WiredWX Hobby Weather ToolsLog in

 


Win32.Ramnit

2 posters

descriptionWin32.Ramnit EmptyWin32.Ramnit

more_horiz
Hi

I am new to the site,but would like your assistance if possible please.

I have the virus Win32.Ramnit on my pc, despite havin Vigin Media Centre protection. I have downloaded the Malware Bytes anti malware, and spent all day running scans in 'Safe Mode' & 'Normal Mode'

I dont seem to be getting anywhere, with the figure of infections identified remaining pretty constant. I am losing the will to live, and think the only thing I can do is to reinstall the Operating system. (XP)

Have you any suggestions?

Thank you

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
Hi

Thank you for your help.
Please find attached the log as requested

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=bcfe8471ec31d044ac6d6db8ca7cb76c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-07 04:10:07
# local_time=2010-11-07 04:10:07 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 4157 4157 0 0
# scanned=57393
# found=4
# cleaned=4
# scan_time=3746
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\21SRO7UD\js[1].php JS/Kryptik.L.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\iTunes\iTunes.Resources\ja.lproj\iTunesHelpUnavailable.html Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\~TM15258.TMP a variant of Win32/Kryptik.HXV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
Hi
Thank you for the help. I have done as you ask, however, when i 'send' the log/s, I have a message that my internet connection is 'down'.

Is this usual?

Berni

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
Hi,

That just means the logs are too big.

Please split them into multiple posts.

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
Thank you
OTL logfile created on: 07/11/2010 18:03:39 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 286.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 105.87 Gb Free Space | 71.05% Space Free | Partition Type: NTFS

Computer Name: GARDNER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 18:02:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/10/13 12:53:40 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2010/10/13 12:53:36 | 004,314,424 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2010/10/13 12:53:36 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
PRC - [2010/10/13 12:36:02 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2010/10/13 12:35:56 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 14:32:12 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2010/05/21 18:47:24 | 000,634,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe
PRC - [2010/01/04 12:17:30 | 000,377,576 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RPS.exe
PRC - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
PRC - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\Fws.exe
PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/10 09:23:26 | 000,053,032 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/11/07 18:02:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/07 14:31:56 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/07 13:58:44 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan)
SRV - [2010/10/13 12:53:40 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/13 12:36:02 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS)
SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/10 09:23:26 | 000,053,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/11/06 13:10:52 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2010/11/03 16:15:11 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 15:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 15:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 15:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 15:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/10 09:23:14 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/07/10 09:23:14 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/07/10 09:23:04 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 17:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.virginmedia.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easynetseek.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 98 A9 62 C7 72 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/09/07 12:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/09/07 12:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NSS] C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe (Symantec Corporation)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [M8t6_MalAnk_a1T] C:\Program Files\AntiMalware Pro\AntiMalwarePro.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/09 08:35:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{73cab596-40ea-11df-a8a4-000e50b443e9}\Shell - "" = AutoRun
O33 - MountPoints2\{73cab596-40ea-11df-a8a4-000e50b443e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73cab596-40ea-11df-a8a4-000e50b443e9}\Shell\AutoRun\command - "" = I:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{8112835c-61d1-11df-a91c-000e50b443e9}\Shell\AutoRun\command - "" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: Radialpoint Security Services - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: Radialpoint Security Services - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11272609819787264)

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 18:02:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/11/07 14:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/06 13:11:40 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2010/11/06 13:10:58 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/11/06 13:10:52 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2010/11/06 13:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2010/11/06 13:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2010/11/05 09:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ICS
[2010/11/05 09:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Radialpoint
[2010/11/04 11:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/11/04 11:11:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/04 11:11:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/04 11:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/04 11:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/04 10:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVP 2009
[2010/11/04 10:37:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/11/03 16:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Ysduq
[2010/11/03 16:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Ybxyt
[2010/11/03 16:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/11/03 16:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Uxpi
[2010/11/03 16:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Ibmu
[2010/11/03 16:15:11 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/11/03 16:15:11 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/11/03 16:15:11 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/11/03 16:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Ywul
[2010/11/03 16:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Ihos
[2010/11/03 16:05:03 | 000,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sst527.sys
[2010/11/03 15:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Umlou
[2010/11/03 15:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Enkoul
[2010/11/03 15:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/03 11:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/03 11:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/02 18:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/02 15:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/02 15:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/02 14:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/02 14:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/27 15:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Virgin Media
[2010/10/27 15:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/10/27 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2010/10/27 15:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2010/10/24 08:48:29 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/10/24 08:48:29 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/10/23 14:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Tracing
[2010/10/23 14:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/23 14:51:34 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010/10/23 14:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/10/23 14:49:49 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/10/23 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/23 14:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/10/23 14:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/10/23 14:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/10/23 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/23 14:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/10/21 19:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/21 16:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2010/10/21 16:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/10/14 09:56:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 09:56:28 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 09:55:36 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/13 15:58:35 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/10/13 15:58:30 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/10/13 15:58:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/10/13 15:58:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/10/13 15:58:27 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/10/13 15:58:25 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/10/13 15:58:21 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/10/13 15:58:17 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/10/13 15:58:15 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/10/13 15:58:05 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/10/13 15:58:05 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/10/13 15:57:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/10/13 15:57:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/10/13 15:57:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/10/13 15:57:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/10/13 15:57:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/10/13 15:57:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/10/13 15:57:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/10/13 15:57:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/10/13 15:57:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/10/13 15:57:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/10/12 21:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TSO
[2010/10/12 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\DSA Theory Test
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 18:02:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/11/07 17:15:31 | 000,442,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 17:15:31 | 000,071,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 17:10:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/07 13:45:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{67BF2D78-781E-46FA-AB99-8C4F3D98F25A}.job
[2010/11/06 23:08:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/06 17:44:31 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/06 13:10:52 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2010/11/06 13:09:53 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Security.lnk
[2010/11/05 09:19:38 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2010/11/04 11:53:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/04 11:11:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 16:58:48 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/11/03 16:15:11 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/11/03 16:15:11 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/11/03 16:15:11 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/11/03 16:05:11 | 000,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sst527.sys
[2010/11/03 10:17:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/25 19:48:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/24 08:45:23 | 000,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/23 14:49:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/21 19:38:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/12 21:49:58 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DSA Car & ADI Theory Test.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/06 13:09:53 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Security.lnk
[2010/11/05 09:19:38 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2010/11/04 11:53:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/04 11:11:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 16:58:48 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\complete.dat
[2010/11/03 16:15:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/03 16:15:10 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dmkanc.dat
[2010/10/21 19:38:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/12 21:49:58 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DSA Car & ADI Theory Test.lnk
[2010/07/12 12:47:39 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.pls
[2010/07/12 11:27:10 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 21:10:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/21 17:53:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2010/03/13 11:47:37 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2010/03/13 09:41:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/03/13 09:37:29 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/13 09:22:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/09 11:18:11 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2010/03/09 08:21:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/14 02:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010/01/14 02:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 12:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 12:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 12:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 12:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 12:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 12:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 00:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2010/03/09 08:19:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/09 08:19:51 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/09 08:19:51 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
< %systemroot%\system32\*.sys >
[2004/08/10 12:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/10 12:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/10 12:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 12:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 12:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/10 12:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 12:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 12:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 12:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 12:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 12:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 12:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 12:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 18:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 13:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 00:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 00:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 00:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 00:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 00:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 00:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 00:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 00:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 00:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 00:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 00:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 00:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 00:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 00:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 00:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
< %SYSTEMDRIVE%\*.* >
[2010/03/09 08:35:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/09 08:27:03 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/03/09 08:35:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/09 08:35:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/08 13:34:00 | 000,666,387 | ---- | M] () -- C:\Milenium Logo.jpg
[2010/03/09 08:35:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/09 09:21:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/07 17:10:45 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/09/23 18:26:18 | 000,000,000 | ---- | M] () -- C:\testwma.raw

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
< %PROGRAMFILES%\*. >
[2010/10/21 19:38:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/08/31 09:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/28 10:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/09/08 10:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/05/21 17:41:23 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/10/27 16:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/03/09 08:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/21 20:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/03/09 11:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/10/12 21:48:57 | 000,000,000 | ---D | M] -- C:\Program Files\DSA Theory Test
[2010/11/07 14:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/10/21 16:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/21 17:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/13 09:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/03/13 09:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/10/27 15:49:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/09 08:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/11/05 00:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/08 10:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/11/05 01:33:23 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/06/09 14:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/04/06 11:12:34 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2010/10/04 19:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\LGInternetKit
[2010/11/05 00:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/11/05 00:20:12 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/09 09:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/11/06 17:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/03/13 09:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/03/09 08:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/03/13 09:21:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
[2010/10/24 09:24:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/23 14:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/23 14:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/11/06 13:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/11/03 21:41:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/09 09:47:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/09 08:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/03/09 08:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/03/09 11:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/03/09 11:16:27 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/11/06 13:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/21 18:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/03/09 08:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/11/03 21:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/12 15:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\PCFriendly
[2010/09/15 14:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\PriceGong
[2010/11/06 14:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/11/06 13:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Raxco
[2010/03/09 09:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/09 08:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/10/21 16:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Surf Canyon
[2010/08/02 12:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\SweetIM
[2010/03/13 11:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\Thomson
[2010/03/09 08:40:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
[2010/11/06 13:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\Virgin Media
[2010/11/06 19:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\windows
[2010/10/23 14:51:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/10/23 14:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/03/09 10:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/03/09 10:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
[2010/03/09 09:23:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/03/09 08:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
[2010/03/09 08:34:27 | 000,000,000 | -H-D | M

descriptionWin32.Ramnit EmptyRe: Win32.Ramnit

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum