19:56 . 2011-05-24 19:56 -------- d-----w- c:\users\Jamie\AppData\Local\{12F6CA5E-79FC-43FC-A7E5-77143765DB87}
2011-05-24 07:25 . 2011-05-24 07:25 -------- d-----w- c:\users\Jamie\AppData\Local\{BF617699-B4D0-4F13-AA10-E418D02653D7}
2011-05-23 18:01 . 2011-05-23 18:01 -------- d-----w- c:\users\Jamie\AppData\Local\{AB276DB6-2AF9-4D4E-A538-49DB59026FE6}
2011-05-23 08:18 . 2011-05-23 08:18 -------- d-----w- c:\users\Jamie\AppData\Local\{DBB47993-1E59-4208-8B99-F44615B9AF35}
2011-05-23 08:11 . 2011-05-23 08:11 -------- d-----w- c:\users\Jamie\AppData\Local\{FA091EBD-366E-48FC-A3D4-44139D32281F}
2011-05-22 21:09 . 2011-05-22 21:10 -------- d-----w- c:\users\Jamie\AppData\Local\{388AF1AC-6D21-4544-91C7-4A2322DBE4BD}
2011-05-22 20:01 . 2011-05-22 20:01 -------- d-----w- c:\users\Jamie\AppData\Local\{92DCC399-ED6C-4920-AF1F-C7D7C1F4513C}
2011-05-21 14:40 . 2011-05-21 14:40 -------- d-----w- c:\users\Jamie\AppData\Local\Citrix
2011-05-21 14:25 . 2011-05-21 14:25 -------- d-----w- c:\users\Jamie\AppData\Roaming\McAfee
2011-05-21 12:33 . 2011-05-21 12:33 -------- d-----w- c:\program files\BBC iPlayer Desktop
2011-05-21 12:32 . 2011-05-21 12:32 -------- d-----w- c:\users\Jamie\AppData\Local\{7C5A3206-0496-4DEE-A4A3-7F7E357D1D06}
2011-05-20 12:54 . 2011-05-20 12:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-20 12:09 . 2011-05-20 12:09 -------- d-----w- c:\users\Jamie\AppData\Local\{CEC41FA8-540B-4024-AB8A-27714B3E3E4B}
2011-05-18 17:29 . 2011-05-18 17:29 -------- d-----w- c:\programdata\WindowsSearch
2011-05-18 14:49 . 2011-05-18 14:49 -------- d-----w- c:\users\Jamie\AppData\Roaming\GetRightToGo
2011-05-18 14:47 . 2011-05-18 14:47 -------- d-----w- c:\windows\Sun
2011-05-18 09:11 . 2011-05-18 09:11 -------- d-----w- c:\users\Jamie\AppData\Local\{748CDF6A-71B1-4CFF-8462-6AA69D29381E}
2011-05-17 09:10 . 2011-05-17 21:10 -------- d-----w- c:\users\Jamie\AppData\Local\{EDD34A43-93B5-40D5-A53E-70C8DFC31D70}
2011-05-16 09:09 . 2011-05-16 21:10 -------- d-----w- c:\users\Jamie\AppData\Local\{9BAA73E1-A014-451F-AAB1-9D11E47F3A19}
2011-05-15 10:49 . 2011-05-15 10:49 -------- d-----w- c:\users\Jamie\AppData\Local\{B55C68D2-76F1-4E5F-A6EB-9A2FDFC0BB6F}
2011-05-13 17:24 . 2011-05-13 17:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 17:14 . 2011-05-13 17:14 -------- d-----w- c:\program files\Common Files\Skype
2011-05-13 17:11 . 2011-05-13 17:11 -------- d-----w- c:\users\Jamie\AppData\Local\{0633DFE1-3674-4EF5-B9D6-2BFBA1ED8C62}
2011-05-12 07:58 . 2011-05-12 07:58 -------- d-----w- c:\users\Jamie\AppData\Local\{8BBCF0D6-C042-4D84-87CE-2A4459C8E643}
2011-05-11 06:28 . 2011-05-11 06:28 -------- d-----w- c:\users\Jamie\AppData\Local\{142968E1-E22E-427F-AA26-F81B03A14230}
2011-05-10 19:03 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 17:10 . 2011-05-10 17:10 -------- d-----w- c:\users\Jamie\AppData\Local\{2B638BC9-481E-48AD-B69A-8CC4F17CFA14}
2011-05-09 18:33 . 2011-05-09 18:33 -------- d-----w- c:\users\Jamie\AppData\Local\{1F0C1460-2BBD-4D11-AA6C-2666BCB443F7}
2011-05-09 06:25 . 2011-05-09 06:26 -------- d-----w- c:\users\Jamie\AppData\Local\{1B13AF4E-E02C-43FC-9044-8DC10D152C96}
2011-05-08 10:18 . 2011-05-08 10:18 -------- d-----w- c:\users\Jamie\AppData\Local\{85A126F4-DB98-4B86-99E8-E5EE970790A4}
2011-05-07 20:29 . 2011-05-07 20:29 -------- d-----w- c:\users\Jamie\AppData\Local\{0F9F2744-A9DD-48BF-9354-221BF09CF9DE}
2011-05-06 10:42 . 2011-05-06 10:42 -------- d-----w- c:\users\Jamie\AppData\Local\{A49C02E2-9BE6-486F-8E54-0F77AC76E1C4}
2011-05-05 20:12 . 2011-05-05 20:13 -------- d-----w- c:\users\Jamie\AppData\Local\{50D8BFD1-8F7F-4150-A10F-8FCF6CC835BF}
2011-05-05 08:12 . 2011-05-05 08:12 -------- d-----w- c:\users\Jamie\AppData\Local\{544D190C-8A7F-447E-B9CB-5316F0CFD659}
2011-05-04 08:30 . 2011-05-04 08:31 -------- d-----w- c:\users\Jamie\AppData\Local\{444E57F2-2A15-4D61-8BC7-092BB8409C36}
2011-05-03 08:06 . 2011-05-03 20:06 -------- d-----w- c:\users\Jamie\AppData\Local\{5C5CFF66-D50D-40EC-B98C-782D32AB641C}
2011-05-01 16:18 . 2011-05-01 16:18 -------- d-----w- c:\users\Jamie\AppData\Local\{C4C97946-BF18-41F4-83AB-D304C37B535A}
2011-04-28 08:29 . 2011-04-28 08:29 -------- d-----w- c:\users\Jamie\AppData\Local\{22A9A888-E66B-41A1-90FC-EAE26298FA23}
2011-04-27 07:42 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 07:42 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 07:42 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 07:37 . 2011-04-27 19:38 -------- d-----w- c:\users\Jamie\AppData\Local\{03BC047C-7C64-4D80-9DF0-461211D90775}
2011-04-26 19:54 . 2011-04-26 19:54 -------- d-----w- c:\users\Jamie\AppData\Local\{D3939F4B-6CAB-424C-8E25-13E9E215268B}
2011-04-26 07:12 . 2011-04-26 07:12 -------- d-----w- c:\users\Jamie\AppData\Local\{D2502F01-BCFD-4B27-A229-BF690D07004F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 13:01 . 2010-11-08 11:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01 . 2010-11-08 11:26 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 13:01 . 2010-11-08 11:26 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01 . 2010-11-08 11:26 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01 . 2010-11-08 11:26 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 13:01 . 2010-11-08 11:26 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01 . 2010-11-08 11:26 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01 . 2010-11-08 11:26 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01 . 2010-11-08 11:26 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01 . 2010-11-08 11:26 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 13:01 . 2010-11-08 11:26 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-10 17:03 . 2011-04-14 09:10 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 09:10 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 08:41 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:42 . 2011-04-14 09:10 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 07:42 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 07:42 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 07:42 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 07:42 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-14 09:10 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 09:10 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-04-29 11:12 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-26 395640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 3810304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-13 61440]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-18 494064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-04-29 395144]
.
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-5-21 142848]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 14:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58910388
*Deregistered* - 58910388
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-05-25 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-10-13 11:18]
.
2011-05-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-tvncontrol - c:\program files\TightVNC\tvnserver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-25 14:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2729741768-3134241513-1902051153-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,e9,dc,7d,93,10,5b,a2,38,c9,53,7d,c1,24,33,24,ac,f0,46,7b,87,
22,3d,7e,85,54,86,7f,c0,e4,a4,26,a7,e5,60,77,b3,04,13,6f,46,fe,87,08,0e,6f,\
"rkeysecu"=hex:fa,e9,95,19,25,a9,d3,20,06,5f,e6,8d,15,73,22,ae
.
Completion time: 2011-05-25 14:58:09
ComboFix-quarantined-files.txt 2011-05-25 13:58
.
Pre-Run: 290,205,990,912 bytes free
Post-Run: 291,258,290,176 bytes free
.
- - End Of File - - D3F27C08E36E17AB081B8CB1EB08AAC4

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:51 PM

Posted 25 May 2011 - 09:25 AM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT


Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 j-mans

j-mans
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 25 May 2011 - 03:40 PM

Hi Catbyte,

Please find the Malwarebytes log and Esetscan below. I ran the Malwarebytes for the full scan and I made a slight mistake with the Esetscan - I left the "remove found threats" box ticked, however I did'nt delete the quarantined files - I hope this hasn't caused any problems.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6674

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

25/05/2011 17:22:11
mbam-log-2011-05-25 (17-22-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 340146
Time elapsed: 1 hour(s), 34 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

C:\Program Files\Dell Inc\Dell Edoc Viewer\fx740\Index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\eap-fast.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\glossary.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\index.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\intro.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\leap.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\peap-gtc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\perform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\props.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\regs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\setup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1350mp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1350pc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1370mp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1390ec.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1390mc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1395mc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1397hm.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1450mp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1470mp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1490mc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1500mc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1505mc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\sp1510hm.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\specs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Dell Inc\Dell Edoc Viewer\m280p\trouble.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Acro Software\CutePDF Writer\README.HTM Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Adobe\Reader 9.0\ReadMe.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Adobe\Reader 9.0\Reader\Legal\ENU\license.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\de\welcome_FMV.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\de\welcome_generic.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_FMV.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_generic.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_MR9600_MOB.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_MR9700_MOB.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_R9600_DSK.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_R9700_DSK.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_R9800_DSK.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_en-US_RX800_DSK.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_FMV.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcome_generic.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\en-US\welcom_en-US_cycle.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\es\welcome_FMV.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\es\welcome_generic.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\fr\welcome_FMV.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\fr\welcome_generic.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\pt-BR\welcome_FMV.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ATI Technologies\ATI.ACE\Graphics-Full-Existing\Welcome\pt-BR\welcome_generic.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\CamStudio\help.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\CamStudio\helpProducer.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\inspector.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\da.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\de.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\en.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\es.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\fi.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\fr.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\it.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\ja.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\ko.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\nb.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\nl.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\pl.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\pt.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\pt_PT.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\ru.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\sv.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\zh_CN.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncPref.resources\zh_TW.lproj\YEULA.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\activation.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\component.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\help.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\IEVersion.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\LS_not_connected.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\LS_pleasewait.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\LS_Registration.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\not_connected.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\no_connection_input.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\options.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\pleasewait.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\purchase.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\registration.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\successful.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\v2\ROLLBACK_1\activation.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\v2\ROLLBACK_1\footer.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\v2\ROLLBACK_1\not_connected.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\v2\ROLLBACK_1\no_connection_input.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\v2\ROLLBACK_1\pleasewait.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_12\v2\ROLLBACK_1\successful.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Windows Live\.cache\af592a511cb7f3b2b\InstallerService\start.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Windows Live\.cache\af592a511cb7f3b2b\InstallerService\tou.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Common Files\Windows Live\.cache\af592a511cb7f3b2b\InstallerService\version.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell\DellDock\Data\weblink.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell\DellDock\Docs\advanced_settings.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell\DellDock\Docs\changing_icons.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell\DellDock\Docs\customize.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell\DellDock\Docs\default.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell\DellDock\Docs\help_tutorials.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell\DellDock\Docs\intro.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\Resources\templates\ERFTest.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\Resources\templates\scriptconfirmation.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\Resources\templates\sysinfopage.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_da.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_de.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_en.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_es.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_fi.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_fr.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_it.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_ja.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_ko.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_nb.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_nl.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_pl.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_pt.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_ru.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_sv.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_zh-cn.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Dell Support Center\updater\boards\updater_local_zh-tw.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Docudesk\deskUNPDF3\runtime\Welcome.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\pb\htm\la001310.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\pb\htm\lc001110.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\pb\htm\ma001310.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\pb\htm\mc001110.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\pb\htm\wa001310.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\pb\htm\wc001110.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\cshdat_robohelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\cshdat_webhelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Electronic_Arts_Technical_Support.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Electronic_Arts_Technical_Support_csh.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Electronic_Arts_Technical_Support_rhc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Welcome.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whcshdata.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whcsh_home.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whfbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whfdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whfform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdef.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whibody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whidhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whiform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whnjs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whproj.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_banner.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_blank.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_frmset01.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_frmset010.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_homepage.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_info.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_mbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_papplet.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_pdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_pickup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_plist.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_tbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whskin_tw.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whtdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\DirectX\DX_Check_Direct3D.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\DirectX\DX_Check_for_Signed_Drivers.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\DirectX\DX_DirectX_Install_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\DirectX\DX_DirectX_Requirements.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\DirectX\DX_DirectX_Troubleshooting.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\INST_Installation_Troubleshooting.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\INST_Pre-Install_Preparation.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Issues_After_Install\INST_Issues_After_Install.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Issues_After_Install\INST_Windows_Looks_Different.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Media_Issues\INST_Can_t_Read_A_File.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Media_Issues\INST_Insert_CD_Error.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Media_Issues\INST_Media_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Media_Issues\INST_Selecting_a_Hard_Drive.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Requirements_Issues\INST_Minimum_Requirements_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Requirements_Issues\INST_Out_Of_Disk_Space.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Install\Requirements_Issues\Requirements_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Online\ONLN_Can_t_See_LAN_Game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Online\ONLN_Connection_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Online\ONLN_Online_Troubles.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Online\ONLN_Poor_Performance.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\PLYG_Audio_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\PLYG_Controller_Does_Not_Work.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\PLYG_Crashing.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\PLYG_Errors_While_Playing.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\PLYG_Issues_While_Playing.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\PLYG_Poor_Performance.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\PLYG_Video_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\Lockups\PLYG_Frozen_On_Screen.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\Lockups\PLYG_Lockups.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\Lockups\PLYG_Not_Responding_To_Input.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Playing_the_Game\Lockups\PLYG_Repeating_Sound.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\Check_Minimum_Requirements.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\Disk_Cleanup_and_Defrag.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\STND_Change_Screen_Resolution.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\STND_Changing_Drive_Letters.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\STND_Close_Background_Tasks.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\STND_Empty_Temporary_Internet_Files.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\STND_Lower_Sound_Acceleration.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\STND_Update_Drivers.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Standard_Items\STND_Virtual_Memory.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\STRTG_Errors.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\STRTG_Starting_the_Game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\Crashes\STRTG_CP_Crash.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\Crashes\STRTG_Crashing_Back_To_Desktop.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\Crashes\STRTG_Crash_After_Full_Screen.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\Lockups\STRTG_Blank_Screen_Lockup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\Lockups\STRTG_CP_Lockup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\Lockups\STRTG_Lockups.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\Starting_the_Game\Lockups\STRTG_Repeating_Sound.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whftdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whfts.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whfwdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whglo.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whidata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whidx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whtdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whdata\whtoc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf1.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf10.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf4.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf5.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf6.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf7.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf8.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstf9.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl1.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl10.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl11.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl12.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl13.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl14.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl15.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl16.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl17.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl18.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl19.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl20.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl21.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl22.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl23.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl4.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl5.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl6.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl7.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl8.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstfl9.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstg0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlsti0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt1.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt10.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt11.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt12.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt4.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt5.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt6.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt7.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt8.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whlstt9.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvf30.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvf31.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvf32.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvf33.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvl31.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvl32.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvl33.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvp30.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvp31.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvp32.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvp33.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvt30.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvt31.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvt32.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\EA Help\whgdata\whnvt33.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\EA_Help_Select.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\autorun.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\blue_screen_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\cd_dvd_issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\cd_dvd_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\CD_DVD_Troubleshooting.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Cleaning_your_CD_DVD.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\crashes.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\crash_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\crash_issues3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\cshdat_robohelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\cshdat_webhelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\directx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\display_settings.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\EA_Help_De.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\EA_Help_De_csh.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\EA_Help_De_rhc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Emptying_Temporary_Files.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Ending_background_tasks.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\error_message.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\gameplay_issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Graphic_corruption.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Hard_Drive_space.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Installing_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Manually_starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Minimum_requirements.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Monitor.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\my_game_fails_to_start.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Sound_card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Starting_the_installation_manually.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Updating_your_sound_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Updating_your_video_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Video_Card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\warranty.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\Welcome.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whcshdata.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whcsh_home.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whfbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whfdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whfform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whgbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whgdef.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whgdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whibody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whidhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whiform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whnjs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whproj.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_banner.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_blank.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_frmset01.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_frmset010.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_homepage.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_info.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_mbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_papplet.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_pdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_pickup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_plist.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_tbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whskin_tw.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whtdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whftdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whfts.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whfwdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whglo.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whidata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whidx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whtdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\De\whdata\whtoc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\blue_screen_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\CD_DVD_(Errores).htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\CD_DVD_(Errores)2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\CD_DVD_Troubleshooting.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Cleaning_your_CD_DVD.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\crash_issues3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\cshdat_robohelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\cshdat_webhelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\directx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Display_Settings.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\EA_Help_Esp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\EA_Help_Esp_csh.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\EA_Help_Esp_rhc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\El_juego_no_se_inicia_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\El_juego_se_bloquea.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Emptying_Temporary_Files.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Ending_background_tasks.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Error_message.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Gameplay_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\graphic_corruption.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Hard_Drive_space.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Inicio_Del_Juego.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Instalaci_n_Del_Juego.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\La_instalaci_n_se_bloquea_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Manually_starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Minimum_requirements.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Monitor.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Reproducci_n_autom_tica_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Sound_card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Starting_the_installation_manually.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Updating_your_sound_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Updating_your_video_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Video_Card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Warranty.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\Welcome.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whcshdata.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whcsh_home.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whfbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whfdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whfform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whgbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whgdef.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whgdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whibody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whidhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whiform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whnjs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whproj.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_banner.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_blank.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_frmset01.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_frmset010.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_homepage.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_info.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_mbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_papplet.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_pdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_pickup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_plist.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_tbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whskin_tw.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whtdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whftdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whfts.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whfwdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whglo.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whidata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whidx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whtdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\es\whdata\whtoc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\autorun.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\blue_screen_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\cd_dvd_issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\cd_dvd_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\CD_DVD_Troubleshooting.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Cleaning_your_CD_DVD.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\crashes.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\crash_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\crash_issues3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\cshdat_robohelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\cshdat_webhelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\directx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\display_settings.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\EA_Help_Fr.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\EA_Help_Fr_csh.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\EA_Help_Fr_rhc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Emptying_Temporary_Files.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Ending_background_tasks.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\error_message.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\gameplay_issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Graphic_corruption.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Hard_Drive_space.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Installing_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Manually_starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Minimum_requirements.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Monitor.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\my_game_fails_to_start.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Sound_card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Starting_the_installation_manually.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Updating_your_sound_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Updating_your_video_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Video_Card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\Warranty.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\welcome.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whcshdata.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whcsh_home.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whfbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whfdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whfform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whgbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whgdef.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whgdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whibody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whidhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whiform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whnjs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whproj.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_banner.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_blank.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_frmset01.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_frmset010.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_homepage.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_info.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_mbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_papplet.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_pdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_pickup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_plist.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_tbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whskin_tw.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whtdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whftdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whfts.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whfwdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whglo.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whidata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whidx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whtdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\fr-fr\whdata\whtoc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\autorun.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\blue_screen_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\cd_dvd_issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\cd_dvd_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\CD_DVD_Troubleshooting.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Cleaning_your_CD_DVD.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\crashes.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\crash_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\crash_issues3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\cshdat_robohelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\cshdat_webhelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\directx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\display_settings.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\EA_Help_NL.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\EA_Help_NL_csh.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\EA_Help_NL_rhc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Emptying_Temporary_Files.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Ending_background_tasks.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\error_message.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Gameplay_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Graphic_corruption.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Hard_Drive_space.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Installing_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Manually_starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Minimum_requirements.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Monitor.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\my_game_fails_to_start.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Sound_card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Starting_the_installation_manually.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Updating_your_sound_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Updating_your_video_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Video_Card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Warranty.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\Welcome.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whcshdata.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whcsh_home.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whfbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whfdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whfform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whgbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whgdef.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whgdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whibody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whidhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whiform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whnjs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whproj.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_banner.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_blank.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_frmset01.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_frmset010.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_homepage.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_info.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_mbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_papplet.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_pdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_pickup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_plist.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_tbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whskin_tw.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whtdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whftdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whfts.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whfwdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whglo.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whidata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whidx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whtdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\NL\whdata\whtoc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\autorun.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\blue_screen_.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\cd_dvd_issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\cd_dvd_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\CD_DVD_Troubleshooting.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Cleaning_your_CD_DVD.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\crashes.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\crash_issues2.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\crash_issues3.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\cshdat_robohelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\cshdat_webhelp.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\directx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\display_settings.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\EA_Help_Sv.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\EA_Help_Sv_csh.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\EA_Help_Sv_rhc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Emptying_Temporary_Files.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Ending_background_tasks.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\error_message.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Gameplay_Issues.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Graphic_corruption.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Hard_Drive_space.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Installing_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Manually_starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Minimum_requirements.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Monitor.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\my_game_fails_to_start.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Sound_card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Starting_the_game.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Starting_the_installation_manually.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Updating_your_sound_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Updating_your_video_driver.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Video_Card.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Warranty.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\Welcome.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whcshdata.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whcsh_home.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whfbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whfdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whfform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whgbody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whgdef.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whgdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whibody.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whidhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whiform.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whnjs.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whproj.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_banner.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_blank.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_frmset01.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_frmset010.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_homepage.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_info.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_mbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_papplet.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_pdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_pickup.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_plist.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_tbars.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whskin_tw.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whtdhtml.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whftdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whfts.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whfwdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whglo.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whidata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whidx.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whtdata0.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\EA GAMES\Battlefield 2\Support\European Help Files\Sv\whdata\whtoc.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\2ptArcTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\3ptArcTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\ArcTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\BulgedTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\CircleTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\Credits.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\Default.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\EllipseTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\EraserTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\FreehandTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\JoinTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\LabelTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\LineTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\LozengeTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\PanTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\PieTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\PolygonTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\RectangleTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\RoundedTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\SelectTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\SplitTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\StyleTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\TextTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\Tool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\LayOut\Instructor\ZoomTool.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10508\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10509\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10520\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10523\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10525\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10526\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21019\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21020\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21022\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21024\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21031\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21041\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21048\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21057\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21065\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21074\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21094\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21095\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21096\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21100\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21126\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21129\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21162\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21169\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21236\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21337\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21405\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21410\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21494\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21515\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21525\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21940\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\23006\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\searching\index.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\welcomescreen\learntab.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Resources\en-US\welcomescreen\learntabexpired.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Tools\DynamicComponents\html\configurator.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Tools\DynamicComponents\html\manager.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Google\Google SketchUp 7\Tools\DynamicComponents\html\reporter.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Graboid\GraboidVideo\1.7.3.0\moz\res\hiddenWindow.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Graboid\GraboidVideo\1.7.3.0\offline\noConnection.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Graboid\GraboidVideo\1.8.0.0\moz\res\hiddenWindow.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\Graboid\GraboidVideo\1.8.0.0\offline\noConnection.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ifu Hamburg\e!Sankey 2.5\docs\news\pro\de\news.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ifu Hamburg\e!Sankey 2.5\docs\news\pro\en\news.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ifu Hamburg\e!Sankey 2.5\docs\news\standard\de\news.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ifu Hamburg\e!Sankey 2.5\docs\news\standard\en\news.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ifu Hamburg\e!Sankey 2.5\docs\news\trial\de\news.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\Local\VirtualStore\Program Files\ifu Hamburg\e!Sankey 2.5\docs\news\trial\en\news.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-4a8b8bb0 Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\49f20e4c-7a9241ed multiple threats deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5edf79cd-1d8b604f multiple threats deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\179d9a4e-1e7eacf3 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\53956f4f-415fe28d a variant of Java/Agent.BP trojan deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\19cd0d5-741d06c0 multiple threats deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-7089bd74 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-4c963791 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\561d8ca1-5517df12 multiple threats deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\185066e4-20b93c42 multiple threats deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\239647b4-43563c94 multiple threats deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\50ab9ef6-474d9edb multiple threats deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\504f0106-3e237529 a variant of Java/TrojanDownloader.OpenStream.NAZ trojan deleted - quarantined
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\5aca5c7c-29829b65 multiple threats deleted - quarantined
C:\Users\Jamie\Downloads\Google Earth Pro 5.07 Cracked\Setup.exe Win32/Oficla.IK trojan deleted - quarantined
Z:\JAMIE-PC\Backup Set 2011-05-22 092305\Backup Files 2011-05-22 092305\Backup files 1.zip Win32/Ramnit.A virus deleted - quarantined
Z:\JAMIE-PC\Backup Set 2011-05-22 092305\Backup Files 2011-05-22 092305\Backup files 36.zip Win32/Ramnit.A virus deleted - quarantined
Z:\JAMIE-PC\Backup Set 2011-05-22 092305\Backup Files 2011-05-22 092305\Backup files 37.zip multiple threats deleted - quarantined

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:51 PM

Posted 25 May 2011 - 05:48 PM

oh dear, I have some very bad news for you unfortunately. You have ramnit which is a polymorphic file infector. It cannot be properly cleaned, many tools will claim to have cleaned or quarantined the infection, only to find it respawns in another file.

The only sure way to clean is a total reformat and reinstall. DO NOT try and save anything but .doc .jpg .mp3 type extensions, definitely no exe's


Here is a write up on this infection:

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll  and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:51 PM

Posted 10 June 2011 - 01:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users