Norton power eraser problem

View previous topic View next topic Go down

Norton power eraser problem

Post by bertington on Fri 13 May 2011, 4:23 am

Ok my helper in my last thread has disappeared. An irl friend suggested combifix and malwarebytes for my ranmit 32 virus, which, along with TDSSKiller.exe, seems to have done some good (my HDD isn't CONSTANTLY making noise anymore, for instance), but I still have massive browser window spam and redirected google pages.

The advice in my last thread was to reformat, which I will be doing in a few weeks, but this is an attempt to fix my pc as bet I can until that time.

After using the above tools, someone suggested I try using this - [You must be registered and logged in to see this link.]

And it has indeed found stuff that the others appear to have missed: Unfortunately when I click "fix" for what it's found, it says "System restore point cannot be created because the windows system restore service is stopped. Use the administrative tools in your control panel to start system restore service and try again."

I can't find the relevant option in control panel
Any ideas!?

bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by Sneakyone on Fri 13 May 2011, 1:05 pm

Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Norton power eraser problem

Post by bertington on Fri 13 May 2011, 1:37 pm

edit: I'm an idiot... One sec, going to do the scan again

bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by bertington on Fri 13 May 2011, 1:56 pm

Thanks for your reply!

Ok I don't know why but OTL isn't producing an extras file at the end of the scan. I'm definately pasting the text into for the custom scans/fixes though

Here's the OTL file:

OTL logfile created on: 13/05/2011 03:42:32 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrew\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.25 Gb Total Space | 26.05 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 32.90 Gb Free Space | 11.04% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 03:21:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
PRC - [2010/08/26 02:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/26 02:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/18 14:13:50 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/27 15:05:44 | 000,323,989 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Krait\razerofa.exe
PRC - [2007/02/16 17:46:20 | 000,295,261 | ---- | M] () -- C:\Program Files\Razer\Krait\razertra.exe
PRC - [2007/02/16 17:44:08 | 000,307,555 | ---- | M] () -- C:\Program Files\Razer\Krait\razerhid.exe
PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 03:21:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/11 06:44:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/26 02:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/05/18 14:13:50 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/01/19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 02:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/15 13:47:24 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/05/06 10:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/01/20 15:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/19 20:01:51 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/07 17:27:52 | 000,013,324 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\krait.sys -- (krait03)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.selectedEngine: "Dictionary.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.guardian.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 23:24:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 19:51:22 | 000,000,000 | ---D | M]

[2008/09/15 20:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2011/05/12 13:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\extensions
[2010/05/25 20:08:21 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\extensions\firefox@tvunetworks.com
[2010/03/16 02:47:05 | 000,002,275 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\searchplugins\aim-search.xml
[2010/04/11 17:54:37 | 000,000,921 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\searchplugins\dictionarycom.xml
[2011/05/12 13:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 14:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/09/29 00:07:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 14:43:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/05/06 19:51:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/06 19:51:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/06 19:51:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/06 19:51:03 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/11 23:41:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\ngfminbl\vmwysnkc.exe) - File not found
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 14:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/05/12 14:08:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\NPE
[2011/05/12 13:49:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/05/12 00:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/11 23:42:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/11 23:42:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/11 23:42:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp
[2011/05/11 23:27:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/11 23:27:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/11 23:27:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/11 23:27:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/11 23:26:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/11 23:26:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/11 23:24:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/16 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\PackageAware
[2011/04/14 15:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/14 14:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/14 14:43:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/14 14:43:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/14 14:43:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/14 12:31:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\ESET
[2011/04/14 01:06:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/13 20:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\ngfminbl
[31 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 02:56:36 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 02:56:36 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 15:03:07 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/12 15:03:07 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/12 14:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/12 14:56:35 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/12 14:09:07 | 013,685,357 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\SMRBackup162.dat
[2011/05/12 03:41:12 | 000,008,505 | -HS- | M] () -- C:\Users\Andrew\Folder.jpg
[2011/05/12 03:41:12 | 000,002,318 | -HS- | M] () -- C:\Users\Andrew\AlbumArtSmall.jpg
[2011/05/12 03:13:01 | 075,657,440 | ---- | M] () -- C:\Users\Andrew\paracast_110508.mp3
[2011/05/11 23:41:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/11 23:25:57 | 000,000,680 | ---- | M] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2011/05/11 23:22:44 | 249,944,606 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/11 23:17:00 | 004,346,086 | R--- | M] () -- C:\Users\Andrew\Desktop\ComboFix.exe
[2011/04/26 00:49:21 | 075,657,504 | ---- | M] () -- C:\Users\Andrew\paracast_110424.mp3
[2011/04/21 01:12:07 | 000,092,160 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/14 19:20:58 | 005,866,654 | ---- | M] () -- C:\Users\Andrew\sex_movie_03.mov
[2011/04/14 18:23:12 | 000,059,082 | ---- | M] () -- C:\Users\Andrew\Martin,_John_-_The_Deluge_-_1834.jpg
[2011/04/14 15:01:55 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/14 14:43:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/14 14:43:24 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/14 14:43:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/14 14:43:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/14 14:29:22 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/14 01:06:29 | 000,001,950 | ---- | M] () -- C:\Users\Andrew\Desktop\HiJackThis.lnk
[31 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 14:08:47 | 013,685,357 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\SMRBackup162.dat
[2011/05/12 03:10:26 | 075,657,440 | ---- | C] () -- C:\Users\Andrew\paracast_110508.mp3
[2011/05/11 23:31:26 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/11 23:27:18 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/11 23:27:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/11 23:27:18 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/11 23:27:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/11 23:27:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/11 23:16:40 | 004,346,086 | R--- | C] () -- C:\Users\Andrew\Desktop\ComboFix.exe
[2011/04/26 00:46:22 | 075,657,504 | ---- | C] () -- C:\Users\Andrew\paracast_110424.mp3
[2011/04/14 19:20:49 | 005,866,654 | ---- | C] () -- C:\Users\Andrew\sex_movie_03.mov
[2011/04/14 18:23:11 | 000,059,082 | ---- | C] () -- C:\Users\Andrew\Martin,_John_-_The_Deluge_-_1834.jpg
[2011/04/14 15:01:55 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/14 15:01:55 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/14 11:37:34 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/03 06:49:08 | 000,012,682 | -HS- | C] () -- C:\Users\Andrew\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
[2011/04/03 06:49:08 | 000,012,682 | -HS- | C] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/12 22:46:31 | 000,000,263 | ---- | C] () -- C:\Windows\System32\gapa.ini
[2010/06/16 14:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/05/27 17:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/12/13 01:13:43 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/22 23:34:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/27 21:29:41 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2009/02/18 18:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/21 19:27:22 | 000,092,160 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/21 16:22:08 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/09/19 20:52:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/19 19:17:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/09/15 21:40:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/15 21:40:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/15 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2008/09/15 20:11:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/01 05:15:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/06 01:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/21 07:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,371,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/25 01:22:06 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/24 14:57:48 | 000,047,466 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\attachment.png
[2008/09/16 01:59:56 | 000,000,286 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/11 23:17:00 | 004,346,086 | R--- | M] () -- C:\Users\Andrew\Desktop\ComboFix.exe
[31 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/05/06 19:51:00 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/05/06 19:51:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/05/06 19:51:03 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/15 21:21:12 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/03 07:08:21 | 000,012,682 | -HS- | M] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 08:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/21 03:23:54 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 08:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[1996/04/03 20:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
[2006/11/02 08:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\speedfan.sys
[2010/12/31 14:25:17 | 002,038,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2010/08/26 02:19:28 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/01/02 05:10:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/05/11 23:42:46 | 000,009,950 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/09/19 19:39:20 | 000,000,237 | ---- | M] () -- C:\csb.log
[2011/05/12 14:56:35 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/16 02:29:24 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2011/04/14 14:47:09 | 000,003,064 | ---- | M] () -- C:\JavaRa.log
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/12 14:56:34 | 4070,129,664 | -HS- | M] () -- C:\pagefile.sys
[2008/09/19 19:37:28 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2011/05/12 14:04:23 | 000,058,590 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_12.05.2011_14.02.44_log.txt
[2008/07/26 18:22:44 | 000,000,004 | RHS- | M] () -- C:\WINOS.SYS

< %PROGRAMFILES%\*. >
[2011/04/14 12:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/04/14 15:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/15 21:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/03 13:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/09/27 01:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/04/08 22:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/04/14 12:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2011/05/11 23:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/04/05 16:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID
[2010/12/17 13:32:56 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/09/17 19:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/11 22:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/08 22:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/05/12 01:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/22 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\JAM Software
[2010/12/11 14:02:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/12 01:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\jZip
[2011/05/12 13:56:57 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/22 17:26:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/09/19 20:51:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/02/03 05:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/02/11 09:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/14 11:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/09/19 20:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/04/14 12:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/02 11:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/04/14 12:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/09/08 09:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/12 14:57:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/02/11 09:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/04/14 12:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mumble
[2009/06/22 19:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2011/05/12 01:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\ngfminbl
[2009/03/08 23:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Prime95
[2011/05/12 01:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/16 13:57:06 | 000,000,000 | ---D | M] -- C:\Program Files\Razer
[2008/09/19 20:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/04/14 12:58:55 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2011/05/04 18:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2011/05/13 00:40:25 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2011/04/14 13:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2009/05/25 23:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/08/05 00:50:06 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2011/04/14 13:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/11 22:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/04/25 03:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2011/04/14 12:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2008/09/17 19:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/04/20 16:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/01/21 03:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 03:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 03:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/21 03:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/05/22 17:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/22 17:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/04/11 22:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/12 22:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 03:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 03:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2009/03/02 18:48:36 | 000,076,407 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Smiley.ico
[2011/05/12 14:09:07 | 013,685,357 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\SMRBackup162.dat


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 09:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-13 18:33:48

< End of report >



bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by Sneakyone on Fri 13 May 2011, 2:49 pm

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - File not found
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - File not found
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\Program Files\ngfminbl\vmwysnkc.exe) - File not found
    O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
    [2011/04/13 20:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\ngfminbl

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\Windows\System32\userinit.exe,"

    :commands
    [emptytemp]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

---------------------------

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Norton power eraser problem

Post by bertington on Sat 14 May 2011, 3:13 am

Thanks again for the response!

combodix.txt (which seems to be identical to the log that popped up after the scan finished:
ComboFix 11-05-11.01 - Andrew 13/05/2011 17:00:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3582.2654 [GMT 1:00]
Running from: c:\users\Andrew\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 16:04 . 2011-05-13 16:04 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2011-05-13 16:04 . 2011-05-13 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 15:14 . 2011-05-13 15:14 -------- d-----w- C:\_OTL
2011-05-12 13:08 . 2011-05-12 13:08 -------- d-----w- c:\programdata\Norton
2011-05-12 13:08 . 2011-05-12 13:12 -------- d-----w- c:\users\Andrew\AppData\Local\NPE
2011-05-12 12:49 . 2011-05-12 12:49 -------- d-----w- c:\windows\system32\EventProviders
2011-05-11 23:00 . 2011-05-12 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 16:36 . 2011-04-16 16:36 -------- d-----w- c:\users\Andrew\AppData\Local\PackageAware
2011-04-14 14:01 . 2011-04-14 14:01 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-14 13:43 . 2011-04-14 13:43 -------- d-----w- c:\program files\Common Files\Java
2011-04-14 11:31 . 2011-04-14 11:31 -------- d-----w- c:\users\Andrew\AppData\Local\ESET
2011-04-14 00:06 . 2011-04-14 00:06 388096 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 13:43 . 2010-12-11 13:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-15 04:05 . 2011-04-02 01:21 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2A3BC4F-447A-4CB4-991A-C0BC7371BBE5}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-03 399736]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Krait"="c:\program files\Razer\Krait\razerhid.exe" [2007-02-16 307555]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3680316882-2675168402-2279185747-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-18 185640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
S3 krait03;Razer krait USB Filter Driver;c:\windows\system32\Drivers\krait.sys [2005-12-07 13324]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: TVU Web Player: [You must be registered and logged in to see this link.] - %profile%\extensions\firefox@tvunetworks.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-13 17:04
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-13 17:05:16
ComboFix-quarantined-files.txt 2011-05-13 16:05
ComboFix2.txt 2011-05-11 22:42
.
Pre-Run: 28,475,281,408 bytes free
Post-Run: 28,443,373,568 bytes free
.
- - End Of File - - 62A4269AF664008FF6DE47DCF7D5F893

bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by Sneakyone on Sat 14 May 2011, 7:16 am

Are you getting help from here as well? [You must be registered and logged in to see this link.]

I ask that you keep it limited to this thread while we are working.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Norton power eraser problem

Post by bertington on Sun 15 May 2011, 6:14 am

WOW!!! Ok after doing that last combifix scan (I think that's the second, but mayb the third), the virus apparently decided to strike back by blocking me from this site!? How the hell did it know to do that!? It also blocked any website with the word microsoft in it, along with any bleepingcomputer.com URLs..... wow.

I eventually got some help from here - [You must be registered and logged in to see this link.]
Which has at least now let me get back on this thread.

Thanks for the help, I didn't just go MIA. The thread you linked to is this one I think, but I was asking for help in reformatting my pc in another thread, but I'm just trying to fix it atm, this is the only thread I'm using I promise!!

bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by bertington on Sun 15 May 2011, 7:19 am

OK the scan's completed, I asked it to delete the files it could. Some of them it couldn't delete...

Log file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=228e7675fd34bc45a5225d5d6521a790
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-14 08:12:37
# local_time=2011-05-14 09:12:37 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 55970960 55970960 0 0
# compatibility_mode=5892 16776574 66 100 3693478 142933494 0 0
# compatibility_mode=8192 67108863 100 0 129 129 0 0
# scanned=178933
# found=350
# cleaned=336
# scan_time=3191
C:\Program Files\Adobe\Reader 10.0\ReadMe.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Adobe\Reader 10.0\Reader\ccme_base.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Adobe\Reader 10.0\Reader\cryptocme2.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Adobe\Reader 10.0\Reader\Legal\ENU\license.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\de\welcome_generic.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\de\welcome_generic_small.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\en-US\welcome_generic.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\en-US\welcome_generic_small.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\es\welcome_generic.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\es\welcome_generic_small.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\fr\welcome_generic.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\fr\welcome_generic_small.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\pt-BR\welcome_generic.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Branding\Welcome\pt-BR\welcome_generic_small.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_FMV.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_generic.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_MR9600_MOB.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_MR9700_MOB.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_R9600_DSK.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_R9700_DSK.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_R9800_DSK.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_en-US_RX800_DSK.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_FMV.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_FMV_small.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_generic.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcome_generic_small.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\welcom_en-US_cycle.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\inspector.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\iTunes\iTunesHelpermgr.exe Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\iTunes\iTunesmgr.exe Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\Welcome.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre6\bin\dt_socket.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre6\bin\ioser12.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Java\jre6\bin\java_crw_demo.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_cs-cz.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_de-de.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_en-us.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_es-es.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_fr-fr.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_it-it.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_ja-jp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_ko-kr.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_nb-no.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_nl-nl.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_pl-pl.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_pt-br.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Help_ru-ru.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_cs-cz.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_de-de.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_en-us.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_es-es.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_fr-fr.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_it-it.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_ja-jp.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_ko-kr.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_nb-no.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_nl-nl.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_pl-pl.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_pt-br.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Games for Windows - LIVE\Client\Help\Http_error_ru-ru.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\INTLBAND.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\ACREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\INDEX.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\INREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\OLREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\PBREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\PPREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\PVREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\TOUR.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\WDREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\1033\XLREADME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\AccessWeb\CLNTWRAP.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\HTML\context.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Analyze Sales.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Employees.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Review Orders.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Review Products.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Sales.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\1033\EMPTY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\1033\HelpWatermark.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Microsoft Office\Templates\MseNewFileItems\HTMLPAGE.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Mozilla Firefox\res\hiddenWindow.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\MSECache\O2007Cnv\1033\README.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ngfminbl\vmwysnkc.exe Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\QuickTime Read Me.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\QuickTime\QTSystem\QTCF.dll Win32/Ramnit.H virus (error while cleaning) 00000000000000000000000000000000 I
C:\Program Files\Razer\Krait\razerhid.exe Win32/Ramnit.H virus (error while cleaning) 00000000000000000000000000000000 I
C:\Program Files\Razer\Krait\razerhidmgr.exe Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Razer\Krait\razerlan.dll Win32/Ramnit.H virus (error while cleaning) 00000000000000000000000000000000 I
C:\Program Files\Razer\Krait\razerofa.exe Win32/Ramnit.H virus (error while cleaning) 00000000000000000000000000000000 I
C:\Program Files\Razer\Krait\razerofamgr.exe Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Razer\Krait\razertra.exe Win32/Ramnit.H virus (error while cleaning) 00000000000000000000000000000000 I
C:\Program Files\Razer\Krait\razertramgr.exe Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\SopCast\adv\clips\18CA426D-7B6D-2F41-FCE2-93B1157CCB67\index.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\53FAEDB4-9206-0A0A-6185-3FE87F746365\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\54AA7341-FB3F-2750-C038-4906A1C923AA\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\59D3CDB3-5B26-2EB4-729D-EF4CAB22F95B\index.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\68D83996-BEB7-2C08-454B-50F66D75CD0E\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\72B2951C-64B6-BE0D-0E10-4FE8371CD0A0\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\75850311-B208-6DC9-EB63-A59D46BDBBC1\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\82AED070-D3C5-4B8B-E80D-FB1AAF91015E\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\854A1DBA-8EBC-1EBB-775F-C7DCFCBE92CA\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\8A4395D3-0F56-143C-09D4-FB9E584AEA60\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\A1757DB2-F068-EB6A-4228-3A9EA3519CCB\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\D957E741-3FB1-FCFE-9524-CCF1EB1DA723\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\EB0865ED-04AC-EF36-424C-D42922944F94\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\clips\EE067279-16A4-84A3-33F8-B273AB5A44F2\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\default\home.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SopCast\adv\default\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\Public\Account.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\Public\ssa_english.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\Public\ssa_french.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\Public\ssa_german.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\Public\ssa_italian.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\Public\ssa_russian.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\Public\ssa_spanish.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat\DEMOPLAYER.DLL Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat\voice_miles.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat\voice_speex.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat\platform\servers\serverbrowser.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat\platform\Steam\cached\offline_english.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat source\dod\resource\maphtml\dod_colmar_english.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat source\dod\resource\maphtml\dod_jagd_english.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\day of defeat source\dod\resource\maphtml\dod_palermo_english.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\DemoPlayer.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\voice_miles.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\voice_speex.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\ns\fmod.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\ns\cl_dlls\client.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\ns\dlls\ns.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\platform\servers\serverbrowser.dll Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Steam\steamapps\horn_\half-life\platform\Steam\cached\OFFLINE_ENGLISH.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\BINDS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\CHANNEL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\DEVICE-LOGITECH-G15.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\DEVICE-LOGITECH-G19.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\DEVICE-LOGITECH-G35.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\DEVICE-OVERLAY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\GRPTRGCMD.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\GRPTRGEDITOR.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\grptrgvoice.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\main.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\RANK.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\RECORD.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\server.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\SETUP.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\setupbinds.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\SETUPEVENTS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\setupglobal.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\SETUPMISC.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\SETUPNETWORK.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\SETUPOVERLAY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\setupspeech.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\setupvoice.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\setupvoicetraining.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\sfx.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\srvprop.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\user.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\usereditor-admin.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\usereditor-chanadmin.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\usereditor-chanauth.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\usereditor-display.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\usereditor-info.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\usereditor-network.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\USEREDITOR-TRANSMIT.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\USEREDITOR.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ventrilo\Doc\USEROPTIONS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\http\FLASH.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\http\INDEX.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\http\MOSAIC.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\http\VLM.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\http\VLM_EXPORT.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\lua\http\FLASH.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\lua\http\INDEX.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\lua\http\MOSAIC.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\lua\http\VLM.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\VideoLAN\VLC\lua\http\VLM_EXPORT.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\acccore\plugins\{64613142-4B62-7879-6563-337541545364}\INVITE.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\acccore\plugins\{64613142-4B62-7879-6563-337541545364}\MULTIPLAYER.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\acccore\plugins\{64613142-4B62-7879-6563-337541545364}\PLUGIN.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\acccore\plugins\{64613142-4B62-7879-6563-337541545364}\SINGLEPLAYER.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\acccore\plugins\{64653137-6737-6936-486A-3566764D7375}\PLUGIN.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\acccore\plugins\{64653150-6D73-7770-5F76-636F6D57765A}\PLUGIN.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\acccore\plugins\{64653157-664A-4542-6A4C-6A39334B3934}\PLUGIN.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\SEARCH.HTML Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\plugins\STATUS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\rss\RSS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\ABOUT.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\ADDBUDDYBUTTON.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\ADDCUSTOMBUTTON.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\BUTTONS_FRAME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\CLEARPRINTS_CONFIRM.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\DEFAULTSEARCH.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\DROPCUSTOMBUTTON.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\FIRSTTIMEPAGE.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\FOOTPRINTS_FRAME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\LATEST.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\OLDERVERSION.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\OPTIONS_FRAME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\POPUPS_FRAME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\PREFERENCES.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\RENAMECUSTOMBUTTON.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\RESETTOOLBAR.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\SEARCH_FRAME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\AIMANI.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\AREYOUSURE.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\CANCELEDINSTALL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\CANCELINGINSTALL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\CLOSERUNNING.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\CONGRATS1.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\CONGRATS2.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\CONGRATS3.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\CONGRATS4.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\ERROR_FAILEDDISKSPACECHECK.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\EULA.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\EXISTNEWERVERSION.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\INSTALLINGPROGRESS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\LEGAL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\LEGALAGREEMENT.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\NOQUALIFY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\NOTHINGTODO.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\PREPARING.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\PRIVACY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\PRIVACYPOLICY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\PRODUCTDETECTED.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\QQERR.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\REBOOTPENDING.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\TOS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\TUNESERR.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4426\html\WARNING.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4469\html\AIMANI.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4469\html\EULA.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4469\html\LEGAL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4469\html\PRIVACY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL Downloads\SUD4469\html\TOS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AIMANI.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\EULA.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\LEGAL.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\PRIVACY.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\TOS.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PICKGAME.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\nircmd.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\nircmdc.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\pev.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\swreg.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\userinit.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\winlogon.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\nird\iexplore.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\procs\explorer.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\temp\RarSFX0\procs\iexplore.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\VirtualStore\Program Files\SopCast\adv\clips\854A1DBA-8EBC-1EBB-775F-C7DCFCBE92CA\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\VirtualStore\Program Files\SopCast\adv\clips\A1757DB2-F068-EB6A-4228-3A9EA3519CCB\index.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\CasinoOnNet\Login\media\ChatPage\ChangePass_default.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\CasinoOnNet\Login\media\ChatPage\default.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\CasinoOnNet\Login\media\ChatPage\responseLiveLauncher.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\CasinoOnNet\Login\media\ChatPage\responseLiveScriptletLauncher.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\CasinoOnNet\Login\media\ChatPage\responseLiveStartApp.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwysnkc.exe Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\bookmarks.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\PacificPoker\casinopoker\Login\media\ChatPage\default.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\PacificPoker\casinopoker\Login\media\ChatPage\responseLiveLauncher.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\PacificPoker\casinopoker\Login\media\ChatPage\responseLiveScriptletLauncher.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\PacificPoker\casinopoker\Login\media\ChatPage\responseLiveStartApp.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\aHpFb2JpNVlic2JHOE1lYmNkUFZ3d255dFBFPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\aHpFb2JpNVlic2JHOE1lYmNkUFZ3d255dFBFPQ==\server.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\d2NqTmFZUmNMVG1kUHZoV0lXOFo2d2xXR0pvPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\MFpmMnEreFBaTU1wejNnbGxxcHYwR3JiNFZNPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\MFpmMnEreFBaTU1wejNnbGxxcHYwR3JiNFZNPQ==\server.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\Q3hPTHc2ZXYrTXVuMEJtNSsxTi9ySkR3S3RJPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\TVFBTlV6SlUxQmRONTJzdldqT0owcXI3T0xNPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\TVFBTlV6SlUxQmRONTJzdldqT0owcXI3T0xNPQ==\server.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\UFgyL3JDZGp3ZmVDWjRYMkRFMEhHN3JDOE8wPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\UFgyL3JDZGp3ZmVDWjRYMkRFMEhHN3JDOE8wPQ==\server.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\UGVwRmxvZHMvVmNxSTN2N0hzRFdROUdIWDNBPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\UGVwRmxvZHMvVmNxSTN2N0hzRFdROUdIWDNBPQ==\server.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Roaming\TS3Client\chats\WktkL0pSSnRlZmgzOE91TGc3NU9lSldQYTdFPQ==\channel.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\1031.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\106.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\2100.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\2445.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\2446.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\2523.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\2579.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\299.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\405.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\4081.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\663.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\create.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\frostwire-4.21.1.windows(2).exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\frostwire-4.21.1.windows.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\historical.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\ms5332.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\News.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\OTL.exe Win32/Ramnit.H virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\The Something Awful Forums(2).htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\The Something Awful Forums(3).htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\The Something Awful Forums.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\cd.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\config.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\connect.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\CONTACT.HTM Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\errmess.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\errors.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\install.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\modem.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\modem2.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\modem3.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\network.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\network2.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\other.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\pfaults.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\tapi.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\tourn.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\vendors.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\vidsound.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\Downloads\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\HTML\wol.htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
E:\Torrents\The Flashbulb - Soundtrack To A Vacant Life (mp3)\Please_read.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
${Memory} Win32/Ramnit.H virus 00000000000000000000000000000000 I

bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by Sneakyone on Mon 16 May 2011, 11:26 am

Yeah, just as me, Crush, and Belahzur suspected. Ramnit has infected legit files. It is best to just reformat without any executable backups at this point.

Backup any important files that are not .exe, .dll, .scr, .com, .html, .rar, .zip, etc.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Norton power eraser problem

Post by bertington on Mon 16 May 2011, 11:55 am

Ok, thanks for your help

bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by Sneakyone on Mon 16 May 2011, 11:57 am

No problem, you're welcome. I wish there was a way to remove it, but almost every program on your computer is infected.

If you need any more help please let me know.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Norton power eraser problem

Post by bertington on Mon 16 May 2011, 12:52 pm

Lol, yeah I was wondering what it was doing when the HDD was making noise 24/7 for the past week or so. Thanks again, I'll bump the thread if I need anymore help!

bertington

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-04-15
Operating System : vista 32 bit

View user profile

Back to top Go down

Re: Norton power eraser problem

Post by Sneakyone on Wed 18 May 2011, 10:41 am

Alrighty, sorry we are unable to clean this type of virus. If you need any help setting up a defense against it please let me know.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Norton power eraser problem

Post by Sponsored content Today at 11:16 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum