Jump to content

Problem with Firefox Redirects after "W32 Ramnit.a"


AdamL

Recommended Posts

Hi,

A few days ago McAfee AntiVirus reported a "W32 Ramnit.a" infection that it claimed it quarantined and removed. However, since then I have a problem in firefox where new tabs will open on unsafe web pages, or if I type in a URL it will sopmetimes take me to a different page. In case it helps, the latest site that it opened was www.rockthegift.com. The symptoms seem similar to this post: http://forums.malwarebytes.org/lofiversion...php?t60378.html

None of the malware-removal tools I've tried, including Malwarebytes', seem to have fixed it.

I tried to run GMER but after several minutes of scanning it crashed, with the generic Windows "application encoutnered a problem" message, after which the computer froze and I was forced to do a hard reboot. I tried running GMER again, and this time the computer rebooted itself partway through the scan. So I cannot attach a GMER log.

Thanks in advance for your help,

-Adam

Malwarebytes' Log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4487

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.11

8/29/2010 10:21:18 PM

mbam-log-2010-08-29 (22-21-18).txt

Scan type: Full scan (C:\|)

Objects scanned: 253458

Time elapsed: 47 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86

Run by Adam at 21:37:47.65 on Tue 08/31/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.450 [GMT -4:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Adam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {32165001-2cdb-44af-8035-05e8a0d9f2eb} - No File

BHO: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100803154734.dll

BHO: {AC7DFD38-53C2-4CEC-9119-5E2A80ECEEF1} - No File

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: {cc89d458-1c6b-4558-8f6f-d677b61210ae} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: nypa.gov\secure

Trusted Zone: turbotax.com

Trusted Zone: musicmatch.com\online

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.20.19/ttinst.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\ydibscmb.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-3 385880]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-3 82952]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-3 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-3 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-3 271480]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-3 170144]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-3 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-3 141792]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-3 55456]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-3 152320]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-3 51688]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-3 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-3 88480]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-3 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-3 83496]

=============== Created Last 30 ================

2010-09-01 01:33:05 0 ----a-w- c:\documents and settings\adam\defogger_reenable

2010-09-01 01:31:20 0 d-----w- c:\windows\system32\appmgmt

2010-08-30 02:43:23 0 d-sha-r- C:\cmdcons

2010-08-30 02:39:19 98816 ----a-w- c:\windows\sed.exe

2010-08-30 02:39:19 77312 ----a-w- c:\windows\MBR.exe

2010-08-30 02:39:19 256512 ----a-w- c:\windows\PEV.exe

2010-08-30 02:39:19 161792 ----a-w- c:\windows\SWREG.exe

2010-08-29 19:33:02 0 d-----w- c:\program files\Enigma Software Group

2010-08-29 19:32:32 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-08-27 00:54:42 0 d-----w- c:\docume~1\adam\applic~1\Malwarebytes

2010-08-27 00:54:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 00:54:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 00:54:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 00:54:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-27 00:51:55 0 d-----w- c:\program files\Trend Micro

2010-08-26 23:46:10 0 d-----w- c:\program files\sys2

2010-08-26 23:46:07 0 d-----w- c:\program files\ssns

2010-08-26 23:46:03 0 d-----w- c:\program files\Microsoft

2010-08-03 19:47:34 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-08-03 19:47:23 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-08-03 19:47:23 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-08-03 19:47:23 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-08-03 19:47:23 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-08-03 19:47:23 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-08-03 19:47:23 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-08-03 19:47:23 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-08-03 19:47:23 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-08-03 19:47:23 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe

2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2008-09-12 00:12:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 21:39:15.79 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Ramnit is a file infector, so I hope McAfee could stop it before it did any damage.

Please update MBAM, run a Quick Scan, and post its log.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi, thanks for the response. Here are the logs you requested.

Thanks,

-Adam

Updated MBAM Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4526

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

9/1/2010 10:43:49 PM

mbam-log-2010-09-01 (22-43-49).txt

Scan type: Quick scan

Objects scanned: 156990

Time elapsed: 10 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix log

ComboFix 10-09-01.02 - Adam 09/01/2010 22:57:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.625 [GMT -4:00]

Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))

.

2010-08-29 19:33 . 2010-08-29 19:33 -------- d-----w- c:\program files\Enigma Software Group

2010-08-29 19:32 . 2010-09-01 01:30 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-08-27 00:54 . 2010-08-27 00:54 -------- d-----w- c:\documents and settings\Adam\Application Data\Malwarebytes

2010-08-27 00:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 00:54 . 2010-08-27 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 00:54 . 2010-08-27 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-27 00:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 00:51 . 2010-08-27 00:51 388096 ----a-r- c:\documents and settings\Adam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-27 00:51 . 2010-08-27 00:51 -------- d-----w- c:\program files\Trend Micro

2010-08-26 23:46 . 2010-08-26 23:46 -------- d-----w- c:\program files\sys2

2010-08-26 23:46 . 2010-08-26 23:46 -------- d-----w- c:\program files\ssns

2010-08-26 23:46 . 2010-08-27 01:28 -------- d-----w- c:\program files\Microsoft

2010-08-03 19:47 . 2010-06-01 00:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-08-03 19:47 . 2010-06-01 00:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-08-03 19:47 . 2010-06-01 00:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-08-03 19:47 . 2010-06-01 00:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-08-03 19:47 . 2010-06-01 00:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-08-03 19:47 . 2010-06-01 00:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-08-03 19:47 . 2010-06-01 00:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-08-03 19:47 . 2010-06-01 00:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-08-03 19:47 . 2010-06-01 00:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-08-03 19:47 . 2010-06-01 00:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-02 02:46 . 2006-05-27 16:20 -------- d-----w- c:\program files\Dl_cats

2010-08-27 01:28 . 2009-12-10 21:11 -------- d-----w- c:\documents and settings\Adam\Application Data\Ufsoym

2010-08-27 00:04 . 2009-04-01 02:45 1536000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll

2010-08-27 00:04 . 2009-01-24 22:50 3616768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll

2010-08-27 00:04 . 2009-01-24 22:49 1007616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll

2010-08-27 00:04 . 2009-01-24 22:48 811008 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll

2010-08-27 00:02 . 2009-12-26 22:44 -------- d-----w- c:\documents and settings\Adam\Application Data\Zoxar

2010-08-26 23:56 . 2007-07-19 01:34 64512 ----a-w- c:\documents and settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\item_templ\coach\RunGdp.exe

2010-08-26 23:56 . 2007-07-13 01:00 1896448 ----a-w- c:\documents and settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\dplugins\2.0.1.571\DiagPlugin.dll

2010-08-26 23:34 . 2006-05-27 15:05 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-08-26 00:33 . 2010-08-01 22:49 1553472 ----a-w- c:\documents and settings\Adam\Application Data\Thunderbird\Profiles\zu20su1y.default\Mail\mail.optonline-1.net\Inbox.sbd\monster.com

2010-08-19 03:40 . 2009-12-06 04:02 -------- d-----w- c:\documents and settings\Adam\Application Data\ZoomBrowser EX

2010-08-19 03:40 . 2009-12-06 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2010-08-04 07:18 . 2006-05-22 20:48 -------- d-----w- c:\program files\McAfee.com

2010-08-04 00:06 . 2006-05-22 20:50 -------- d-----w- c:\program files\McAfee

2010-08-04 00:05 . 2007-03-08 03:48 -------- d-----w- c:\program files\Common Files\McAfee

2010-07-31 01:50 . 2009-12-06 04:00 -------- d-----w- c:\documents and settings\Adam\Application Data\CameraWindowDC

2010-06-30 12:31 . 2005-08-16 08:18 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:15 . 2005-08-16 08:18 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:15 . 2005-08-16 08:18 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-23 13:44 . 2005-08-16 08:18 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2005-08-16 08:18 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2005-08-16 08:18 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2005-08-16 08:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-01 00:32 . 2010-08-03 19:47 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]

"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdrfy]

[bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgeec]

[bU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/3/2010 3:47 PM 82952]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/5/2008 3:59 PM 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/3/2010 3:47 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/3/2010 3:47 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/3/2010 3:47 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/3/2010 3:47 PM 141792]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/3/2010 3:47 PM 55456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/3/2010 3:47 PM 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/3/2010 3:47 PM 88480]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/3/2010 3:47 PM 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/3/2010 3:47 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dell.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: nypa.gov\secure

Trusted Zone: turbotax.com

Trusted Zone: musicmatch.com\online

FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\ydibscmb.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

BHO-{32165001-2cdb-44af-8035-05e8a0d9f2eb} - (no file)

BHO-{AC7DFD38-53C2-4CEC-9119-5E2A80ECEEF1} - (no file)

BHO-{cc89d458-1c6b-4558-8f6f-d677b61210ae} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-01 23:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4024)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2010-09-01 23:07:26

ComboFix-quarantined-files.txt 2010-09-02 03:07

ComboFix2.txt 2010-08-30 03:09

Pre-Run: 120,451,276,800 bytes free

Post-Run: 120,433,938,432 bytes free

- - End Of File - - 9BC76F09AFBBA137E79BD929C8AE8D8E

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Adam at 23:08:19.42 on Wed 09/01/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.569 [GMT -4:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\WINDOWS\system32\dlcccoms.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Adam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100803154734.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: nypa.gov\secure

Trusted Zone: turbotax.com

Trusted Zone: musicmatch.com\online

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.20.19/ttinst.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\ydibscmb.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-3 385880]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-3 82952]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-3 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-3 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-3 271480]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-3 170144]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-3 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-3 141792]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-3 55456]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-3 152320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-3 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-3 88480]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-3 51688]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-3 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-3 83496]

=============== Created Last 30 ================

2010-09-01 01:33:05 0 ----a-w- c:\documents and settings\adam\defogger_reenable

2010-09-01 01:31:20 0 d-----w- c:\windows\system32\appmgmt

2010-08-30 02:43:23 0 d-sha-r- C:\cmdcons

2010-08-30 02:39:19 98816 ----a-w- c:\windows\sed.exe

2010-08-30 02:39:19 77312 ----a-w- c:\windows\MBR.exe

2010-08-30 02:39:19 256512 ----a-w- c:\windows\PEV.exe

2010-08-30 02:39:19 161792 ----a-w- c:\windows\SWREG.exe

2010-08-29 19:33:02 0 d-----w- c:\program files\Enigma Software Group

2010-08-29 19:32:32 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-08-27 00:54:42 0 d-----w- c:\docume~1\adam\applic~1\Malwarebytes

2010-08-27 00:54:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 00:54:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 00:54:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 00:54:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-27 00:51:55 0 d-----w- c:\program files\Trend Micro

2010-08-26 23:46:10 0 d-----w- c:\program files\sys2

2010-08-26 23:46:07 0 d-----w- c:\program files\ssns

2010-08-26 23:46:03 0 d-----w- c:\program files\Microsoft

2010-08-03 19:47:34 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-08-03 19:47:23 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-08-03 19:47:23 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-08-03 19:47:23 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-08-03 19:47:23 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-08-03 19:47:23 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-08-03 19:47:23 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-08-03 19:47:23 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-08-03 19:47:23 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-08-03 19:47:23 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe

2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2008-09-12 00:12:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 23:08:36.08 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Are you still getting redirects??

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

I did some web browsing for about 15 minutes and there were no redirects, so that's promising. ESET did find some Ramnit infections. I pasted the logs below.

Thanks,

-Adam

ESET Log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17080 (vista_gdr.100616-0452)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=74baceb4e22dca4cbc8a6bbd209e61d7

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-09-04 12:44:02

# local_time=2010-09-03 08:44:02 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777173 100 75 1749058 12705149 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=105785

# found=489

# cleaned=489

# scan_time=10013

C:\Adam\DDC\test.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\DDC\test2.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\DDC\DocCon\jre\Welcome.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\DDC\DocCon\lib\solution_concept.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\DDC\DocCon\lib\solution_design.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\DDC\DocCon\lib\solution_design_requirements_completed.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\DDC\DocCon\lib\solution_requirements.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\DDC\DocCon\lib\web_production.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\emulators\nes\openME!.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\html\index.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\html\links.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\html\myself.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\html\tellurian.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Adam\MyPrograms\TestProgs\MyApp\select_recipe.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Bridge Buff 14\Bridge Buff\BuddyHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Bridge Buff 14\Bridge Buff\FontHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Bridge Buff 14\Bridge Buff\SequencerHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\dell\DELLBUTN.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\dell\contact\HELP.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\dell\High Speed Internet Offers\Consumer\html\add_off.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\dell\High Speed Internet Offers\Consumer\html\dsl_cab.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\dell\High Speed Internet Offers\Consumer\html\faqs.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\dell\High Speed Internet Offers\Consumer\html\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\dell\High Speed Internet Offers\Consumer\html\wireless.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\AutoMaintenance\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\blank.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\confirm.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\moreinfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\noitems.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\senddata.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\statinfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\survey.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\wait.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\agent_infolet_exe.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\1089706.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\122779.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\696.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\697.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\FA1026016.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\FA1055890.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\FA1065237.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\FA1073964.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\FA1073993.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\FA1074250.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\FA1077154.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\PA1089329.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\PA1090313.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\PA1090384.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\PA1090493.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\RA1055974.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1055646.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1055856.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1056916.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1066822.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1078218.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1082421.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1088799.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\TT1090151.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\wireless.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\DRT\drt.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\enable_faxing\Fax_Using_AIO.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\modem_helper_sp2\Modem_Helper_XP_SP2.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\pc_recovery\1055856.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\pc_recovery\1083341.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\pc_recovery\1090152.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\pc_recovery\1091713.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\faqs\pc_recovery\1092188.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\item_templ\agent_infolet_exe.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\blank.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\confirm.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\moreinfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\noitems.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\senddata.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\statinfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\survey.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\html\wait.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\item_templ\agent_infolet_exe.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\item_templ\coach\configuration\adpglobal\main.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\offline\privacy_policy.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\faqs\122779.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\faqs\696.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\faqs\697.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\blank.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\confirm.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\moreinfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\noitems.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\senddata.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\statinfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\survey.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\html\wait.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\item_templ\agent_infolet_exe.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\item_templ\silent_update.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\offline\privacy_policy.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\PC_Recovery\1055856.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\PC_Recovery\1083341.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\PC_Recovery\1090152.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\PC_Recovery\1091713.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\PC_Recovery\1092188.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Real\Msg\104_1195697050\ipm_movies112107.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Real\Msg\4155_1195078543\20071114Newmusic_3links.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Adam\Application Data\Real\Msg\4155_1195674941\20071121Newmusic_3links.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\core\main.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\bs.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkInformation.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\checkoutNow.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\qcff_signup_moreinfo.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\QCRegistration1_1.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\qcff\html\retrieveInformation.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\toolbar\bs.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\toolbar\channels\auto\auto.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\Apps\toolbar\channels\shop\shop.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\01270\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\01270\FINFOTABHTML.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\01270\270D0A0C\error.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\01358\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\01358\FINFOTABHTML.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\01358\B28CD3AE\error.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\05853\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\06526\FINFOTABHTML.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07101\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07101\FINFOTABHTML.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07101\4B10AA35\error.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07785\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07785\FINFOTABHTML.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07785\5BF1265E\error.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\09899\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\09899\FINFOTABHTML.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\09999\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\09999\FINFOTABHTML.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\10245\5E191975\error.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\10482\A3BE617C\error.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\10898\FINFOTAB.HTM Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Help\QnueHTML\_allframes.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Help\QnueHTML\_blank.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Help\QnueHTML\_storage.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpbank\billb.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpbank\tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpbiz\billb.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpbiz\inetres.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpbiz\tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpcar\billb.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpcar\btools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpcar\tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome\billb.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome\overview_nw_tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome\overview_plan_tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome\overview_tax_tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome\payzero.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome\uqwzero.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome\watch.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpinvest\billb.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpinvest\btools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpinvest\dtools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpinvest\nonsafari.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpinvest\rtools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpinvest\tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpplan\billb.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpplan\calc.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpplan\planners.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpplan\savedp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpplan\tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hprpm\tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hptax\billb.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hptax\info.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hptax\tools.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hptax\tt.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\bswi.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\alcnoact.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\bdgtzero.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\billzer.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\cbillz.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\expnoact.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\inexnact.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\irrnoact.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\mvanoact.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\MyPagesWelcome.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\nextzer.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\nogph.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\nogph_qnue.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\noigph.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\pvcnoact.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\pvnoact.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\regbillzer.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content\sbillz.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Accounts_Other_3a.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Accounts_Other_3b.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Accounts_Tracked.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Accounts_Used_3a.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Accounts_Used_3b.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Account_Number.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Acct_Business.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_AssetDebt.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Automatic_Download.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_BankInfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Bank_Login.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Business_Accounts.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Cash.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Change_Details.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Change_Mistake.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Connection_Type.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Credit_Limit.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Details_1_6.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Details_1_7.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Direct_Connect.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Download_Unable.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Enable_Downloads.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Explain_Options.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_FI_Not_Enter.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_FI_Not_Known.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_FI_Protection.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Forget_Password.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Generic.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Go_Next.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Investment.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_IRA_Type.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Learn_Downloading.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_loan_liability.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Login.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Money_Market.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_MyBank.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Name_Account.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_NoFI.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_One_Account.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Online_Payment.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Opening_Balance.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Password_Enter.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Password_Vault.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_PayableReceivable.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Security.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_See_Accounts.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Select_Acct.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Select_Later.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Single_Mutual_Fund.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Statement.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Taxdeferred_Account.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Tax_Deferred.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Tax_Status.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_To_Do.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Transactions_Downloaded.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_User_ID_Change.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_View_Register.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Web_Connect.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_A_Why.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_AssetDebt.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F1_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F1_1_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F1_2.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F1_3.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F2_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F2_1_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F2_1_2.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F2_1_2_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F3_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F3_123.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F3_2.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F3_3.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F4_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F5_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F5_1_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F5_1_2.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F5_1_3.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F5_1_5.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F5_1_6.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F5_1_7.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F6_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F6_2.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F6_3.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F7_1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F7_3a.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F7_3b.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F7_4.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F_Error.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F_Next_a.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F_Next_b.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F_Next_c.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F_Next_d.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F_Next_e.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_F_Pin.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_Generic.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_Investment.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_loan_liability.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_NE_Select.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_PayableReceivable.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup\ASF_Q_Taxdeferred_Account.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action2a\tax2a.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action3\tax3.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action4\tax4.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action5\tax5.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action6f\tax6f.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action7a\tax7a.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action7b\tax7b.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Actionw\withhold.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Bullseye\ErrorCenter.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Bullseye\Hint.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Cataudit\cataudit.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Chart\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Chart\styles.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\FirstTime\Cash_Flow_Center_SpendingPlan.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Asset-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Bank-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Cash-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Credit-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-CustomerInvoices-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Generic-Overview.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Investing-Overview.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Investing-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Investing-Value.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-Liability-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-SalesTax-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Account-VendorInvoices-Transactions.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Banking-Analysis.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Banking-CashFlow.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Banking-SavingsPlan.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Banking-Summary.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Bills-Calendar.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Bills-ListByMonth.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Bills-ListUpcoming.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Bills-Timeline.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Business-CashFlow.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Business-ProfitLoss.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Business-Summary.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Investing-Analysis.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Investing-OnlinePortfolio.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Investing-Performance.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Investing-Portfolio.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Investing-TodaysData.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\MyPages-Custom.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\NetWorth-NetWorth.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\NetWorth-PropertyAndDebt.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\NoGuidance.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Planning-LifetimePlanner.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\RentalProperty-CashFlow.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\RentalProperty-ProfitLoss.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\RentalProperty-RentCenter.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\RentalProperty-Summary.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\SavingMoney-QuickenPicks.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Setup-Accounts.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Setup-Categories.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Setup-Overview-NewUser.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Setup-Overview.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Setup-Reminders.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Setup-Tags.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance\Tax-Summary.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\HBTrial\HBTrialPopup.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\compensa.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\disclosu.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\doforyou.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\doiknow.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\index.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\recommen.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\regulate.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\whatis.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp\whatques.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Qonlerr\error.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Qonlerr\errtempl.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\EditPropertyIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\EditTenant_PrimaryTabIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationCheckListHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationCheckListIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationCheckPropertyHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationCheckSchedTxntHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationCheckTenantHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationFileSelectHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationImportHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationImportIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationImportStatusIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationLongFieldNames.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationOldFilesLocationHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationPropertyImportFailHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationPropertyMappingHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationRentCollectionHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationSelectDataFileIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationTenantImportFailHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\MigrationUnitImportFailHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyHideHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyHouseAccountHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyLoanHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyNameHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyTagHelp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyUnitInfo_Add.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\PropertyUnitInfo_Edit.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantAdditionalOccupants.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantAddressBook.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantHide.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantLeaseEnd.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantLeaseExtend.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantLeaseStart.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantMoveIn.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantMoveOut.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantMoveOutProcess.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantMultiple.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantNotes.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantOtherId.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantReminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantRentAccount.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantSecDepCollect.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantSecDepKept.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantSecDepLiability.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantSecDepReturned.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantSection8.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\TenantTabs.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\Tenant_ContactTabIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\Tenant_PrimaryTabIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\Tenant_SecurityTabIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM\Tenant_TermsTabIndex.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPMTrial\RPMTrialPopup.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\NoServices.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\BillPayInfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\BillsNone.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ChangeAccountTabUse.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ChangeAcctTab.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ChangeAcctTab_account.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ChangeAcctTab_intent.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ChangeAcctTab_revert.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ChangeAcctTab_tab.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\DownloadInfo.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\EnterReminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\EnterReminder_categories.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\EnterReminder_change.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\EnterReminder_enter.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\EnterReminder_info.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\EnterReminder_payment.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\EnterReminder_tags.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\Introduction.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\LearnMorePersonal.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\LearnMoreSimplify.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_amount.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_categories.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_change.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_delivery.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_info.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_Manual_Payment.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_Online_Payment.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_outlook.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_payment.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_reminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_tags.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_track.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleBillReminder_transaction.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_amount.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_categories.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_change.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_delivery.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_info.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_reminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_tags.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleIncomeReminder_track.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_amount.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_categories.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_change.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_delivery.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_info.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_reminder.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_tags.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\ScheduleTransferReminder_track.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\UpgradeDeluxe.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\UpgradeHB.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\UpgradePremier.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup\UpgradeRPM.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Ss_mff\eval.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Ss_mff\search.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Thumbs\Info.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Thumbs\Intro.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Webconn\wctemplatepage.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Webconn\webcsignup.html Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Onlnenrl\about.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Onlnenrl\knownfi.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Onlnenrl\nofi.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Onlnenrl\pickfi.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Onlnenrl\qbp.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Onlnenrl\step1.htm Win32/Ramnit.A virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\bdeeg.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\fdwmbbld.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1477\A0075620.exe a variant of Win32/Kryptik.GJX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1478\A0075750.exe a variant of Win32/Kryptik.GJX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1480\A0078026.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Security Check Log

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

McAfee SecurityCenter

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Ad-Aware

Malwarebytes' Anti-Malware

Java 2 Runtime Environment, SE v1.4.2_03

Adobe Flash Player 10.0.32.18

Adobe Reader 8.1.6

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.8)

Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

mcafee VIRUSS~1 mcvsshld.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

Hi,

I can reformat and reinstall windows. Can you give me any advice about whether certain types of files are safe to back up at this point? I am thinking of Thunderbird Email, Photos, MS Office Documents, Quicken data files. After the original Ramnit infection, I backed up these kinds of things to CD-R. Is it safe to use these files?

Thanks,

-Adam

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.