Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Agent

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Agent

Unread postby Cram » May 31st, 2011, 9:56 am

Hi, i have recently had the windows 7 recovery virus. I have tried to remove the virus using a guide at bleepingcomputer.com
http://www.bleepingcomputer.com/virus-r ... s-recovery
To the best of my knowledge, i had beleive this has worked. However, my Avira AntiVir guard started popping up warnings saying "HTML/Drop.Agent.AB" was found in "<insert programme name here>" and now i am not so sure whether or not it has worked. This alert pops up every so often saying the virus has been found in a new programme/s and i am worried it is spreading throughout the computer. Also a number of programes have stopped working properly or altogether, most notably games.

Help would be very welcome

EDIT: I just realised i have uTorrent installed. I will uninstall this just now. Also Avira has started showing a virus called "W32/Ramnit.C"

EDIT 2 I'm sure something worse has happened now. My Avira Anti-Vir has been disabled and I am unable to re-enable it. Pretty sure this the work of a virus. Until i receive instruction from a helper, i will not be using windows 7 and will instead use ubuntu linux as this is also installed on my system.
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by John at 14:49:46 on 2011-05-31
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3387.2119 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com?o=14196&l=dis
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\ogbxtdmm\wmskedvd.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
StartupFolder: c:\users\john\appdata\roaming\microsoft\windows\start menu\programs\startup\wmskedvd.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\1q6oc5u9.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-20 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-20 269480]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2010-12-21 239336]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-20 61960]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 250264]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-12-20 232448]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-20 277536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-12-20 17488]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-23 1343400]
.
=============== Created Last 30 ================
.
2011-05-31 13:04:53 -------- d-----w- c:\users\john\appdata\roaming\GetRightToGo
2011-05-31 11:57:37 -------- d-----w- c:\users\john\appdata\local\{4F8B16BF-9EB7-4E93-9B06-FC38A0F786D2}
2011-05-31 11:52:30 179957 ------w- c:\program files\internet explorer\iexploremgr.exe
2011-05-31 11:47:10 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-31 11:47:08 -------- d-----w- c:\users\john\appdata\local\temp
2011-05-31 11:37:05 98816 ----a-w- c:\windows\sed.exe
2011-05-31 11:37:05 518144 ----a-w- c:\windows\SWREG.exe
2011-05-31 11:37:05 256512 ----a-w- c:\windows\PEV.exe
2011-05-31 11:37:05 208896 ----a-w- c:\windows\MBR.exe
2011-05-31 11:22:39 -------- d-----w- c:\users\john\appdata\local\{B3FE5BC3-9A7C-4764-95CF-0A636B74F2E5}
2011-05-31 10:17:29 -------- d-----w- c:\users\john\appdata\local\{EFDF29D0-DEB3-4CD2-8E1D-B333BD116EA6}
2011-05-31 09:58:04 -------- d-----w- c:\users\john\appdata\local\{BF32D629-119E-4FC9-AD97-E780C67E8AF3}
2011-05-31 09:41:57 -------- d-----w- c:\users\john\appdata\local\{32A28967-8736-439D-A671-7B641892A7FF}
2011-05-31 09:08:53 -------- d-----w- c:\users\john\appdata\local\{42EA3C18-1F83-49F5-A9A7-404A679191B2}
2011-05-31 08:41:31 -------- d-----w- c:\users\john\appdata\local\{14EE2822-17F9-479B-BAD8-C371C0B7B75D}
2011-05-31 08:20:01 -------- d-----w- c:\users\john\appdata\local\{ADD644CA-2774-443D-B374-AB4E21F61CC6}
2011-05-31 08:13:48 -------- d-----w- c:\users\john\appdata\roaming\Malwarebytes
2011-05-31 08:13:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 08:13:43 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 08:09:13 -------- d-----w- c:\users\john\appdata\local\{26A9E3A5-4090-4B52-8D27-B6C2878FEFF6}
2011-05-31 08:00:04 -------- d-----w- c:\users\john\appdata\local\{D56D5D43-8DD1-48EC-B52C-09FF40DD612D}
2011-05-31 07:38:06 -------- d-----w- c:\users\john\appdata\local\{84C29527-5521-42A4-92DE-4E433C78AB84}
2011-05-31 01:58:47 -------- d-----w- c:\users\john\appdata\local\{8911D2D7-1BE5-456E-B942-02D39CB7CFEC}
2011-05-31 01:41:21 179957 ------w- c:\users\john\appdata\roaming\microsoft\windows\start menu\programs\startup\wmskedvd.exe
2011-05-31 01:41:21 -------- d-----w- c:\program files\ogbxtdmm
2011-05-29 13:38:00 -------- d-----w- c:\users\john\appdata\local\{7063AFA2-B287-4D30-BFCA-843BF6D07E8C}
2011-05-27 23:35:48 -------- d-----w- c:\users\john\appdata\local\{C3DFB912-260C-420C-92A8-9B53BAA388A3}
2011-05-27 10:57:12 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-27 10:56:20 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-27 10:56:20 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-27 10:56:19 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-27 10:56:19 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-27 10:56:19 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-27 10:56:17 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-05-27 10:56:02 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-27 10:56:02 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-27 10:56:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-27 10:56:01 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-05-27 10:54:41 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-27 10:54:38 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-05-27 10:54:37 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-27 10:54:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-27 10:54:37 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-27 10:54:34 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-27 10:54:34 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-27 10:54:34 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-27 10:54:34 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-27 10:40:31 -------- d-----w- c:\users\john\appdata\local\{022A8DF5-CEB3-4B97-A99A-8071426A3CFF}
2011-05-10 18:44:17 -------- d-----w- c:\users\john\appdata\local\{98893324-5E82-4DBF-B2D6-DAA75169200E}
.
==================== Find3M ====================
.
2011-05-31 11:22:35 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-05-31 11:22:21 17488 ----a-w- c:\windows\gdrv.sys
2009-11-19 21:08:02 3749224 ------w- c:\program files\common files\adlmint_libFNP.dll
2009-11-19 21:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
.
============= FINISH: 14:49:56.53 ===============

.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 20/12/2010 19:06:07
System Uptime: 31/05/2011 12:56:39 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-UD2H
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | Socket 1156 | 2926/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 24 GiB total, 10.983 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 293 GiB total, 252.701 GiB free.
F: is FIXED (NTFS) - 86 GiB total, 85.356 GiB free.
G: is FIXED (NTFS) - 87 GiB total, 86.06 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_3B641458&REV_06\3&13C0B0C5&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_3B641458&REV_06\3&13C0B0C5&0&B0
Service:
.
==== System Restore Points ===================
.
RP78: 31/05/2011 12:37:10 - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Advanced System Optimizer
Advanced Uninstaller PRO - Version 10
Assassin's Creed
Assassin's Creed II
µTorrent
Autodesk 3ds Max 2009 32-bit
Autodesk Backburner 2008.1
Autodesk DirectConnect 2010 R1
Autodesk MatchMover 2011 32-bit
Autodesk Maya 2011 32-bit
Autodesk Maya 2011 English Documentation 32-bit
Avira AntiVir Personal - Free Antivirus
Caplio Software
Composite 2011
D3DX10
DAEMON Tools Toolbar
Easy Tune 6 B10.0420.1
Fraps
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 4.2.5 (Full)
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Mozilla Firefox 4.0.1 (x86 en-GB)
MSVCRT
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Total Commander (Remove or Repair)
Trojan Killer 2.0
Ubisoft Game Launcher
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
31/05/2011 12:57:04, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
31/05/2011 12:45:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
31/05/2011 12:38:12, Error: Service Control Manager [7034] - The mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit service terminated unexpectedly. It has done this 1 time(s).
31/05/2011 12:21:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053111-13640-01.
31/05/2011 11:19:14, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
31/05/2011 09:41:14, Error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 3 time(s).
31/05/2011 09:41:12, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
31/05/2011 09:41:10, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
31/05/2011 09:11:04, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
31/05/2011 09:00:55, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
31/05/2011 08:49:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
31/05/2011 08:49:35, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
31/05/2011 08:49:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
31/05/2011 08:49:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
31/05/2011 08:49:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
31/05/2011 08:49:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service HideMyIpSRV with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
31/05/2011 08:49:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd ssmdrv tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/05/2011 08:49:12, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
31/05/2011 08:48:55, Error: sptd [4] - Driver detected an internal error in its data structures for .
31/05/2011 02:56:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache spldr sptd ssmdrv Wanarpv6
28/05/2011 02:37:13, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB2511455).
.
==== End Of File ===========================
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am
Advertisement
Register to Remove

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Carolyn » June 2nd, 2011, 7:03 am

I am reviewing your logs and will post instructions shortly.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Carolyn » June 2nd, 2011, 7:20 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

=============================

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

=============================

Registry Cleaners

I notice the presence of Advanced System Optimizer Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

=============================

Remove Outdated Java
Note: You can install the current version after the computer is clean.
  • Go to start > control panel > programs and features.
  • Right click on Java(TM) 6 Update 21
  • Click Uninstall & then follow the prompts to remove it.

=============================

Create a System Restore Point
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.

=============================

Defogger
CD Emulator Software (Daemon Tools, Alcohol, etc) use drivers that can interfere with rootkit scans, so we'll temporarily disable them.
Disable Drivers
Please download DeFogger... by jpshortstuff. Save it to your desktop.
  1. Double click DeFogger.exe to run the tool. The application window will appear.
  2. Click the Disable button to disable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK.
  4. Click OK when DeFogger asks to reboot the machine.
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

=============================

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

=============================

Disable Windows Defender until the computer is clean

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.

=============================

GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
Note: Do not run any programs while Gmer is running.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    If using Vista or Windows 7, you must right click random named.exe and choose "Run As Administrator".
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one

    Image
    Click on image to enlarge


  4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
  5. Click the Scan button.
  6. Once the scan has finished... click Save. The Save... window will open.
  7. Save the scan results as gmer.txt, save it to your Desktop.
  8. Double click on the desktop "gmer.txt" file, to open in Notepad.
  9. Copy and paste the contents of the file gmer.txt in your next reply.

=============================

I see that you have run ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please post the ComboFix log. You should be able to find it at C:\ComboFix.txt

If you are unable to find the log there, please check for logs in the folder C:\qoobox

=============================

Please include the following logs in your next reply (post all logs as text, no attachments please):
  • gmer.txt
  • The ComboFix log
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Cram » June 2nd, 2011, 8:10 am

Hi there, thanks for the help so far.

Thats interesting, i didnt know reg cleaners cold do that sort of harm. Will definitely look into it.

1. removed java
2. created system restore point
3. ran defogger, drivers disabled
4. disabled windows defender real time protection

5. GMER
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-02 12:51:50
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Patriot_PS-100_32GB_SSD rev.VER2.008
Running: vi77ns1e.exe; Driver: C:\Users\John\AppData\Local\Temp\kwtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E83569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AD65B000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AD65B123 629 Bytes [65, 65, AD, FE, 05, 34, 65, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AD65B399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AD65B3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B AD65B4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
.text user32.dll!TranslateMessage 777D910F 5 Bytes [E9, D5, 61, 84, A8] {JMP 0xffffffffa88461da}

---- User code sections - GMER 1.0.15 ----

? C:\Windows\System32\smss.exe[304] time/date stamp mismatch;
? C:\Windows\system32\csrss.exe[444] time/date stamp mismatch; unknown module: CSRSRV.dll
? C:\Windows\system32\csrss.exe[508] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\Windows\system32\csrss.exe[508] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\system32\csrss.exe[508] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\system32\csrss.exe[508] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\system32\csrss.exe[508] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
? C:\Windows\system32\services.exe[548] time/date stamp mismatch; unknown module: CRYPTBASE.dllunknown module: profapi.dllunknown module: SspiCli.dll
? C:\Windows\system32\winlogon.exe[660] time/date stamp mismatch; unknown module: AUTHZ.dllunknown module: SspiCli.dllunknown module: MPR.dllunknown module: netutils.dllunknown module: wkscli.dllunknown module: UXINIT.dllunknown module: slc.dllunknown module: CRYPTSP.dllunknown module: profapi.dllunknown module: WINSTA.dll
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
? C:\Windows\system32\svchost.exe[732] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\system32\svchost.exe[844] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\System32\svchost.exe[928] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\System32\svchost.exe[976] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\system32\svchost.exe[1012] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\system32\svchost.exe[1192] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\system32\svchost.exe[1332] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\system32\svchost.exe[1568] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\system32\svchost.exe[1896] time/date stamp mismatch; unknown module: 0.dll
.text C:\Windows\system32\wuauclt.exe[2088] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20082AB2
.text C:\Windows\system32\wuauclt.exe[2088] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20079664
.text C:\Windows\system32\wuauclt.exe[2088] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2008292E
.text C:\Windows\system32\wuauclt.exe[2088] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2007F2E9
.text C:\Windows\system32\taskhost.exe[2296] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\system32\taskhost.exe[2296] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\system32\taskhost.exe[2296] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\system32\taskhost.exe[2296] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
.text C:\Users\John\Desktop\vi77ns1e.exe[2368] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20022AB2
.text C:\Users\John\Desktop\vi77ns1e.exe[2368] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20019664
.text C:\Users\John\Desktop\vi77ns1e.exe[2368] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2002292E
.text C:\Users\John\Desktop\vi77ns1e.exe[2368] user32.dll!TranslateMessage 777D910F 5 Bytes JMP 2001F2E9
? C:\Windows\System32\svchost.exe[2392] time/date stamp mismatch; unknown module: 0.dll
.text C:\Windows\System32\svchost.exe[2392] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\System32\svchost.exe[2392] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\System32\svchost.exe[2392] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\System32\svchost.exe[2392] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!sendto 770A3AED 5 Bytes JMP 2004FEDB
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!closesocket 770A3BED 5 Bytes JMP 2005051E
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!WSARecvFrom 770A418D 5 Bytes JMP 2005043D
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!recv 770A47DF 5 Bytes JMP 20050196
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!WSASend 770A68A7 5 Bytes JMP 2005027A
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!recvfrom 770ABF39 5 Bytes JMP 20050205
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!WSARecv 770AC29F 5 Bytes JMP 20050362
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!send 770AC4C8 5 Bytes JMP 2004FE8D
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!WSASendTo 770BADC4 2 Bytes JMP 200502EB
.text C:\Windows\System32\svchost.exe[2392] WS2_32.dll!WSASendTo + 3 770BADC7 2 Bytes [F9, A8]
.text C:\Windows\system32\Dwm.exe[2508] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\system32\Dwm.exe[2508] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\system32\Dwm.exe[2508] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\system32\Dwm.exe[2508] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
? C:\Windows\Explorer.EXE[2540] time/date stamp mismatch; unknown module: WINMM.dllunknown module: CFGMGR32.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: WINBRAND.dllunknown module: DUI70.dllunknown module: SndVolSSO.DLLunknown module: netutils.dllunknown module: wkscli.dllunknown module: PROPSYS.dllunknown module: gdiplus.dllunknown module: slc.dllunknown module: dwmapi.dllunknown module: POWRPROF.dllunknown module: UxTheme.dllunknown module: EXPLORERFRAME.dllunknown module: OLEAUT32.dll
.text C:\Windows\Explorer.EXE[2540] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\Explorer.EXE[2540] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\Explorer.EXE[2540] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\Explorer.EXE[2540] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetCloseHandle 7714C83E 5 Bytes JMP 20050BEA
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetReadFile 7714E264 5 Bytes JMP 2005158F
.text C:\Windows\Explorer.EXE[2540] WININET.dll!HttpSendRequestW 7714EEB3 5 Bytes JMP 20050B8B
.text C:\Windows\Explorer.EXE[2540] WININET.dll!HttpOpenRequestA 771503FA 5 Bytes JMP 2005164A
.text C:\Windows\Explorer.EXE[2540] WININET.dll!HttpOpenRequestW 771505D3 5 Bytes JMP 20051677
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetQueryDataAvailable 771541CB 5 Bytes JMP 20051270
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetOpenUrlA 7715DBD0 5 Bytes JMP 200516A4
.text C:\Windows\Explorer.EXE[2540] WININET.dll!HttpSendRequestExW 77168E44 5 Bytes JMP 20050ACA
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetWriteFile 771690F0 5 Bytes JMP 20050BBD
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetReadFileExW 771712E9 5 Bytes JMP 20051474
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetReadFileExA 77171321 5 Bytes JMP 200513CD
.text C:\Windows\Explorer.EXE[2540] WININET.dll!InternetOpenUrlW 771AE0D4 5 Bytes JMP 200516CB
.text C:\Windows\Explorer.EXE[2540] WININET.dll!HttpSendRequestExA 771C04D6 5 Bytes JMP 20050B10
.text C:\Windows\Explorer.EXE[2540] WININET.dll!HttpSendRequestA 771C05BC 5 Bytes JMP 20050B56
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!sendto 770A3AED 5 Bytes JMP 2004FEDB
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!closesocket 770A3BED 5 Bytes JMP 2005051E
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!WSARecvFrom 770A418D 5 Bytes JMP 2005043D
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!recv 770A47DF 5 Bytes JMP 20050196
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!WSASend 770A68A7 5 Bytes JMP 2005027A
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!recvfrom 770ABF39 5 Bytes JMP 20050205
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!WSARecv 770AC29F 5 Bytes JMP 20050362
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!send 770AC4C8 5 Bytes JMP 2004FE8D
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!WSASendTo 770BADC4 2 Bytes JMP 200502EB
.text C:\Windows\Explorer.EXE[2540] WS2_32.dll!WSASendTo + 3 770BADC7 2 Bytes [F9, A8]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2636] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2636] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2636] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2636] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
.text C:\Windows\System32\hkcmd.exe[2676] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\System32\hkcmd.exe[2676] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\System32\hkcmd.exe[2676] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\System32\hkcmd.exe[2676] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetCloseHandle 7714C83E 5 Bytes JMP 20050BEA
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetReadFile 7714E264 5 Bytes JMP 2005158F
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!HttpSendRequestW 7714EEB3 5 Bytes JMP 20050B8B
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!HttpOpenRequestA 771503FA 5 Bytes JMP 2005164A
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!HttpOpenRequestW 771505D3 5 Bytes JMP 20051677
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetQueryDataAvailable 771541CB 5 Bytes JMP 20051270
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetOpenUrlA 7715DBD0 5 Bytes JMP 200516A4
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!HttpSendRequestExW 77168E44 5 Bytes JMP 20050ACA
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetWriteFile 771690F0 5 Bytes JMP 20050BBD
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetReadFileExW 771712E9 5 Bytes JMP 20051474
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetReadFileExA 77171321 5 Bytes JMP 200513CD
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!InternetOpenUrlW 771AE0D4 5 Bytes JMP 200516CB
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!HttpSendRequestExA 771C04D6 5 Bytes JMP 20050B10
.text C:\Windows\System32\hkcmd.exe[2676] WININET.dll!HttpSendRequestA 771C05BC 5 Bytes JMP 20050B56
.text C:\Windows\System32\igfxpers.exe[2684] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Windows\System32\igfxpers.exe[2684] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Windows\System32\igfxpers.exe[2684] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Windows\System32\igfxpers.exe[2684] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2692] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20052AB2
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2692] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20049664
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2692] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2005292E
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2692] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2004F2E9
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20022AB2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20019664
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2002292E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!sendto 770A3AED 5 Bytes JMP 2001FEDB
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!closesocket 770A3BED 5 Bytes JMP 2002051E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!WSARecvFrom 770A418D 5 Bytes JMP 2002043D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!recv 770A47DF 5 Bytes JMP 20020196
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!WSASend 770A68A7 5 Bytes JMP 2002027A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!recvfrom 770ABF39 5 Bytes JMP 20020205
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!WSARecv 770AC29F 5 Bytes JMP 20020362
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!send 770AC4C8 5 Bytes JMP 2001FE8D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!WSASendTo 770BADC4 2 Bytes JMP 200202EB
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] WS2_32.dll!WSASendTo + 3 770BADC7 2 Bytes [F6, A8]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2001F2E9
? C:\Windows\System32\svchost.exe[3520] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\system32\svchost.exe[3640] time/date stamp mismatch; unknown module: 0.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] ntdll.dll!NtQueryDirectoryFile 77955240 5 Bytes JMP 20022AB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] ntdll.dll!NtResumeThread 77955750 5 Bytes JMP 20019664
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] ntdll.dll!LdrLoadDll 7796F5B5 5 Bytes JMP 2002292E
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] USER32.dll!TranslateMessage 777D910F 5 Bytes JMP 2001F2E9
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetCloseHandle 7714C83E 5 Bytes JMP 20020BEA
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetReadFile 7714E264 5 Bytes JMP 2002158F
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!HttpSendRequestW 7714EEB3 5 Bytes JMP 20020B8B
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!HttpOpenRequestA 771503FA 5 Bytes JMP 2002164A
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!HttpOpenRequestW 771505D3 5 Bytes JMP 20021677
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetQueryDataAvailable 771541CB 5 Bytes JMP 20021270
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetOpenUrlA 7715DBD0 5 Bytes JMP 200216A4
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!HttpSendRequestExW 77168E44 5 Bytes JMP 20020ACA
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetWriteFile 771690F0 5 Bytes JMP 20020BBD
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetReadFileExW 771712E9 5 Bytes JMP 20021474
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetReadFileExA 77171321 5 Bytes JMP 200213CD
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!InternetOpenUrlW 771AE0D4 5 Bytes JMP 200216CB
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!HttpSendRequestExA 771C04D6 5 Bytes JMP 20020B10
.text C:\Program Files\Internet Explorer\iexplore.exe[3744] WININET.dll!HttpSendRequestA 771C05BC 5 Bytes JMP 20020B56
? C:\Windows\system32\svchost.exe[3860] time/date stamp mismatch; unknown module: 0.dll
? C:\Windows\System32\svchost.exe[4044] time/date stamp mismatch; unknown module: 0.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:268] 8666EE7A
Thread System [4:272] 86671008

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0x01 0x37 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0xC4 0xFC 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0xDA 0x66 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0x01 0x37 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0xC4 0xFC 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0xDA 0x66 0xBC ...

---- Files - GMER 1.0.15 ----

File C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmskedvd.exe 179957 bytes executable
File C:\Program Files\ogbxtdmm\wmskedvd.exe 179957 bytes executable

---- EOF - GMER 1.0.15 ----

6. ComboFix

ComboFix 11-05-30.07 - John 02/06/2011 12:53:22.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3387.2533 [GMT 1:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\IEXPLOREmgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 11:59 . 2011-06-02 11:59 -------- d-----w- c:\users\John\AppData\Local\temp
2011-06-02 11:59 . 2011-06-02 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 11:30 . 2011-06-02 11:30 -------- d-----w- c:\users\John\AppData\Local\{0A7E6B07-643D-47F0-84A3-450048CB5CE9}
2011-06-01 16:02 . 2011-06-01 16:02 -------- d-----w- c:\users\John\AppData\Local\{F339FA02-3D39-4811-A34B-24D87B3CEBD9}
2011-05-31 16:52 . 2011-05-31 16:52 -------- d-----w- c:\users\John\AppData\Local\{46A631C2-CDD1-4869-A69D-C05557863239}
2011-05-31 13:04 . 2011-05-31 13:05 -------- d-----w- c:\users\John\AppData\Roaming\GetRightToGo
2011-05-31 11:57 . 2011-05-31 11:57 -------- d-----w- c:\users\John\AppData\Local\{4F8B16BF-9EB7-4E93-9B06-FC38A0F786D2}
2011-05-31 11:22 . 2011-05-31 11:22 -------- d-----w- c:\users\John\AppData\Local\{B3FE5BC3-9A7C-4764-95CF-0A636B74F2E5}
2011-05-31 10:17 . 2011-05-31 10:17 -------- d-----w- c:\users\John\AppData\Local\{EFDF29D0-DEB3-4CD2-8E1D-B333BD116EA6}
2011-05-31 09:58 . 2011-05-31 09:58 -------- d-----w- c:\users\John\AppData\Local\{BF32D629-119E-4FC9-AD97-E780C67E8AF3}
2011-05-31 09:41 . 2011-05-31 09:41 -------- d-----w- c:\users\John\AppData\Local\{32A28967-8736-439D-A671-7B641892A7FF}
2011-05-31 09:08 . 2011-05-31 09:08 -------- d-----w- c:\users\John\AppData\Local\{42EA3C18-1F83-49F5-A9A7-404A679191B2}
2011-05-31 08:41 . 2011-05-31 08:41 -------- d-----w- c:\users\John\AppData\Local\{14EE2822-17F9-479B-BAD8-C371C0B7B75D}
2011-05-31 08:20 . 2011-05-31 08:20 -------- d-----w- c:\users\John\AppData\Local\{ADD644CA-2774-443D-B374-AB4E21F61CC6}
2011-05-31 08:13 . 2011-05-31 08:13 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2011-05-31 08:13 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 08:13 . 2011-05-31 08:13 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 08:09 . 2011-05-31 08:09 -------- d-----w- c:\users\John\AppData\Local\{26A9E3A5-4090-4B52-8D27-B6C2878FEFF6}
2011-05-31 08:00 . 2011-05-31 08:00 -------- d-----w- c:\users\John\AppData\Local\{D56D5D43-8DD1-48EC-B52C-09FF40DD612D}
2011-05-31 07:38 . 2011-05-31 07:38 -------- d-----w- c:\users\John\AppData\Local\{84C29527-5521-42A4-92DE-4E433C78AB84}
2011-05-31 01:58 . 2011-05-31 01:58 -------- d-----w- c:\users\John\AppData\Local\{8911D2D7-1BE5-456E-B942-02D39CB7CFEC}
2011-05-31 01:41 . 2011-05-31 11:52 -------- d-----w- c:\program files\ogbxtdmm
2011-05-29 13:38 . 2011-05-29 13:38 -------- d-----w- c:\users\John\AppData\Local\{7063AFA2-B287-4D30-BFCA-843BF6D07E8C}
2011-05-27 23:35 . 2011-05-27 23:36 -------- d-----w- c:\users\John\AppData\Local\{C3DFB912-260C-420C-92A8-9B53BAA388A3}
2011-05-27 10:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-27 10:56 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-27 10:56 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-27 10:56 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-27 10:56 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-27 10:56 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-27 10:56 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-05-27 10:56 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-27 10:56 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-27 10:56 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-27 10:56 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-05-27 10:54 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-27 10:54 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-05-27 10:54 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-27 10:54 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-27 10:54 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-27 10:54 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-27 10:54 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-27 10:54 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-27 10:54 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-27 10:40 . 2011-05-27 10:40 -------- d-----w- c:\users\John\AppData\Local\{022A8DF5-CEB3-4B97-A99A-8071426A3CFF}
2011-05-10 18:44 . 2011-05-10 18:44 -------- d-----w- c:\users\John\AppData\Local\{98893324-5E82-4DBF-B2D6-DAA75169200E}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 11:22 . 2010-12-20 19:30 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-05-31 11:22 . 2010-12-20 19:30 17488 ----a-w- c:\windows\gdrv.sys
2011-03-20 01:15 . 2010-12-20 22:20 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-20 01:13 . 2010-06-24 11:33 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2009-11-19 21:08 . 2009-11-19 21:08 3749224 ------w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-19 21:08 . 2009-11-19 21:08 2941288 ------w- c:\program files\Common Files\adlmint.dll
2011-04-14 16:41 . 2011-05-31 11:53 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-26 8546848]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 205262]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 250264]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-01-14 17488]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 Micorsoft Windows Service;Micorsoft Windows Service;c:\windows\TEMP\extueaop.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-22 1343400]
R3 zlportio;zlportio;e:\games\UltraStar\zlportio.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-20 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-10 136360]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [2009-11-07 239336]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-07 232448]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KWTDYPOG
*Deregistered* - kwtdypog
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\ASOService.job
- c:\program files\Advanced System Optimizer 3\ASO3.exe [2010-12-21 15:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com?o=14196&l=dis
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1q6oc5u9.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-02 13:02:11
ComboFix-quarantined-files.txt 2011-06-02 12:02
ComboFix2.txt 2011-05-31 11:47
.
Pre-Run: 12,234,530,816 bytes free
Post-Run: 12,063,596,544 bytes free
.
- - End Of File - - CEF991413D875DC1F1B78CEF707127FE
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Carolyn » June 3rd, 2011, 7:25 am

Hi,

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

=============================

Please post the ESET log and a fresh set of DDS logs for my review.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Cram » June 3rd, 2011, 11:55 am

ESET log

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b8d6d18bb8f2ea40a75a552ec91de1c3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 12:50:02
# local_time=2011-06-03 01:50:02 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 604441 43633828 333440 0
# compatibility_mode=5893 16776573 100 94 12138101 59567270 0 0
# compatibility_mode=8192 67108863 100 0 121 121 0 0
# scanned=71231
# found=355
# cleaned=0
# scan_time=4522
C:\Fraps\frapslcd.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Advanced System Optimizer 3\ArmAccess.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Advanced System Optimizer 3\updater\extract\7z.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Common\Bin\AliasMetaDataHandler.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Licensing\bin\findkey.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Licensing\bin\installKey.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtCore4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtGui4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtNetwork4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtXml4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\apcw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\msvcr80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\pcwsupport.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\pcw_opa.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\qt-mt338.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\wrapper.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\wrapper.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\aruba.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwfcore.1.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwfcore_wt.1.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk_ro.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk_wt.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\from100to97.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\gBase50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\gpi50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\granite50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\Jt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtBrep72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtImageIO72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtLibra72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtSimp72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtSupt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtTk50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtXTBrep72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libAG.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaJNI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaModelBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaModelDefn.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCAIIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCATIA4IO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCATIA5IO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCSBIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDevIL.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDWFIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDWGIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libFBXIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libGeometryAlg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libGeometryDefn.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIGESIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libImage.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIPTIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIVIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libJTIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libpcre.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSTEPIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSTLIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSWIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libTesselation.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libUGIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libzlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libZPRIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\ParaSupt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk_ro.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk_wt.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk_ro.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk_wt.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\xaml_wt.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\Zpr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\caiInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\catiaV4Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\catiaV5Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\csbInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\dwgOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\igesOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\jtInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\jtOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_caiInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_catiaV4Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_catiaV5Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_csbInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwgInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwgOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_grInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_igesInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_igesOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_iptInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_jtInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_jtOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_spfInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_spfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_stepInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_swInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_ugInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_ugOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_zprOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\spfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\stlOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\ugInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\ugOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\zprOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\awt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\axbridge.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\cmm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dcpr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\deploy.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dt_shmem.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dt_socket.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\fontmanager.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\hpi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\hprof.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\instrument.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\ioser12.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\j2pcsc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\j2pkcs11.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jaas_nt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java-rmi.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaws.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java_crw_demo.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jawt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\JdbcOdbc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jdwp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jli.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpeg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpicom.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpiexp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpinscp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpioji.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpishare.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jsound.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jsoundds.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\keytool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\kinit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\klist.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\ktab.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\management.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\net.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\nio.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava11.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava12.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava13.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava14.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npoji610.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\orbd.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\pack200.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\policytool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\regutils.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmid.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmiregistry.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\servertool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\splashscreen.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\sunmscapi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\tnameserv.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\unpack.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\unpack200.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\verify.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\wsdetect.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\zip.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\client\jvm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\iGdiCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IScrCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\ISRT.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IUserCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\IScript\iscript.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Intel\Media SDK\i1\1.0\libmfxhw32-i1.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\VC\msdia80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\DAEMON Tools Lite\mfc80u.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\AODAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ati64.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\atistclk.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\bg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\cpu.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ET6SC.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ETcall.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ETcallmgr.exe a variant of Win32/Kryptik.ONW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\et_ycc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\MFCSPD.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\nvgpio1.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\OCK.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{5BC1F10D-6A7A-41AE-AC7C-6BD454204729}\Setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\psvince.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_liba52.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libdts.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_samplerate.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_unrar.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\iconv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\libFLAC.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\dxr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mp4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ogm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ts.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\graphedit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\proppage.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Silverlight\4.0.60310.0\coreclr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\NICDRV_8169\WIN7\RTNUninst32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Rar.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\RarExt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\RarExtLoader.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Uninstall.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\UnRAR.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\WinRAR.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Formats\7zxa.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\IEXPLOREmgr.exe.vir a variant of Win32/Kryptik.ONW trojan (unable to clean) 00000000000000000000000000000000 I
C:\totalcmd\TCUNZLIB.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\totalcmd\WCMZIP32.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6437a0a0-13482d8a a variant of Win32/Kryptik.ONR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f08de82-n\jmc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f08de82-n\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79dd6c58-n\decora-d3d.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79dd6c58-n\decora-sse.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\Desktop\remover.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\Downloads\frostwire-4.21.3.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\libeay32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\MatchMoverApp.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\qt-mt338.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLlogProc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLmasterKeyerUtil.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLpeBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLpeUiBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLshape.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLshapeExtensions.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLshapeUi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\boost_python-iw-mt-1_38.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\boost_python.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\composite.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libdb41.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLbase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLbuiltinTools.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLdatamgt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLframework.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLgfx.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLinternalAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLmedia.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLpluginAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLprimitives.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLrender.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLresmgt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLtxapp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLui.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libwiretapClientAPI_dynamic.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\python.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\python26.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\pythonw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\txrender.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\txutil.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\txversion.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\sqlite3.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\tcl85.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\tclpip85.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\tk85.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-6.0.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-7.1.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-8.0.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-8_d.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-9.0.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\site-packages\autodesk_toxik\libs\libDLrelocationBrowser.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\copyProjects.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_bg_io_tool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_client_tool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_create_audio.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_create_clip.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_create_node.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_destroy_node.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_dump_translations.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_children.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_clip_format.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_display_name.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_frames.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_metadata.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_node_type.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_num_frames.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_root_node.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_is_clip.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_ping.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_print_tree.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_read_stream.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_resolve_path.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_resolve_storage_id.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_rw_file.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_rw_frame.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_server_dump.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_set_metadata.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_set_num_frames.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_translate_path.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\cmdjob.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\libDLnrapi30.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\manager.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\managersvc.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\MFC71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\monitor.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvci70.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvcr70.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\nrapi20.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\nrapiTools.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\server.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\serversvc.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\Capftpd.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\CaplioSetting.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\cdshare.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\cnvimg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\dudbif.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\imghdlr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\libRSPAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\ListEdit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\LogMgr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\RILDIB.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\RPLFLT.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\stichSL.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\tmkdbif.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\zlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\Disk1\Setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\BITW32.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\JPDW32.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\RJc1Wia.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\RWiaExif.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\CallOfDutyModernWarfare\iw3mp.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\CallOfDutyModernWarfare\Mods\ModWarfare\7za.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\World of Warcraft\divxdecoder.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\World of Warcraft\ijl15.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\World of Warcraft\Logs\World of Warcraft Install Log.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b8d6d18bb8f2ea40a75a552ec91de1c3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 01:20:11
# local_time=2011-06-03 02:20:11 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 609110 43638497 338109 0
# compatibility_mode=5893 16776573 100 94 12142770 59571939 0 0
# compatibility_mode=8192 67108863 100 0 4790 4790 0 0
# scanned=64824
# found=248
# cleaned=0
# scan_time=1660
C:\Fraps\frapslcd.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Advanced System Optimizer 3\ArmAccess.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Advanced System Optimizer 3\updater\extract\7z.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Common\Bin\AliasMetaDataHandler.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Licensing\bin\findkey.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Licensing\bin\installKey.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtCore4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtGui4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtNetwork4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtXml4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\apcw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\msvcr80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\pcwsupport.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\pcw_opa.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\qt-mt338.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\wrapper.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\wrapper.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\aruba.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwfcore.1.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwfcore_wt.1.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk_ro.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk_wt.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\from100to97.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\gBase50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\gpi50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\granite50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\Jt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtBrep72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtImageIO72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtLibra72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtSimp72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtSupt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtTk50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtXTBrep72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libAG.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaJNI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaModelBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaModelDefn.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCAIIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCATIA4IO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCATIA5IO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCSBIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDevIL.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDWFIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDWGIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libFBXIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libGeometryAlg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libGeometryDefn.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIGESIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libImage.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIPTIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIVIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libJTIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libpcre.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSTEPIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSTLIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSWIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libTesselation.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libUGIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libzlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libZPRIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\ParaSupt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk_ro.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk_wt.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk_ro.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk_wt.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\xaml_wt.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\Zpr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\caiInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\catiaV4Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\catiaV5Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\csbInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\dwgOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\igesOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\jtInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\jtOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_caiInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_catiaV4Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_catiaV5Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_csbInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwgInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwgOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_grInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_igesInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_igesOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_iptInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_jtInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_jtOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_spfInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_spfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_stepInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_swInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_ugInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_ugOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_zprOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\spfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\stlOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\ugInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\ugOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\zprOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\awt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\axbridge.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\cmm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dcpr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Cram » June 3rd, 2011, 11:57 am

ESET log continued

C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\deploy.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dt_shmem.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dt_socket.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\fontmanager.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\hpi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\hprof.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\instrument.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\ioser12.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\j2pcsc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\j2pkcs11.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jaas_nt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java-rmi.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaws.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java_crw_demo.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jawt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\JdbcOdbc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jdwp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jli.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpeg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpicom.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpiexp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpinscp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpioji.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpishare.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jsound.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jsoundds.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\keytool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\kinit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\klist.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\ktab.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\management.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\net.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\nio.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava11.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava12.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava13.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava14.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npoji610.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\orbd.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\pack200.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\policytool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\regutils.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmid.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmiregistry.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\servertool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\splashscreen.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\sunmscapi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\tnameserv.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\unpack.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\unpack200.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\verify.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\wsdetect.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\zip.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\client\jvm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\iGdiCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IScrCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\ISRT.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IUserCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\IScript\iscript.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Intel\Media SDK\i1\1.0\libmfxhw32-i1.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\VC\msdia80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\DAEMON Tools Lite\mfc80u.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\AODAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ati64.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\atistclk.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\bg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\cpu.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ET6SC.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ETcall.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ETcallmgr.exe a variant of Win32/Kryptik.ONW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\et_ycc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\MFCSPD.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\nvgpio1.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\OCK.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{5BC1F10D-6A7A-41AE-AC7C-6BD454204729}\Setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\psvince.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_liba52.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libdts.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_samplerate.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_unrar.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\iconv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\libFLAC.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\dxr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mp4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ogm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ts.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\graphedit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\proppage.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Silverlight\4.0.60310.0\coreclr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\NICDRV_8169\WIN7\RTNUninst32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Rar.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\RarExt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\RarExtLoader.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Uninstall.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\UnRAR.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\WinRAR.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Formats\7zxa.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\IEXPLOREmgr.exe.vir a variant of Win32/Kryptik.ONW trojan (unable to clean) 00000000000000000000000000000000 I
C:\totalcmd\TCUNZLIB.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\totalcmd\WCMZIP32.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6437a0a0-13482d8a a variant of Win32/Kryptik.ONR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f08de82-n\jmc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f08de82-n\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79dd6c58-n\decora-d3d.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79dd6c58-n\decora-sse.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\Desktop\remover.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\Desktop\vi77ns1e.exe Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\Downloads\frostwire-4.21.3.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b8d6d18bb8f2ea40a75a552ec91de1c3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 03:47:03
# local_time=2011-06-03 04:47:03 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 610947 43640334 339946 0
# compatibility_mode=5893 16776573 100 94 12144607 59573776 0 0
# compatibility_mode=8192 67108863 100 0 6627 6627 0 0
# scanned=71973
# found=366
# cleaned=0
# scan_time=8637
C:\Fraps\frapslcd.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Advanced System Optimizer 3\ArmAccess.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Advanced System Optimizer 3\updater\extract\7z.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Common\Bin\AliasMetaDataHandler.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Licensing\bin\findkey.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Alias Shared\Licensing\bin\installKey.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtCore4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtGui4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtNetwork4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\AdLM\R1\QtXml4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\apcw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\msvcr80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\pcwsupport.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\pcw_opa.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\qt-mt338.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\wrapper.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\wrapper.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\aruba.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwfcore.1.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwfcore_wt.1.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk_ro.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\dwftk_wt.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\from100to97.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\gBase50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\gpi50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\granite50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\Jt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtBrep72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtImageIO72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtLibra72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtSimp72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtSupt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtTk50.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\JtXTBrep72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libAG.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaJNI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaModelBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libArubaModelDefn.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCAIIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCATIA4IO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCATIA5IO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libCSBIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDevIL.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDWFIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libDWGIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libFBXIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libGeometryAlg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libGeometryDefn.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIGESIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libImage.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIPTIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libIVIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libJTIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libpcre.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSTEPIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSTLIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libSWIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libTesselation.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libUGIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libzlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\libZPRIO.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\ParaSupt72.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk_ro.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\w3dtk_wt.1.5.1555.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk_ro.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\whiptk_wt.7.11.601.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\xaml_wt.7.5.0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\Zpr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\caiInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\catiaV4Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\catiaV5Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\csbInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\dwgOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\igesOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\jtInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\jtOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_caiInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_catiaV4Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_catiaV5Input.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_csbInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwgInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_dwgOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_grInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_igesInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_igesOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_iptInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_jtInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_jtOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_spfInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_spfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_stepInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_swInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_ugInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_ugOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\serviceDecl_zprOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\spfOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\stlOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\ugInput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\ugOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\bin\Aruba\plug-ins\translators\zprOutput.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\awt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\axbridge.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\cmm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dcpr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\deploy.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dt_shmem.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\dt_socket.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\fontmanager.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\hpi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\hprof.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\instrument.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\ioser12.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\j2pcsc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\j2pkcs11.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jaas_nt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java-rmi.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaws.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\java_crw_demo.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jawt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\JdbcOdbc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jdwp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jli.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpeg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpicom.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpiexp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpinscp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpioji.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jpishare.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jsound.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\jsoundds.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\keytool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\kinit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\klist.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\ktab.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\management.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\net.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\nio.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava11.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava12.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava13.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava14.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npjava32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npoji610.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\npt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\orbd.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\pack200.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\policytool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\regutils.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmid.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\rmiregistry.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\servertool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\splashscreen.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\sunmscapi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\tnameserv.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\unpack.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\unpack200.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\verify.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\wsdetect.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\zip.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\client\jvm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\iGdiCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IScrCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\ISRT.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IUserCnv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\IScript\iscript.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Intel\Media SDK\i1\1.0\libmfxhw32-i1.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\VC\msdia80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\DAEMON Tools Lite\mfc80u.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\AODAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ati64.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\atistclk.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\bg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\cpu.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ET6SC.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ETcall.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\ETcallmgr.exe a variant of Win32/Kryptik.ONW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\et_ycc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\MFCSPD.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\nvgpio1.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GIGABYTE\ET6\OCK.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{5BC1F10D-6A7A-41AE-AC7C-6BD454204729}\Setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\psvince.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_liba52.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libdts.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_samplerate.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_unrar.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\iconv.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\libFLAC.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\dxr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mp4.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ogm.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ts.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\graphedit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\proppage.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Silverlight\4.0.60310.0\coreclr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\NICDRV_8169\WIN7\RTNUninst32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Rar.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\RarExt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\RarExtLoader.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Uninstall.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\UnRAR.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\WinRAR.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\WinRAR\Formats\7zxa.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\IEXPLOREmgr.exe.vir a variant of Win32/Kryptik.ONW trojan (unable to clean) 00000000000000000000000000000000 I
C:\totalcmd\TCUNZLIB.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\totalcmd\WCMZIP32.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6437a0a0-13482d8a a variant of Win32/Kryptik.ONR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f08de82-n\jmc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f08de82-n\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79dd6c58-n\decora-d3d.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-79dd6c58-n\decora-sse.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\Desktop\remover.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\John\Downloads\frostwire-4.21.3.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\libeay32.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\MatchMoverApp.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\qt-mt338.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLlogProc.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLmasterKeyerUtil.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLpeBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLpeUiBase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLshape.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLshapeExtensions.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\plugins\libDLshapeUi.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\boost_python-iw-mt-1_38.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\boost_python.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\composite.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libdb41.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLbase.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLbuiltinTools.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLdatamgt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLframework.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLgfx.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLinternalAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLmedia.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLpluginAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLprimitives.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLrender.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLresmgt.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLtxapp.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libDLui.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\libwiretapClientAPI_dynamic.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\python.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\python26.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\pythonw.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\txrender.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\txutil.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\program\txversion.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\sqlite3.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\tcl85.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\tclpip85.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\dlls\tk85.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-6.0.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-7.1.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-8.0.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-8_d.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\distutils\command\wininst-9.0.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\python\lib\site-packages\autodesk_toxik\libs\libDLrelocationBrowser.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\copyProjects.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_bg_io_tool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_client_tool.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_create_audio.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_create_clip.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_create_node.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_destroy_node.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_dump_translations.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_children.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_clip_format.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_display_name.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_frames.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_metadata.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_node_type.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_num_frames.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_get_root_node.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_is_clip.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_ping.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_print_tree.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_read_stream.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_resolve_path.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_resolve_storage_id.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_rw_file.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_rw_frame.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_server_dump.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_set_metadata.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_set_num_frames.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DMaya\wiretap\bin\wiretap_translate_path.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\cmdjob.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\libDLnrapi30.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\manager.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\managersvc.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\MFC71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\monitor.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvci70.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvcp71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvcr70.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\msvcr71.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\nrapi20.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\nrapiTools.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\server.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\3DStudio\serversvc.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\Capftpd.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\CaplioSetting.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\cdshare.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\cnvimg.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\dudbif.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\imghdlr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\libRSPAPI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\ListEdit.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\LogMgr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\RILDIB.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\RPLFLT.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\stichSL.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\tmkdbif.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\zlib.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\Disk1\Setup.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\BITW32.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\JPDW32.DLL a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\RJc1Wia.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\CaplioSoftWinV_E\WIA driver\RWiaExif.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\CallOfDutyModernWarfare\iw3mp.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\CallOfDutyModernWarfare\Mods\ModWarfare\7za.exe a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\World of Warcraft\divxdecoder.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Games\World of Warcraft\ijl15.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\may__a2011__32.iso a variant of Win32/Keygen.BL application (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\CustomProductUI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\msvcp80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\msvcr80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\PPZlib123.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\xerces-c_1_6_0.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\main\32bit\resmgr.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\Setup\CustomProductUI.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\Setup\msvcp80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\Autodesk.3ds.Max.2009.Incl.Keygen-X-FORCE\Autodesk.3ds.Max.2009.Inc\l.Keygen-X-FORCE\Setup\msvcr80.dll a variant of Win32/Ramnit.H virus (unable to clean) 00000000000000000000000000000000 I
E:\Programs\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Ramnit.H virus 00000000000000000000000000000000 I
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Cram » June 3rd, 2011, 12:00 pm

UPDATED DDS

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by John at 16:52:07 on 2011-06-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3387.2246 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com?o=14196&l=dis
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\ogbxtdmm\wmskedvd.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
StartupFolder: c:\users\john\appdata\roaming\microsoft\windows\start menu\programs\startup\wmskedvd.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\1q6oc5u9.default\
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-20 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-20 269480]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2010-12-21 239336]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-20 61960]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 250264]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-12-20 232448]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-20 277536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-12-20 17488]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-31 39984]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-23 1343400]
.
=============== Created Last 30 ================
.
2011-06-03 11:32:38 -------- d-----w- c:\program files\ESET
2011-06-02 12:02:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-02 12:02:13 -------- d-----w- c:\users\john\appdata\local\temp
2011-06-02 11:30:59 -------- d-----w- c:\users\john\appdata\local\{0A7E6B07-643D-47F0-84A3-450048CB5CE9}
2011-06-01 16:02:37 -------- d-----w- c:\users\john\appdata\local\{F339FA02-3D39-4811-A34B-24D87B3CEBD9}
2011-05-31 16:52:20 -------- d-----w- c:\users\john\appdata\local\{46A631C2-CDD1-4869-A69D-C05557863239}
2011-05-31 13:04:53 -------- d-----w- c:\users\john\appdata\roaming\GetRightToGo
2011-05-31 11:57:37 -------- d-----w- c:\users\john\appdata\local\{4F8B16BF-9EB7-4E93-9B06-FC38A0F786D2}
2011-05-31 11:37:05 98816 ----a-w- c:\windows\sed.exe
2011-05-31 11:37:05 518144 ----a-w- c:\windows\SWREG.exe
2011-05-31 11:37:05 256512 ----a-w- c:\windows\PEV.exe
2011-05-31 11:37:05 208896 ----a-w- c:\windows\MBR.exe
2011-05-31 11:22:39 -------- d-----w- c:\users\john\appdata\local\{B3FE5BC3-9A7C-4764-95CF-0A636B74F2E5}
2011-05-31 10:17:29 -------- d-----w- c:\users\john\appdata\local\{EFDF29D0-DEB3-4CD2-8E1D-B333BD116EA6}
2011-05-31 09:58:04 -------- d-----w- c:\users\john\appdata\local\{BF32D629-119E-4FC9-AD97-E780C67E8AF3}
2011-05-31 09:41:57 -------- d-----w- c:\users\john\appdata\local\{32A28967-8736-439D-A671-7B641892A7FF}
2011-05-31 09:08:53 -------- d-----w- c:\users\john\appdata\local\{42EA3C18-1F83-49F5-A9A7-404A679191B2}
2011-05-31 08:41:31 -------- d-----w- c:\users\john\appdata\local\{14EE2822-17F9-479B-BAD8-C371C0B7B75D}
2011-05-31 08:20:01 -------- d-----w- c:\users\john\appdata\local\{ADD644CA-2774-443D-B374-AB4E21F61CC6}
2011-05-31 08:13:48 -------- d-----w- c:\users\john\appdata\roaming\Malwarebytes
2011-05-31 08:13:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 08:13:43 -------- d-----w- c:\programdata\Malwarebytes
2011-05-31 08:09:13 -------- d-----w- c:\users\john\appdata\local\{26A9E3A5-4090-4B52-8D27-B6C2878FEFF6}
2011-05-31 08:00:04 -------- d-----w- c:\users\john\appdata\local\{D56D5D43-8DD1-48EC-B52C-09FF40DD612D}
2011-05-31 07:38:06 -------- d-----w- c:\users\john\appdata\local\{84C29527-5521-42A4-92DE-4E433C78AB84}
2011-05-31 01:58:47 -------- d-----w- c:\users\john\appdata\local\{8911D2D7-1BE5-456E-B942-02D39CB7CFEC}
2011-05-31 01:41:21 -------- d-----w- c:\program files\ogbxtdmm
2011-05-29 13:38:00 -------- d-----w- c:\users\john\appdata\local\{7063AFA2-B287-4D30-BFCA-843BF6D07E8C}
2011-05-27 23:35:48 -------- d-----w- c:\users\john\appdata\local\{C3DFB912-260C-420C-92A8-9B53BAA388A3}
2011-05-27 10:57:12 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-27 10:56:20 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-27 10:56:20 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-27 10:56:19 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-27 10:56:19 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-27 10:56:19 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-27 10:56:17 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-05-27 10:56:02 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-27 10:56:02 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-27 10:56:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-27 10:56:01 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-05-27 10:54:41 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-27 10:54:38 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-05-27 10:54:37 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-27 10:54:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-27 10:54:37 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-27 10:54:34 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-27 10:54:34 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-27 10:54:34 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-27 10:54:34 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-27 10:40:31 -------- d-----w- c:\users\john\appdata\local\{022A8DF5-CEB3-4B97-A99A-8071426A3CFF}
2011-05-10 18:44:17 -------- d-----w- c:\users\john\appdata\local\{98893324-5E82-4DBF-B2D6-DAA75169200E}
.
==================== Find3M ====================
.
2011-05-31 11:22:35 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-05-31 11:22:21 17488 ----a-w- c:\windows\gdrv.sys
2009-11-19 21:08:02 3749224 ------w- c:\program files\common files\adlmint_libFNP.dll
2009-11-19 21:08:02 2941288 ------w- c:\program files\common files\adlmint.dll
.
============= FINISH: 16:52:20.28 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 20/12/2010 19:06:07
System Uptime: 03/06/2011 12:28:53 (4 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-UD2H
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | Socket 1156 | 2926/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 24 GiB total, 9.819 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 293 GiB total, 252.698 GiB free.
F: is FIXED (NTFS) - 86 GiB total, 85.356 GiB free.
G: is FIXED (NTFS) - 87 GiB total, 86.06 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_3B641458&REV_06\3&13C0B0C5&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_3B641458&REV_06\3&13C0B0C5&0&B0
Service:
.
==== System Restore Points ===================
.
RP79: 02/06/2011 12:32:48 - Removed Java(TM) 6 Update 21
RP80: 02/06/2011 12:34:30 - malware fix
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Advanced System Optimizer
Advanced Uninstaller PRO - Version 10
Assassin's Creed
Assassin's Creed II
Autodesk 3ds Max 2009 32-bit
Autodesk Backburner 2008.1
Autodesk DirectConnect 2010 R1
Autodesk MatchMover 2011 32-bit
Autodesk Maya 2011 32-bit
Autodesk Maya 2011 English Documentation 32-bit
Avira AntiVir Personal - Free Antivirus
Caplio Software
Composite 2011
D3DX10
DAEMON Tools Toolbar
Easy Tune 6 B10.0420.1
ESET Online Scanner v3
Fraps
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
K-Lite Codec Pack 4.2.5 (Full)
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Mozilla Firefox 4.0.1 (x86 en-GB)
MSVCRT
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Total Commander (Remove or Repair)
Trojan Killer 2.0
Ubisoft Game Launcher
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
31/05/2011 18:00:24, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{65EA43DE-B722-47BC-8496-2439784ECC. The master browser is stopping or an election is being forced.
31/05/2011 12:21:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053111-13640-01.
31/05/2011 11:19:14, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
31/05/2011 09:11:04, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
03/06/2011 12:29:19, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
02/06/2011 12:59:48, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/06/2011 12:53:17, Error: Service Control Manager [7034] - The mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit service terminated unexpectedly. It has done this 1 time(s).
01/06/2011 17:18:22, Error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 5 time(s).
01/06/2011 17:17:27, Error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 4 time(s).
01/06/2011 17:02:27, Error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 3 time(s).
01/06/2011 17:02:25, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
01/06/2011 17:02:25, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Cram » June 3rd, 2011, 12:02 pm

it look like alot of the problems are related to maya, should i uninstall this?
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Carolyn » June 4th, 2011, 8:58 am

Unfortunately, the ESET online scan has confirmed that your computer is infected with Ramnit. The only true solution is to re-format and re-install Windows.

Win32/Ramnit is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.


Please read the article below which will give you a few suggestions for how to minimize your chances of getting another infection.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Cram » June 4th, 2011, 9:12 am

Hi, thanks for all your time and help

Im going to reformat and reinstall windows ASAP. In the meantime, is it safe for me to be using Ubuntu as an OS? I have my hard disk partitioned with windows in one partition and ubuntu in the other.
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Carolyn » June 5th, 2011, 12:20 pm

You're welcome, Cram. :)

You should reformat the Windows partition immediately. If you do not have time to reinstall Windows right away, using the Ubunto partition should be okay. To be safe, you should scan that installation with security tools native to that operating system first.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Cram » June 5th, 2011, 7:35 pm

I decided to reformat everything just to be on the safe side. Win 7 reinstalled and everything seems to be fine. Case (hopefully) closed.

Thanks agian, i really appreciate your help :)
Cram
Active Member
 
Posts: 8
Joined: May 31st, 2011, 9:28 am

Re: Windows 7 recovery malware / Avira Anti Vir HTML/Drop.Ag

Unread postby Carolyn » June 6th, 2011, 6:49 am

As the resolution of this issue involves a reformat, and there have been no further questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware