trojan.downloader

[kingtaoist]

hi, guys..

ill just go straight to the point in this one so here goes,

my computer got infected by a virus a few days ago and it seems it messed up my registry as well.

Malwarebytes was able to delete some of those viruses but it can seem to deleteTrojan.downloader..

and i need help to fix my registry as well,.. thank you

[TheDarkKnight]

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

• Please download DDS by sUBs from one of the following links. Save it to your Desktop.
  
  • DDS.com
    
  • DDS.scr
    
  • DDS.pif

  NOTE: Before scanning, make sure all other running programs are closed.

  There shouldn't be any scheduled antivirus scans running while the scan is being performed.

  Do not use your computer for anything else during the scan.

  [*]Double click on the DDS icon and allow it to run.

  [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

=====

Next, please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Finally, please update MBAM. Then run a scan and post its new log in your reply.

=====

I would like to see the contents of the following in your reply please:

• DDS.txt.
  
• AdwCleaner[R1].txt.
  
• MBAM log.

How is your computer currently running?

[kingtaoist]

MBAM logs

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.04.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Administrator :: USER-PC [administrator]

2/4/2013 12:14:05 PM

MBAM-log-2013-02-04 (13-49-42).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230776

Time elapsed: 1 hour(s), 33 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

c:\documents and settings\administrator\start menu\programs\startup\rldqpoxb.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Explorermgr.exe (Trojan.Downloader) -> No action taken.

(end)

DDS logs

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_35

Run by Administrator at 11:58:38 on 2013-02-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.85 [GMT 8:00]

.

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com

mSearch Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - d:\program files\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

uRun: [uTorrent] "D:\uTorrent.exe" /MINIMIZED

uRun: [Facebook Update] "c:\documents and settings\administrator\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [bCSSync] "d:\program files\office14\BCSSync.exe" /DelayServices

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

uPolicies-System: EnableLUA = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{497E105C-54B6-4E48-BA62-8213E60F4E8E} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\wb88a2uz.default-1354541903054\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.ph/

FF - plugin: c:\documents and settings\administrator\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: d:\progra~1\office14\NPAUTHZ.DLL

FF - plugin: d:\progra~1\office14\NPSPWRAP.DLL

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2013-02-03 02:22:50 108032 ----a-w- c:\windows\Explorermgr.exe

2013-01-30 10:00:14 221184 ----a-w- c:\windows\system32\wmpns.dll

2013-01-30 09:46:49 -------- d-----w- c:\windows\ServicePackFiles

2013-01-30 09:45:11 19569 ----a-w- c:\windows\000001_.tmp

2013-01-27 02:57:38 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2013-01-26 16:11:26 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll

2013-01-26 16:11:26 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe

2013-01-26 16:11:18 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll

2013-01-26 16:11:18 184452 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll

2013-01-26 00:52:51 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-01-26 00:52:51 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-24 12:59:00 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-01-19 01:49:45 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2013-01-19 01:49:45 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2013-01-19 01:49:44 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-01-19 01:49:38 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll

2013-01-19 01:49:37 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak\components\abhelperxpcom.dll

2013-01-18 17:23:57 299520 ----a-w- c:\windows\uninst.exe

2013-01-18 17:23:51 -------- d-----w- c:\documents and settings\administrator\WINDOWS

2013-01-18 17:13:43 15360 ----a-w- c:\windows\Launcher.exe

2013-01-18 17:13:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SimplyTech

.

==================== Find3M ====================

.

2013-01-14 06:36:38 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-14 06:36:37 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-14 08:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 12:00:04.87 ===============

[kingtaoist]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/26/2011 10:08:54 AM

System Uptime: 2/4/2013 7:20:55 AM (5 hours ago)

.

Motherboard: Lite-On Tech. | | 0888h

Processor: Intel® Celeron® CPU 2.20GHz | mPGA-478 | 2200/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 15 GiB total, 4.929 GiB free.

D: is FIXED (NTFS) - 23 GiB total, 13.578 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 Plugin

Adobe Reader 8.2.0

Adobe Shockwave Player 11.6

Code Rules - Learn Visual Basic .NET

Crash Team Racing For PC version 15.11

Driver Genius Professional Edition

EPSON T13 T22E Series Printer Uninstall

ExpressFiles

Facebook Video Calling 1.2.0.287

Festo FluidSIM

Garena Plus

Hotfix for Windows XP (KB954550-v5)

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Deskjet 1000 J110 series Product Improvement Study

HP Photo Creations

HP Update

iLook 300

Intel® Extreme Graphics Driver

Java Auto Updater

Java 6 Update 35

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Help Viewer 1.0

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Maintenance Service

OMRON ZEN Support Software

Realtek AC'97 Audio

swMSM

USB Disk Security

uTorrentControl2 Toolbar

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 1.1.11

WebFldrs XP

Windows Live Messenger

WinRAR archiver

.

==== End Of File ===========================

AdwCleaner

# AdwCleaner v2.110 - Logfile created 02/04/2013 at 12:06:14

# Updated 03/02/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - USER-PC

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wb88a2uz.default-1354541903054\searchplugins\Web Search.xml

File Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\user.js

File Infected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

File Infected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

File Infected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Disk Security.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

File Infected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

File Infected : C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : -extoff hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

File Infected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Folder Found : C:\Documents and Settings\Administrator\Application Data\Babylon

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrentControl2

Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Found : C:\Program Files\Smartdl

Folder Found : C:\Program Files\uTorrentControl2

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\ConduitSearchScopes

Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\uTorrentControl2

Key Found : HKCU\Toolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6C2170C-FC80-41A2-95E2-A114705A2DDE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D70612E-E79B-4D38-8594-B405188F202D}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E793C58-62DF-4F12-AB25-C9968C1DF0D9}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Found : HKLM\Software\Tarma Installer

Key Found : HKLM\Software\uTorrentControl2

Key Found : HKU\S-1-5-21-789336058-1078145449-1177238915-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196

[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196

[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196

[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q=

[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q=

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q=

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q=

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wb88a2uz.default-1354541903054\prefs.js

Found : user_pref("browser.search.defaultengine", "Web Search");

Found : user_pref("browser.search.order.1", "Web Search");

Found : user_pref("searchreset.backup.browser.search.defaultenginename", "Web Search");

Found : user_pref("searchreset.backup.keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=3196&b[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.1] : urls_to_restore_on_startup ={"countryid_at_install":21843, "dns_prefetching":{"host_referral_list":[2, ["hxxp://ad.yieldmanager.com/", ["hxxp://ad.adperium.com/", 2.2733802, "hxxp://ad.adtegrity.net/", 0.431367891226272, "hxxp://ad.yieldmanager.com/", 1.13574591061817, "hxxp://adtgs.com/", 0.0659144747494212, "hxxp://content.yieldmanager.edgesuite.net/", 0.203914876888757, "hxxp://ox-d.innovatenetworks.com/", 2.6037004, "hxxp://router.tlvmedia.com/", 0.125301047184554, "hxxp://trpxl.com/", 0.0659144747494212]], ["hxxp://adserving.cpxinteractive.com/", ["hxxp://ad.yieldmanager.com/", 0.380583373828713, "hxxp://cm.ac3.msn.com/", 2.2733802, "hxxp://cm.g.doubleclick.net/", 0.187903853418164, "hxxp://content.yieldmanager.edgesuite.net/", 0.250581239322836, "hxxp://ib.adnxs.com/", 0.272584220885916, "hxxp://image2.pubmatic.com/", 0.431367891226272, "hxxp://m.adnxs.com/", 2.2733802, "hxxp://view.atdmt.com/", 0.28470280820934]], ["hxxp://bar.utorrent.com/", ["hxxp://api.conduit.com/", 0.239172937277328, "hxxp://bar.utorrent.com/", 1.19190396317962, "hxxp://www.google-analytics.com/", 0.949478308061739]], ["hxxp://content.yieldmanager.edgesuite.net/", ["hxxp://ak.imgfarm.com/", 4.5856216]], ["hxxp://facebook.com/", ["hxxp://www.facebook.com/", 1.43477982714941]], ["hxxp://facebook.conduitapps.com/", ["hxxp://api.conduit.com/", 0.486617307673139, "hxxp://connect.facebook.net/", 0.195314579097927, "hxxp://facebook.conduitapps.com/", 0.0819944339132376]], ["hxxp://get.adobe.com/", ["hxxp://www.adobe.com/", 2.08468633927053, "hxxp://wwwimages.adobe.com/", 11.1717806386549]], ["hxxp://google.com/", ["hxxp://www.google.com.ph/", 2.2733802, "hxxp://www.google.com/", 2.2733802]], ["hxxp://googleads.g.doubleclick.net/", ["hxxp://pagead2.googlesyndication.com/", 2.6037004]], ["hxxp://kb.mozillazine.org/", ["hxxp://apis.google.com/", 2.2733802, "hxxp://forums.mozillazine.org/", 2.6037004, "hxxp://kb.mozillazine.org/", 3.594661, "hxxp://pagead2.googlesyndication.com/", 2.2733802, "hxxp://www.google-analytics.com/", 2.2733802]], ["hxxp://ox-d.innovatenetworks.com/", ["hxxp://a.admaxserver.com/", 2.2733802, "hxxp://admax.effectivemeasure.net/", 2.2733802, "hxxp://ads.adxpose.com/", 2.2733802, "hxxp://b.scorecardresearch.com/", 2.6037004, "hxxp://cdn.admaxserver.com/", 2.2733802, "hxxp://ox-d.innovatenetworks.com/", 2.2733802, "hxxp://servedby.adxpose.com/", 2.2733802]], ["hxxp://search.conduit.com/", ["hxxp://resources.search.conduit.com/", 1.8417362401695, "hxxp://storage.conduit.com/", 1.49412053804581]], ["hxxp://support.mozilla.org/", ["hxxp://statse.webtrendslive.com/", 2.2733802, "hxxp://support.mozilla.org/", 9.8707448, "hxxp://www.mozilla.org/", 2.9340206]], ["hxxp://view.atdmt.com/", ["hxxp://ec.atdmt.com/", 2.2733802, "hxxp://ib.adnxs.com/", 2.2733802]], ["hxxp://waresbb.com/", ["hxxp://cdn.dsultra.com/", 3.2643408, "hxxp://dsparking.com/", 2.2733802, "hxxp://waresbb.com/", 2.2733802]], ["hxxp://www.facebook.com/", ["hxxp://static.ak.fbcdn.net/", 5.84193100642264, "hxxps://s-static.ak.fbcdn.net/", 3.171405017424]], ["hxxp://www.google.com.ph/", ["hxxp://id.google.com.ph/", 0.99028441512, "hxxp://ssl.gstatic.com/", 0.99028441512, "hxxp://www.google.com.ph/", 1.85360928984]], ["hxxp://www.piriform.com/", ["hxxp://ajax.googleapis.com/", 2.2733802, "hxxp://static.piriform.com/", 3.9249812, "hxxp://www.google-analytics.com/", 2.6037004, "hxxp://www.piriform.com/", 2.9340206]], ["hxxp://www.socialgrowthtechnologies.com/", ["hxxp://ajax.googleapis.com/", 0.194886387539168, "hxxps://searchjs.s3.amazonaws.com/", 0.227414745643746]], ["hxxp://www.warez-bb.org/", ["hxxp://ad.yieldmanager.com/", 2.2733802, "hxxp://adserving.cpxinteractive.com/", 2.2733802, "hxxp://ajax.googleapis.com/", 0.28470280820934, "hxxp://img9.warez-bb.org/", 0.367436957603507, "hxxp://www.google-analytics.com/", 2.2733802]], ["hxxp://youtube.conduitapps.com/", ["hxxp://config.conduitapps.com/", 0.0988930530072439, "hxxp://youtube.conduitapps.com/", 0.148966875188808]], ["hxxps://plusone.google.com/", ["hxxps://apis.google.com/", 2.2733802, "hxxps://plusone.google.com/", 2.6037004]], ["hxxps://rapidshare.com/", ["hxxps://images3.rapidshare.com/", 3.6534579956]], ["hxxps://www.facebook.com/", ["hxxps://fbcdn-photos-a.akamaihd.net/", 5.57535116333151, "hxxps://fbcdn-profile-a.akamaihd.net/", 6.82246918670829, "hxxps://fbcdn-sphotos-a.akamaihd.net/", 3.39289462242213, "hxxps://fbexternal-a.akamaihd.net/", 3.08111511657794, "hxxps://s-static.ak.facebook.com/", 2.45755610488955, "hxxps://s-static.ak.fbcdn.net/", 10.8756027626828, "hxxps://www.facebook.com/", 2.45755610488955]]], "startup_list":[1, "hxxp://alert.services.conduit.comalerts/", "hxxp://bar.utorrent.com/", "hxxp://contextmenu.toolbar.conduit-services.com/", "hxxp://d.servedtoyou.com/", "hxxp://facebook.conduitapps.com/", "hxxp://resources.search.conduit.com/", "hxxp://search.conduit.com/", "hxxp://storage.conduit.com/", "hxxp://www.socialgrowthtechnologies.com/", "hxxp://youtube.conduitapps.com/"]}, "homepage":"hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196", "translate_accepted_count":{"fil":0}, "google":{"services":{"username":""}}, "search":{"suggest_enabled":true}, "tabs":{"use_compact_navigation_bar":false, "use_vertical_tabs":false}, "homepage_is_newtabpage":"true", "browser":{"clear_data":{"time_period":0, "passwords":true, "form_data":true}, "check_default_browser":false, "window_placement":{"work_area_bottom":738, "right":999, "work_area_left":0, "work_area_top":0, "left":188, "top":20, "maximized":true, "work_area_right":1024, "bottom":717}, "show_home_button":false}, "profile":{"exited_cleanly":true, "password_manager_enabled":false, "content_settings":{"pref_version":1}}, "translate_language_blacklist":["fil"], "cloud_print":{"email":""}, "plugins":{"last_internal_directory":"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\14.0.835.186", "enabled_internal_pdf3":true, "plugins_list":[{"enabled":true, "version":"10,3,183,10", "path":"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\14.0.835.186\\gcswf32.dll", "name":"Shockwave Flash"}, {"enabled":true, "version":"10,3,181,34", "path":"C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32.dll", "name":"Shockwave Flash"}, {"enabled":false, "version":"8.2.0.81", "path":"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll", "name":"Adobe Acrobat"}, {"enabled":true, "version":"3.0.2.629", "path":"C:\\Program Files\\Windows Media Player\\npdsplay.dll", "name":"Windows Media Player Plug-in Dynamic Link Library"}, {"enabled":true, "version":"14.0.4730.1010", "path":"C:\\PROGRA~1\\MICROS~1\\Office14\\NPAUTHZ.DLL", "name":"Microsoft Office 2010"}, {"enabled":true, "version":"14.0.4730.1010", "path":"C:\\PROGRA~1\\MICROS~1\\Office14\\NPSPWRAP.DLL", "name":"Microsoft Office 2010"}, {"enabled":true, "version":"", "path":"internal-remoting-viewer", "name":"Remoting Viewer"}, {"enabled":true, "version":"", "path":"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\14.0.835.186\\ppGoogleNaClPluginChrome.dll", "name":"Native Client"}, {"enabled":true, "version":"", "path":"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\14.0.835.186\\pdf.dll", "name":"Chrome PDF Viewer"}, {"enabled":true, "version":"9.00.00.4503", "path":"C:\\Program Files\\Windows Media Player\\npdrmv2.dll", "name":"Microsoft\u00ae DRM"}, {"enabled":true, "version":"9.00.00.4503", "path":"C:\\Program Files\\Windows Media Player\\npwmsdrm.dll", "name":"Microsoft\u00ae DRM"}, {"enabled":true, "version":"1.3.21.69", "path":"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.3.21.69\\npGoogleUpdate3.dll", "name":"Google Update"}, {"enabled":true, "version":"1, 0, 0, 1", "path":"C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll", "name":"Google Earth Plugin"}, {"enabled":true, "version":"3.5.30729.1 built by: SP", "path":"C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll", "name":"Windows Presentation Foundation"}, {"enabled":true, "version":"1", "path":"default_plugin", "name":"Default Plug-in"}, {"enabled":true, "name":"Flash"}, {"enabled":false, "name":"Adobe Acrobat"}, {"enabled":true, "name":"Windows Media Player"}, {"enabled":true, "name":"Microsoft Office"}, {"enabled":true, "name":"Remoting Viewer"}, {"enabled":true, "name":"Native Client"}, {"enabled":true, "name":"Chrome PDF Viewer"}, {"enabled":true, "name":"Microsoft\u00ae DRM"}, {"enabled":true, "name":"Google Update"}, {"enabled":true, "name":"Google Earth Plugin"}, {"enabled":true, "name":"Windows Presentation Foundation"}, {"enabled":true, "name":"Default Plug-in"}], "enabled_nacl":true}, "translate_denied_count":{"fil":4}, "ntp":{"promo_group":28, "promo_closed":false, "promo_resource_cache_update":"1338031135.24375", "promo_build":0, "promo_group_max":0, "webstore_last_promo_id":"1335115", "shown_sections":64, "promo_end":1338911940, "promo_start":1338220800, "pref_version":3, "promo_group_timeslice":0, "promo_line":"We\u2019ve remodeled! <a href=\"hxxps://support.google.com/chromeos/?p=ntp19\">Learn more about the latest features</a> on your Chromebook."}, "extensions":{"settings":{"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true}, "dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true}, "plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true}, "nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true}, "hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true}, "hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true}, "boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true}, "kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true}, "mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true}, "efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true}, "aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true}, "iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true}, "cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true}, "mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true}, "dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true}, "lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true}, "kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true}, "lgalokbapphhklmilicdefmgbjkcmldf":{"blacklist":true}, "hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true}, "apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true}, "dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true}, "ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true}, "caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true}, "onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true}, "aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true}, "nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true}, "dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true}, "ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true}, "ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true}, "ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true}, "oanjogmonneelfpnfmdlalfddkeckdej":{"blacklist":true}, "lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true}, "hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true}, "pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true}, "pkbkkendemaimikinaefldfljliecapm":{"blacklist":true}, "ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true}, "pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true}, "aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true}, "afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true}, "negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true}, "coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true}, "nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true}, "kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true}, "efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true}, "edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true}, "pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true}, "hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true}, "cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true}, "dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true}, "hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true}, "clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true}, "gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true}, "imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true}, "gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true}, "fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true}, "cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true}, "gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true}, "ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true}, "mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true}, "nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true}, "ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true}, "jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true}, "likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true}, "fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true}, "cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true}, "mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true}, "ldgfapfmnplpaohbbadnecegcpfkfall":{"blacklist":true}, "bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true}, "abciiempgohamehppammbkhkicmkgkob":{"blacklist":true}, "gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true}, "fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true}, "pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true}, "ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}, "mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true}, "pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true}, "hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true}, "pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true}, "nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true}, "lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true}, "jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true}, "diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true}, "omceiakkomngangmllpgbjcoeloglald":{"blacklist":true}, "agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true}, "bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true}, "noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true}, "jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true}, "fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true}, "dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true}, "ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true}, "hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true}, "dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true}, "fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true}, "ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true}, "nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true}, "ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true}, "aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true}, "mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true}, "cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true}, "fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true}, "jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true}, "kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true}, "fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true}, "lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true}, "imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true}, "eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true}, "fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true}, "kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true}, "pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true}, "oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true}, "kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true}, "APP_DELETED":{}, "nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true}, "boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true}, "fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true}, "flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true}, "kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true}, "hhfffemhgkginfafaoapljdllodppana":{"blacklist":true}, "jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true}, "dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true}, "cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true}, "ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true}, "cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true}, "jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true}, "hnnebfeppcbhhbhiifeaajgcjnkljlld":{"blacklist":true}, "nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true}, "hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true}, "hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true}, "alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true}, "pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true}, "gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true}, "ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true}, "bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true}, "jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true}, "doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true}, "lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true}, "mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true}, "gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true}, "mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true}, "pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true}, "ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true}, "ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true}, "phkpgooenaonkpnabopdbjjfmphclela":{"blacklist":true}, "mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true}, "hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true}, "mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true}, "jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true}, "lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true}, "iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true}, "hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true}, "egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true}, "mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true}, "pacgpkgadgmibnhpdidcnfafllnmeomc":{"path":"pacgpkgadgmibnhpdidcnfafllnmeomc\\2.3.7.1_0", "location":3, "state":1, "app_launcher_index":1, "manifest":{"icons":{"128":"634520779497696087.png", "16":"634520779497696087.png", "48":"634520779497696087.png"}, "description":"Delivers all our best apps to your browser.", "permissions":["tabs", "hxxp://*/*", "hxxps://*/*", "notifications", "management", "unlimitedStorage", "bookmarks", "contextMenus", "cookies", "geolocation", "history", "idle"], "content_scripts":[{"matches":["hxxp://*/*", "hxxps://*/*"], "all_frames":false, "js":["js/everypage_early.js"], "run_at":"document_start"}, {"matches":["hxxp://*/*", "hxxps://*/*"], "all_frames":true, "js":["js/clicksHandler.js"], "run_at":"document_start"}, {"matches":["hxxp://*/*", "hxxps://*/*"], "all_frames":false, "js":["js/compatibility.start.js"], "run_at":"document_start"}, {"matches":["hxxp://*/*", "hxxps://*/*"], "all_frames":false, "js":["js/compatibility.end.js"], "run_at":"document_end"}, {"css":["css/ctbmain.css"], "all_frames":true, "js":["js/contentScript.js", "js/API/component/view/BrowserCompApi.js"], "run_at":"document_end", "matches":["hxxp://*/*", "hxxps://*/*"]}], "options_page":"options.html", "version":"2.3.7.1", "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzHp+bci0+9DMludJfiRs2Fk6GCO3pHi9m/qcTqhXCFQJriRFZ51TlY9IX6puGA9PYGESgd0uvLUvtk+2Q7heOBK37V6WAaLjgns010kKVfm36A9MTPbrGzDLiVvhEZafRWiDGoxGroV4dDeiGuYiwAUcOigOqwc2HzebKb8MjSQIDAQAB", "background_page":"Controller.html", "browser_action":{"default_title":"uTorrentControl2 Community Toolbar", "default_icon":"634583052885979538.png", "popup":"js/popup/view/popup.html"}, "name":"uTorrentControl2", "update_url":"hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT3072253&extensionData=<extension_data>"}, "ack_external":true, "from_webstore":false, "install_time":"12981083384339625"}, "ijnnpcngbcefobeehkkkmodamokjijpj":{"ack_external":true}, "lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true}, "kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true}, "jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true}, "fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true}, "jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true}, "danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true}, "mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true}, "gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true}, "janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true}, "hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true}, "mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true}, "pfoiaildicnbcjojocjlpcibenphhbln":{"blacklist":true}, "kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true}, "dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true}, "hncomkjbbkchfjelocejkbbflmjhlhfp":{"blacklist":true}, "mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true}, "nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true}, "ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true}, "odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true}, "pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true}, "nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true}, "gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true}, "bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true}, "oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true}}, "autoupdate":{"last_check":"12982510672269750", "next_check":"12982528104438750"}, "blacklistupdate":{"lastpingday":"12982489022672750", "version":"0.0.0.108"}, "toolbar":["pacgpkgadgmibnhpdidcnfafllnmeomc"], "chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}, "toolbarsize":-1}, "download":{"directory_upgrade":true, "extensions_to_open":""}, "autofill":{"negative_upload_rate":1, "positive_upload_rate":1}, "bookmark_bar":{"show_on_all_tabs":false}, "session":{"restore_on_startup":4, ["hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196"]}}

*************************

AdwCleaner[R1].txt - [30555 octets] - [04/02/2013 12:06:14]

########## EOF - C:\AdwCleaner[R1].txt - [30616 octets] ##########

[TheDarkKnight]

Good afternoon kingtaoist,

Please do the following to re-run AdwCleaner:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
  When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

=====

Next, please re-run MBAM and delete anything it finds. Please post its log in your reply.

=====

Finally, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

I would like to see the contents of the following please:

• AdwCleaner[s1].txt.
  
• MBAM log.
  
• ComboFix.txt.

How is the computer running?

[kingtaoist]

Awdcleaner

# AdwCleaner v2.110 - Logfile created 02/04/2013 at 14:55:24

# Updated 03/02/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - USER-PC

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wb88a2uz.default-1354541903054\searchplugins\Web Search.xml

File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

File Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

File Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

File Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Disk Security.lnk

File Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk

File Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

File Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrentControl2

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Program Files\Smartdl

Folder Deleted : C:\Program Files\uTorrentControl2

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\uTorrentControl2

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6C2170C-FC80-41A2-95E2-A114705A2DDE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D70612E-E79B-4D38-8594-B405188F202D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E793C58-62DF-4F12-AB25-C9968C1DF0D9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\uTorrentControl2

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q= --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3196 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wb88a2uz.default-1354541903054\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wb88a2uz.default-1354541903054\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Web Search");

Deleted : user_pref("browser.search.order.1", "Web Search");

Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Web Search");

Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=3196&b[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"countryid_at_install":21843, "dns_prefetching":{"host_referral_list":[2, ["hxxp://ad.yieldmanager.[...]

*************************

AdwCleaner[R1].txt - [30686 octets] - [04/02/2013 12:06:14]

AdwCleaner[R2].txt - [30747 octets] - [04/02/2013 14:49:53]

AdwCleaner[R3].txt - [30867 octets] - [04/02/2013 14:54:49]

AdwCleaner[s1].txt - [363 octets] - [04/02/2013 14:51:08]

AdwCleaner[s2].txt - [9430 octets] - [04/02/2013 14:55:24]

########## EOF - C:\AdwCleaner[s2].txt - [9490 octets] ##########

And as for mbam,

i have been deleting all malware,virus, trojan detected by mbam everyday in the last 7 days but to no avail..

the trojan.downloader keeps on popping up everytime i run mbam..

ill be posting combofix next.. tnx for the reply

[kingtaoist]

ComboFix 13-02-03.03 - Administrator 02/05/2013 1:11.18.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.10 [GMT 8:00]

Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\windows\spupdsvc.log

.

.

((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 )))))))))))))))))))))))))))))))

.

.

2013-02-03 02:22 . 2013-02-04 11:07 108032 ----a-w- c:\windows\Explorermgr.exe

2013-01-30 10:00 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2013-01-30 09:46 . 2013-01-30 09:46 -------- d-----w- c:\windows\ServicePackFiles

2013-01-30 09:45 . 2006-12-28 16:31 19569 ----a-w- c:\windows\000001_.tmp

2013-01-26 16:11 . 2003-09-02 18:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

2013-01-26 16:11 . 2003-09-02 18:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

2013-01-26 16:11 . 2013-01-26 16:11 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

2013-01-26 16:11 . 2013-01-26 16:11 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

2013-01-26 00:52 . 2013-01-26 00:52 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-24 12:59 . 2013-01-27 04:21 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-01-18 17:23 . 1998-02-06 13:37 299520 ----a-w- c:\windows\uninst.exe

2013-01-18 17:13 . 2013-01-02 23:18 15360 ----a-w- c:\windows\Launcher.exe

2013-01-18 17:13 . 2013-01-18 17:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SimplyTech

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-14 06:36 . 2012-05-19 13:17 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-14 06:36 . 2011-07-26 03:58 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-14 08:49 . 2012-12-17 05:38 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-27 02:57 . 2013-01-24 12:58 262552 ------w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\drivers\ntfs.sys

[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

.

[-] 2009-09-21 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

.

[-] 2009-09-21 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

.

[-] 2009-09-21 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

.

[-] 2009-09-21 11:04 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[7] 2008-04-13 21:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

.

[-] 2009-09-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

.

[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\system32\mshtml.dll

[7] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

.

[-] 2009-09-21 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\msvcrt.dll

[-] 2009-09-21 . A4C4A54FD7E31179CB5BDF7896DF3DF7 . 343040 . . [7.0.2600.5701] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll

[7] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[7] 2008-04-13 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[7] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

.

[-] 2009-09-21 . 290C1A30DEFC723BBE10910AC2D6F6D0 . 245248 . . [5.1.2600.5649] . . c:\windows\system32\mswsock.dll

[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

.

[-] 2009-09-21 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

[7] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

.

[-] 2009-09-21 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll

[7] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

.

[-] 2009-09-21 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\system32\wininet.dll

[7] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll

.

[-] 2009-09-21 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[7] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

.

[-] 2009-09-21 . 0A80305BFB7346ACB49FD5611B675EC5 . 1288192 . . [5.1.2600.5685] . . c:\windows\system32\ole32.dll

[7] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

.

[-] 2009-09-21 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

.

[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\system32\ntdll.dll

[7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll

.

[-] 2009-09-21 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\MSCTFIME.IME

[7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime

.

[-] 2009-09-21 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll

[7] 2008-04-13 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

.

[-] 2009-09-21 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll

[7] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

.

[-] 2009-09-21 11:02 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

[-] 2009-09-21 . DC41C801919ABE219B98742914FB1B55 . 2066176 . . [5.1.2600.5845] . . c:\windows\system32\ntkrnlpa.exe

[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

.

[-] 2009-09-21 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll

[7] 2008-04-13 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

.

[-] 2009-09-21 . 1E96745DC76C6035AD9FCFE8BCD551DD . 2189184 . . [5.1.2600.5845] . . c:\windows\system32\ntoskrnl.exe

[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

.

[-] 2009-09-21 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll

[7] 2008-04-13 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="D:\uTorrent.exe" [2012-12-22 969104]

"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-12-04 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"BCSSync"="d:\program files\Office14\BCSSync.exe" [2010-01-21 91520]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 00:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-07-26 03:49 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-11-27 16:18 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Security]

2011-01-29 22:52 623520 ----a-w- c:\program files\USB Disk Security\USBGuard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\uTorrent.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Program Files\\ExpressFiles\\expressdl.exe"=

"c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

S0 bblipovj;bblipovj;c:\windows\system32\drivers\qythvutd.sys --> c:\windows\system32\drivers\qythvutd.sys [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/17/2012 1:38 PM 21104]

S3 tcpip helper;tcpip helper;\??\c:\program files\Garena Plus\x86\tcpiphlp.sys --> c:\program files\Garena Plus\x86\tcpiphlp.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 06:36]

.

2013-02-04 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 08:07]

.

2013-02-02 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 08:07]

.

2013-02-03 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 08:07]

.

2013-02-04 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 08:07]

.

2013-02-04 c:\windows\Tasks\Express FilesUpdate.job

- c:\program files\ExpressFiles\EFUpdater.exe [2012-12-25 15:45]

.

2013-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-1078145449-1177238915-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-04 10:28]

.

2013-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-1078145449-1177238915-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-04 10:28]

.

2013-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1078145449-1177238915-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-26 03:49]

.

2013-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1078145449-1177238915-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-26 03:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wb88a2uz.default-1354541903054\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.ph/

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-BMISR - c:\program files\KYE\WebMate\BM.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-05 01:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\rldqpoxb.exe 108032 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2013-02-05 01:30:14

ComboFix-quarantined-files.txt 2013-02-04 17:30

.

Pre-Run: 5,737,476,096 bytes free

Post-Run: 5,780,393,984 bytes free

.

- - End Of File - - 43C3F52C8E876A6D89E5A16391CFB32D

[kingtaoist]

Mbam logs

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.04.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Administrator :: USER-PC [administrator]

2/5/2013 1:37:52 AM

mbam-log-2013-02-05 (01-37-52).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220851

Time elapsed: 41 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

c:\documents and settings\administrator\start menu\programs\startup\rldqpoxb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Explorermgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

[kingtaoist]

it says quarantined and deleted successfully but after the reboot,.. those 2 viruses gets detected ones again....

[TheDarkKnight]

Good morning kingtaoist,

Please download to the Desktop RogueKiller (by tigzy).

• Please quit all programs.
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished.
  
• Click on Scan.
  
• Click on Report and copy/paste the contents of the report in your next reply.

[kingtaoist]

RogueKiller V8.4.4 [Feb 4 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 02/05/2013 10:36:27

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKCU\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST340014A +++++

--- User ---

[MBR] 4e010a5c25fec83c6b52f3b5d97cbc9d

[bSP] 58d04b33518e91d7fc98fb2e28e826ab : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15013 Mo

1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 30748410 | Size: 23148 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02052013_02d1036.txt >>

RKreport[1]_S_02052013_02d1036.txt

[TheDarkKnight]

Hey kingtaoist,

• Please re-run RogueKiller.
  
• Click on the Delete button.
  
• The report has been created on the Desktop. Please post it in your reply.

=====

Also, please run a fresh scan with MBAM and provide its log in your reply, along with the new log from RogueKiller.

[kingtaoist]

RogueKiller V8.4.4 [Feb 4 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Remove -- Date : 02/05/2013 13:05:02

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ] HKCU\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST340014A +++++

--- User ---

[MBR] 4e010a5c25fec83c6b52f3b5d97cbc9d

[bSP] 58d04b33518e91d7fc98fb2e28e826ab : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15013 Mo

1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 30748410 | Size: 23148 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_02052013_02d1305.txt >>

RKreport[1]_S_02052013_02d1036.txt ; RKreport[2]_S_02052013_02d1304.txt ; RKreport[3]_D_02052013_02d1305.txt

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.04.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Administrator :: USER-PC [administrator]

2/5/2013 1:15:54 PM

mbam-log-2013-02-05 (13-15-54).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221464

Time elapsed: 44 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

it seems that the virus was deleted somehow.. i dont know what program actually deleted it though

tnx for the help

[TheDarkKnight]

Howdy kingtaoist,

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start.
  
• When asked, allow the ActiveX control to install.
  
• Click Start.
  
• Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  
• Click Scan.
  Wait for the scan to finish.
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

[kingtaoist]

hello,

uhmm.. is there something else that needs fixing?? or is this about my registry?

[TheDarkKnight]

Hello kingtaoist,

What issues are you experiencing on your computer?

The ESET scan is a final scan.

[kingtaoist]

C:\Documents and Settings\Administrator\My Documents\Downloads\etypesetup.exe a variant of Win32/Somoto.A application

C:\Program Files\Adobe\Adobe Help Viewer\1.0\help.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\en_US\install.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\en_US\install2.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\index.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Engineering.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Export.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Forms.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Forms1.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Hanko05.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\HowTo.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-conref.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-content.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-duplicate.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-image.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-indexes.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-summary.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-xref.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Review.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Review01.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Review02.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Review05.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\search.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Sign.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\srch_db.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\version.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS0152AC38-6989-4789-A91A-DE804B4EE217.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS01D0DD7E-72C5-4bd7-98A5-61B6703E2874.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS0DB156A0-D8E0-40d1-A8FE-155D401E100A.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS116358B6-C899-4ef8-8718-5E8FEED1E80B.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS15C7F996-1DF1-4af3-8BB4-7AA64669E5A2.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS16696D10-CF60-4979-BC54-0F60285159A9.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS175FFA03-6BF0-4fa7-8D66-C91A809536CE.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS1ABEB45F-BA46-4913-A7E1-ACA6A974FE76.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS1D6D5242-53DD-40e0-B58E-95E027DCD94D.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS1E82B083-927E-47b3-AAD6-88CB47B5E992.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS21180009-84AE-4b72-9610-C38FE8B6C423.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS23BCDC6F-BC2E-489b-8D36-D875B917293B.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS23E49454-94C8-45b7-9F79-BC8CBC1621E1.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS25BA4195-6D5F-4aca-A8DF-EF72AAAAB5B1.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS26240DA8-2896-4976-8BBD-5A5CDF2DBB65.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS28F751CE-AA39-440f-8615-58F751037765.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS2AE3999E-C712-4e15-BC7C-1615EE1B5B56.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS3153B307-CB17-4269-9B46-DF43E8AC4582.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS32EEDD33-2F54-4848-9BBE-3E01F5BB2375.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS40A2300E-1DBC-4e12-9837-AD8454775679.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4A6B605A-8F5B-4bfb-BD8E-90611BC05E4E.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4B49EA85-530D-4820-8F46-FE0120FC591A.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4C63D590-2C39-4ad9-9B3B-87558B53E8AD.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4CE8758A-E53C-438a-A3EC-247A2076C1C3.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4D7B71F8-4459-493e-A2BF-0CE66B055B46.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4FDA872B-2373-47cc-9FC4-71EC25DFE3A8.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS500B1437-8713-43ea-87D2-C029BC4D95DB.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS569061E4-7434-4bb8-92A9-840CF861F474.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS57FC3C30-C0F1-41fb-B998-7CB8D9C9E488.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS5B5C7EE5-16D9-470a-AAC6-6F569C78D6AB.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS5DC362ED-F30C-4303-983D-9426DA6CA939.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS675A7196-68DC-405f-AA3B-1FE9D2F2E288.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS677DDFC2-618B-4128-A6A7-7BBF8B4B5FA8.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS68FC469B-1113-4ab1-BACF-C7ED43B09AC8.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS6BDF3AF5-5E90-4423-88C8-16675AF0C595.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS6F1D9AEB-BE3B-4b60-8D3F-1BB419EF1C1B.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7098BCBC-0FA6-4a18-AFAB-6C59366399D0.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS70F00F0C-C476-46c6-BDC9-4775B21A895A.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7101B368-E344-4a9a-9917-ACB09777A127.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS71AAA620-5DAD-4f24-A093-D184201A2CA7.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS728F554C-96AE-467c-94C3-61592E343AEC.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7705371C-01C6-41df-8F29-EC17BE90A303.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS77BB9683-9BDA-4c93-8C4D-C10BEFD22D34.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7804F58D-9B6D-4f83-8783-707173F19A57.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7CF25848-721F-48e3-BF3F-7F6135505706.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS82B540C2-7F9D-4d87-9071-DA13712079F7.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS860530CA-10EF-4fcb-8517-B47769F67A93.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS86957517-D231-4f67-AA63-BB7113BA6B4C.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS913EF9D4-6D87-4858-AB2E-9AB7CD3B33AB.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS91C8140A-B901-4d25-B8EB-969199C241DE.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS953DEDAB-D5AC-491a-AC5A-9EA68DE93712.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS974BA363-E830-43a0-8A0D-54C90F13FE43.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS97FC333F-2B50-4664-A4C7-418BBD7EA061.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS98108EA9-0350-47c4-8666-C077928F7CDC.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS9A8AD2CD-C75D-4a96-A8C8-64125FC6B103.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS9CA99867-575D-4438-A010-FEC8F2CEBEE7.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA02AF508-E105-4e80-8928-11BCA70D3402.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA4AFE6C3-84A0-495d-A24C-2273B637C29C.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA64A1338-B969-4dba-80E8-BD37DFDE9180.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA839D6AB-2E30-4c71-A779-CE4F8D964115.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSAF65B6C7-D000-4606-ACA4-7F32C9860E91.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB11FAB59-A592-47a8-AD73-B38909D6E12F.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB7B5F563-E2FA-4c9f-A9FD-590A22F508E7.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB9422892-F790-4cb8-B4CD-8E4AD220A696.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB95C4980-9B72-4e66-9ADA-CEC44E977786.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSC887FFE1-8857-4be1-BB81-BC32DE2AD7FC.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSCB6E92A7-E5C4-4285-853D-477A070EED2D.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSCCDA0B9F-2F54-4810-BAAF-04A59E60998B.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSCDCB0C74-267A-4db2-856D-EDD048947C59.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD1D23E0E-281D-4aa8-8B10-64DB1EE65C71.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD2ACE85B-5959-4f89-9D2B-218F9376E9D5.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD5671438-ADC2-4616-BA90-0FF6FD03CED8.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD5BEB284-9F6D-4635-881A-31A092178E63.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD73A2CCE-18C6-4885-A567-3FF67DB23AF8.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD8B6C446-DD94-4ade-928D-5A585D90870A.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD8F4B47F-18D4-4fdf-AE0E-3C7B16CAB344.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD96469EA-5613-41d4-A7CB-D05418271C69.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSDBCA1B83-917F-4800-BA1E-AE4D73C7436E.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSDE9DD7BF-83AA-40c7-ABDC-FFBDC84550C9.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSE2D6BFF2-376A-45ac-BB53-056DA78E65B0.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSE632035A-F854-473d-8AE0-9BD326226862.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSE9BBFA12-14C6-439d-B9E8-48630AB72870.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEAA79063-1DAD-4317-AB33-5A68D623207D.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEC4F451C-E254-43f9-ACFE-F242A591D0D7.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEDA6E022-E71D-4185-8BE4-437766DA1F87.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEE1DFE49-1C7E-4648-AFD8-7A5CFA20391D.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSF19D4446-A439-4adc-B9ED-E11325487E28.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSF30BC11C-BCEF-4e2b-8934-059526ED0229.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSF3FF17C0-8293-4cf7-B1B6-C362AC31072E.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\Legal\en_US\license.html Win32/Ramnit.A virus

C:\Program Files\Adobe\Reader 8.0\Reader\ReadMe.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll Win32/Ramnit.H virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\ACROBATPROFESSIONAL_8.0_HOMEPAGE.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\Forms1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\help.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_10.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_11.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_12.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_13.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_14.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_15.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_16.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_17.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_18.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_19.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_2.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_20.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_21.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_22.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_23.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_3.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_4.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_6.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\index_9.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\Review01.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\Review02.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\Review05.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\search.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\splash.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\srch_db.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\srch_fset.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\srch_top.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\toc.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\version.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS010EF850-518D-4146-A176-968E19FD2AE4.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS014A8436-26DC-4673-BA61-A4B7ACEA45C4.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS02D75AD2-669B-4b79-9838-3C2493733423.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS0319861F-6B23-44fb-BF12-DBD14CFD9BB7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS0340383F-97E1-4dc3-A18A-AA8BD50A1668.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS04092BF2-9245-42cd-B647-BBA1881508A1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS07491C31-1E52-4406-8191-D51251588B61.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS0B6F6E67-A67A-4ec4-947C-97D8F5C2CF97.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS0CD9B08A-80FF-49a0-9202-B453BA6564C8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS0D23E924-B63F-4bfe-9C54-A8B770F713BF.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS11003862-3658-427d-8D7C-838B0A305F16.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS116358B6-C899-4ef8-8718-5E8FEED1E80B.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS11697F60-6BCC-4981-9C22-7A4611EC0268.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS1666A4B0-1078-4ff8-80CC-CD83DABC3EB8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS188BEE75-F112-4406-83FF-DA5672BE7884.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS1A103696-4D61-4dca-BA3D-BBA4D1823D82.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS1B8F3234-7282-44e8-9C76-14EAEFAFF2E7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS1E2D402A-EFFF-4160-B642-122813BB6C25.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS1FD480B9-A35B-4f0e-A07E-185B73F3CFB8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS203D8EF4-CD9A-49c2-B350-193A2748D633.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS2101F5BE-8188-4562-9DEC-C244234E8E65.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS23E49454-94C8-45b7-9F79-BC8CBC1621E1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS2633E2D9-A032-43db-B423-40D054095182.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS2AD45836-ADCE-47d7-8D88-204D3D21C73C.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS2AE3999E-C712-4e15-BC7C-1615EE1B5B56.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS2E045AE6-C517-476e-A0AF-8B190F17F79E.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS2E69D8CB-D9E7-4a08-8BE7-D76F7DA08B68.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS2F496A9A-7382-4a85-9BD1-466E9C667597.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS3153B307-CB17-4269-9B46-DF43E8AC4582.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS33931B1E-D0A0-4356-B2A6-4222EB75AC88.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS34EF9148-2E7F-4ec3-A36C-381C2B35CC8C.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS363EFBC7-3751-462a-8A5A-BE0BACFBF7F7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS3928C77B-4AAD-4826-9B05-EE8C0B81CEBB.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS3C7E6F1A-7193-4405-A4E3-CF958CF3B9B5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS3D39995A-29A9-429f-A235-50681BF93DD8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS3F748AE8-1945-45fe-947D-B87833B0E30A.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS40A2300E-1DBC-4e12-9837-AD8454775679.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS4403C5B4-83AA-4799-8589-2DA3467C345F.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS440660F2-B78D-464c-A1A0-C208983E2807.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS481860DF-6C1E-49ce-A303-B3EFF2E864EB.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS494F2F0E-AD47-4803-BD16-DBD7DB60C28E.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS4A27E91A-5096-435d-A7F2-048623F891E5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS4B49EA85-530D-4820-8F46-FE0120FC591A.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS4BA7C7D5-4075-4781-8101-1C8EE0E870F7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS4D1BC5C0-B92F-44ea-810D-9ECD657E1892.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS506932BA-8229-4522-B786-3C2221C6D405.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS533B928E-576F-4dc3-AA14-73D08EEE8F20.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS549D04D1-23ED-4465-A065-622498171E93.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS569061E4-7434-4bb8-92A9-840CF861F474.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ae2.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ae5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ae6.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ae7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ae8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ae9.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7aea.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7aeb.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7aec.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bd0.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bdc.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bdd.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bde.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bdf.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7c66.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7cc5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7cc7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ccd.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7cce.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d11.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d15.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d16.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d19.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d1a.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d1b.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d1f.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d23.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d24.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d34.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d36.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d37.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d38.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d39.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d3c.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d40.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d48.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d49.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d75.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7da6.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7dbb.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7dbd.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7dbe.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7dc7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7dc8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7dcf.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7dd1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7f84.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7f91.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7f9f.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fa2.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fa5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fa9.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7faf.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fb0.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fb7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fb8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fbc.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fbd.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fbf.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fc2.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fc4.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fc8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fc9.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fcd.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fce.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fd0.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fd4.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fe4.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fe5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fe7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fed.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fee.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7fef.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS59B3CD42-DE8D-450c-BC09-57C8F5C9BE2B.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS59B51B1C-E923-47b6-AFBE-9F30CF409E32.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS5BD18959-9DFB-4b3d-B315-99F67CC4CE7B.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS5C947F20-64DD-4f08-B1C0-D97F1E650DD5.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS5DC362ED-F30C-4303-983D-9426DA6CA939.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS5E914C75-67C2-47e5-840E-BE51AFB56D0D.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS60624282-2C81-4474-BB63-B34CECADB1FE.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS6159926A-A1B7-429f-AAC7-684F6573F14D.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS660EA2E2-80AB-40fd-AB17-A65B88A1F672.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS67C73A65-1B55-41cb-B654-757BC2AFF076.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS69AAF3DA-7FDC-4deb-A894-027F41804D7D.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS6A5284D8-87AD-4fb1-9FA2-D76B5B87AAE0.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS6C66E58C-1C77-4ff3-960C-895AC2ED95EA.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS6E24BB7E-FF97-401e-B586-4AA90E2B5D68.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS70F00F0C-C476-46c6-BDC9-4775B21A895A.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS71AAA620-5DAD-4f24-A093-D184201A2CA7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS728F554C-96AE-467c-94C3-61592E343AEC.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS72ED767F-09A1-4160-874B-BAA2B06D1892.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS7473BF27-3435-4b0c-8749-99DD4DDB2394.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS7705371C-01C6-41df-8F29-EC17BE90A303.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS770B0DE8-6361-4504-8D7F-5FDCC785B8A2.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS7804F58D-9B6D-4f83-8783-707173F19A57.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS7C14ED36-58F4-4680-AF2F-1C32F4444872.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS7DFE39E1-7715-48c7-A126-BFF87BB8DD6A.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS7E357A14-C513-4eda-9952-1C01971B58BC.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS7E62DD95-8E71-42ef-949A-D02362075298.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS807A85D5-F79D-4acf-BA8E-416DFF1D130E.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS8084ADD0-83CB-43fe-B3CC-0D9AF9224C8C.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS830F61FE-74E4-4355-95F6-AC4FBDBD00C0.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS85F11073-EC14-4915-AA36-164C78736291.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS88B25831-995C-444f-AED9-B1957752F49E.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS89C06F95-B968-4a10-AD4F-CC827DDE263E.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS8A3B68A9-EB4C-4ce7-BE19-3A798A6C8605.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS913EF9D4-6D87-4858-AB2E-9AB7CD3B33AB.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS915DAA15-8AA2-43fd-882D-96E6AD92E160.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS9495F755-CBCB-4e72-824F-414E58072ABD.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS94AF718F-1F54-4ea6-A5CE-AFFADBC9051C.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS962D1639-21C9-4bdc-96A2-33DA0442B191.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS96383A1F-DF64-41a4-97C8-3F749B471F22.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS9751C2B2-B84B-495d-8A51-3C3F88900EED.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS97FC333F-2B50-4664-A4C7-418BBD7EA061.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS9A8AD2CD-C75D-4a96-A8C8-64125FC6B103.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS9C80C2F9-BF08-468b-ABA8-BAD073B1CEB8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSA47A7068-B4F1-4a71-AFC8-9D79D8F88678.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSA4A32610-E267-43a7-B75A-E2D5D4D28A17.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSA63CB66C-7285-477d-A055-7FDE5A5C8965.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSAC8084C2-14F7-4841-9EF8-92106D22C3DB.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSB11FAB59-A592-47a8-AD73-B38909D6E12F.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSB203D484-0BB1-40a7-822A-9E6D0D7B5921.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSB34B832E-A388-4b98-A223-5918A791BE49.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSB3D57829-5E30-4fdd-892B-32895C4F246B.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSB7B5F563-E2FA-4c9f-A9FD-590A22F508E7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSB8F190CE-2E22-471b-AC1D-5BFDA9A7B3D1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSB95C4980-9B72-4e66-9ADA-CEC44E977786.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBA9A3162-D50E-4dd5-8AA4-FF29313A75A6.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBB55ECD6-DE45-4572-9DB3-BA9B087AFC81.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBC748031-DAAA-45cd-AC39-C973F73D5E88.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBD1FE615-FC9A-4492-A170-1525A4D88E9E.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBED76E1D-4411-4975-BFF3-F26E7B8B56B7.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBF5080C5-6DB1-42d5-A235-18A19B4B2E01.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBF5C615C-F518-49e8-9F38-A96D0944D383.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSBF756807-6EB3-4021-B6ED-FBE4D50A72F1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSC622ADA4-8AFC-4faa-844F-2B547C721E94.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSCCDA0B9F-2F54-4810-BAAF-04A59E60998B.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSCD039672-4248-459e-9A1E-32017644A416.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSCED66912-DBD5-406d-80BC-A1AAE9D5F677.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD187D1CC-CF8F-4745-BA91-8BC04098C8CB.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD244B491-9EA9-4ddf-8DB0-E38B0F5D5C80.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD433D058-1AE9-4ab8-99DB-F2FBCDB9447B.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD5671438-ADC2-4616-BA90-0FF6FD03CED8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD5BEB284-9F6D-4635-881A-31A092178E63.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD6EFA393-D7FF-4deb-8A87-1FDC73DC6987.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD858C799-9511-42d6-842F-61905993222E.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD8F4B47F-18D4-4fdf-AE0E-3C7B16CAB344.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSD96469EA-5613-41d4-A7CB-D05418271C69.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSDB9A75C3-9D33-4717-AF04-761385A64358.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSDCD9813D-3347-4781-810C-5DE967647580.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSDE291B61-EB11-4130-8BCD-2117ACD332EB.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSDF5D127C-9C1A-4cc2-AFEF-84414BF6283C.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSE009891F-66A7-4f68-B471-F64E3F58828B.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSE034CA46-D08F-4fff-AA3C-FF04510DAEF0.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSE4D721F9-8A6B-4b0c-A48A-247D07EF60F4.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSE5B6DB43-9A97-48a6-8B08-6B3276207CB1.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSEB0CC6A4-4DA1-479f-A84D-E68E5B09EACD.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSEC17038E-B11A-4b4d-87E1-B9829827E7D2.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSF8E615B0-223A-434c-ABF4-8A8FA2753A99.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSF9C98194-FBB9-4e5d-9773-2E331836C7A8.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSFAC9CE59-0FAB-4289-825B-9D35BDDC8377.html Win32/Ramnit.A virus

C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WSFE985CC7-A20C-4d3f-8489-71430F6D1262.html Win32/Ramnit.A virus

C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll Win32/Ramnit.H virus

C:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll Win32/Ramnit.H virus

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Citrus Punch.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Clear Day.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Fiesta.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Glacier.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Ivy.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Leaves.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Maize.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Nature.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Network Blitz.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Pie Charts.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Sunflower.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Sweets.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\Microsoft Shared\Stationery\Technical.htm Win32/Ramnit.A virus

C:\Program Files\Common Files\System\ado\MDACReadme.htm Win32/Ramnit.A virus

C:\Program Files\ExpressFiles\ExpressFiles.exe a variant of Win32/ExpressFiles.A application

C:\Program Files\ExpressFiles\uninstall.exe a variant of Win32/ExpressFiles.B application

C:\Program Files\Garena Plus\bbtalk\lib\AudioMixerLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\ChannelUrlDll.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\FileManager.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\HotKeyLibEx.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\IPCLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\MediaEngine.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\MessagePumpLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\MP3Saver.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\SafeClientLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\SimpleFileClient.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\UdpClient.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\lib\VideoModelLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\plugins\D3DHook\OverlayHookD3D8.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\plugins\D3DHook\OverlayHookD3D9.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\plugins\D3DHook\OverlayHookDInput8.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\plugins\D3DHook\OverlayUI.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\update\lib\FileManager.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\update\lib\MessagePumpLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\FileSystem.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\KeyboardHook.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\LogLibEx.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\Overlay.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\bbtalk\SimpleFileClient.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\lib\delay_load\GaVoiceGroup.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\lib\TaskManagerLib.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\lib\XLL.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\BlackShotPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\HonCISPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\HonPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\LDJPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\LoLPHPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\LoLPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\LoLTHPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\LoLTWPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\PerfectWorldPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\PluginNews.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\PluginTexasHoldEmTW.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\PluginThe7TW.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\PluginWinTexasTW.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\Room\garena_room.exe Win32/Ramnit.H virus

C:\Program Files\Garena Plus\xim\plugin_xmpp.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\7za.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\GaVoice.exe Win32/Ramnit.H virus

C:\Program Files\Garena Plus\ggdownloader.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\HookSocket.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\PluginAux.dll Win32/Ramnit.H virus

C:\Program Files\Garena Plus\xIM.dll Win32/Ramnit.H virus

C:\Program Files\Java\jre6\Welcome.html Win32/Ramnit.A virus

C:\Program Files\Microsoft Help Viewer\v1.0\ReadMe_ENG.htm Win32/Ramnit.A virus

C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\ReadMeSyncServices_ENU.htm Win32/Ramnit.A virus

C:\Program Files\NetMeeting\netmeet.htm Win32/Ramnit.A virus

C:\Program Files\Realtek AC97\RtlCPAPI.dll Win32/Ramnit.H virus

C:\Program Files\Realtek AC97\RTLCPL.exe Win32/Ramnit.H virus

C:\Program Files\USB Disk Security\msvcp80.dll Win32/Ramnit.H virus

C:\Program Files\USB Disk Security\msvcr80.dll Win32/Ramnit.H virus

C:\Program Files\VideoLAN\VLC\http\flash.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\http\index.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\http\mosaic.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\http\vlm.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\http\vlm_export.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\lua\http\flash.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\lua\http\index.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\lua\http\mosaic.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\lua\http\vlm.html Win32/Ramnit.A virus

C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html Win32/Ramnit.A virus

C:\Program Files\WinRAR\Order.htm Win32/Ramnit.A virus

C:\Program Files\WinRAR\Rar.exe Win32/Ramnit.H virus

C:\Program Files\WinRAR\RarExt.dll Win32/Ramnit.H virus

C:\Program Files\WinRAR\RarExtLoader.exe Win32/Ramnit.H virus

C:\Program Files\WinRAR\Uninstall.exe Win32/Ramnit.H virus

C:\Program Files\WinRAR\UnRAR.exe Win32/Ramnit.H virus

C:\Program Files\WinRAR\WinRAR.exe Win32/Ramnit.H virus

C:\torrent.exe Win32/BundleInstaller application

D:\ba2388fb58df18f83fefad\i386\mxdwdrv.dll Win32/Ramnit.H virus

D:\e9c09c21b2d74b299ca2\i386\mxdwdrv.dll Win32/Ramnit.H virus

D:\MSDN\HTML files\00\wm0_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\00\wm0_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\00\wm0_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\00\wm0_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\00\wm0_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\01\wm1_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_12.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_13.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_14.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_15.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_16.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_17.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\02\wm2_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\03\wm3_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_12.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_13.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_14.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_15.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\04\wm4_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\05\wm5_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_12.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_13.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_14.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\06\wm6_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_12.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_13.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\07\wm7_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_12.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_13.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\08\wm8_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\09\wm9_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\10\wm10_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\11\wm11_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_12.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_13.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_14.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\12\wm12_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_0.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_1.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_10.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_11.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_12.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_13.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_14.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_15.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_2.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_3.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_4.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_5.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_6.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_7.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_8.html Win32/Ramnit.A virus

D:\MSDN\HTML files\13\wm13_9.html Win32/Ramnit.A virus

D:\MSDN\HTML files\code_rules.html Win32/Ramnit.A virus

D:\MSDN\HTML files\Download_Instructions.htm Win32/Ramnit.A virus

D:\MSDN\HTML files\f_bottom.html Win32/Ramnit.A virus

D:\MSDN\HTML files\f_top.html Win32/Ramnit.A virus

D:\MSDN\HTML files\glossary.htm Win32/Ramnit.A virus

D:\MSDN\HTML files\index.html Win32/Ramnit.A virus

D:\MSDN\HTML files\units.html Win32/Ramnit.A virus

D:\MSDN\Start Course.html Win32/Ramnit.A virus

D:\program files\Office14\AccessWeb\CLNTWRAP.HTM Win32/Ramnit.A virus

D:\program files\Office14\OSPP.HTM Win32/Ramnit.A virus

Operating memory Win32/Ramnit.H virus

[kingtaoist]

is that possible?? how come mbam and combofix wasnt able to detect this??

[TheDarkKnight]

Good afternoon kingtaoist,

is that possible?? how come mbam and combofix wasnt able to detect this??

Antivirus programs use databases, so they do not all contain the same entries.

Tools are different too. ComboFix and MBAM look for different things, and also have different databases and detection methods, which is why they didn't find this infection.

ESET is renowned for being able to detect file replicating infections. Unfortunately Ramnit is very hard to disinfect. It tends to infect executable files, and even after disinfection if we miss a single one then it can replicate as soon as it is triggered.

Reformatting is the best way to deal with file infectors and replicators. How would you like to proceed?

[kingtaoist]

hello,

for now i would like to avoid reformatting my desktop, but if i got no other option left then i guess reformatting is unavoidable..

what options do i have right now?

[TheDarkKnight]

Hey kingtaoist,

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

• Please go to a clean computer
• Download the .iso image file.
  
• Create a CD (or flash drive if you prefer).
  
• On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

[kingtaoist]

hello,

i tried using eset nod32 and it was able to delete all viruses detected by eset online scanner..

and as for the kaspersky rescue.. i wont be able to do that since i dont have any other available laptop or desktop..

thank you for your help, i really appreciate it.. people like you needs to be paid by malwarebytes.. you are like live support but without pay .. thank you so much

[TheDarkKnight]

Good morning kingtaoist,

So the issue is gone?

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[kingtaoist]

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 35

Java version out of Date!

Adobe Flash Player 11.5.502.146

Adobe Reader 8 Adobe Reader out of Date!

Mozilla Firefox (18.0.2)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

[kingtaoist]

right now i unintalled all anti-virus tool i have.. and like the log said, ill defragment my drive. tnx