Jump to content

Ramnit.E


richardh

Recommended Posts

Good Morning

I was infected by the fake security software and browser redirect viruses on a Windows XP machine.

I used MBAM and Microsoft Security Essentials to, on the face of it, deal with them, but now I am seeing the Ramnit virus which looks tricky to deal with.

I am currently running a full Microsoft scan which is generating lots of Ramnit.E entires but looking at other posts, that is not likely to fix the problem contrary to what Microsoft's own site suggests.

Could you kindly walk me through the steps needed to ensure this is cleaned properly.

Thanks

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Hi Elise

Thank you for helping.

This is what happened. I downloaded and ran OTL and got the two notepad reports. Then whilst trying to download Rootkit unhooker the internet connection was broken and would not reconnect.

Microsoft Security Essentials had identified a number of malware items and so I requested cleanup. I then rebooted but PC will no longer boot up to log in window even in Safe Mode - it just cycles through partially boot close down , automatic reboot close down etc.

Help!

Link to post
Share on other sites

Hi, a few things here.

Ramnit is a very annoying infection as it infects many files and even one file left will cause the whole system to reinfect.

We should still be able to recover your system but it may take a while.

Can you please let me know if you have your windows install CD, which version of windows you are running and exactly at which point your computer restarts. Do you see a blue screen? If so, please note down the stop code.

Link to post
Share on other sites

Hi, a few things here.

Ramnit is a very annoying infection as it infects many files and even one file left will cause the whole system to reinfect.

We should still be able to recover your system but it may take a while.

Can you please let me know if you have your windows install CD, which version of windows you are running and exactly at which point your computer restarts. Do you see a blue screen? If so, please note down the stop code.

Hi Elise

Thanks for the reply.

In answer to your questions:

1. sorry no Windows CD

2. Windows XP

3. Restarts after blue screen shows for a few seconds but no stop code visible

Thanks

Link to post
Share on other sites

Lets first try to get that BSOD code. Let me also know exactly at which point the system crashes. Do you still see the XP splash screen, does it get past that and if so, how much?

We Need to Diagnose Your BlueScreen

  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
    disableautomaticrestart.png
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg

Please post me the error(s).

Link to post
Share on other sites

Lets first try to get that BSOD code. Let me also know exactly at which point the system crashes. Do you still see the XP splash screen, does it get past that and if so, how much?

We Need to Diagnose Your BlueScreen

  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
    disableautomaticrestart.png
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg

Please post me the error(s).

Hi Elise

OK here goes

"STOP c000021a (Fatal System error)

The Windows Logon System process terminated unexpectedly with a status of 0 x c0000005 (0 x 00000000 0 x 00000000)"

Link to post
Share on other sites

Okay, that gives us a clear indication of the problem. :P

Please download ARCDC from Artellos.com.

  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC

Your ISO is located on your desktop.

  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.

    [*]Your PC should now boot from your XP-CD.

    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

    [*]When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    [*]When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

    [*]A command prompt will open

Type the following lines and press enter after each one. If you are asked at any point to overwrite, choose Yes.

copy c:\windows\servicepackfiles\i386\explorer.exe explorer.exe

cd system32

copy c:\windows\servicepackfiles\i386\winlogon.exe winlogon.exe

exit

Your computer will now reboot. Let me know how things are.

Link to post
Share on other sites

Okay, that gives us a clear indication of the problem. :)

Please download ARCDC from Artellos.com.

  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC

Your ISO is located on your desktop.

  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.

    [*]Your PC should now boot from your XP-CD.

    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

    [*]When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    [*]When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

    [*]A command prompt will open

Type the following lines and press enter after each one. If you are asked at any point to overwrite, choose Yes.

copy c:\windows\servicepackfiles\i386\explorer.exe explorer.exe

cd system32

copy c:\windows\servicepackfiles\i386\winlogon.exe winlogon.exe

exit

Your computer will now reboot. Let me know how things are.

Hi

Got into the Recovery console but am being asked which Windows Installation I would like to log onto.

Not sure what it is looking for here?

Link to post
Share on other sites

Sorry, that step somehow disappeared from my instructions: should be 1. c:\windows (type 1)

Hi Elise

OK I did all that successfully to the point where PC rebooted - it went in to the Setup screen again and I opted to continue to set up Windows at which point it says cannot find EULA.

What next ?

Thanks

Link to post
Share on other sites

You don't have to choose that option, you have to do this:

Hi Elise

Maybe I did not explain correctly. I have been through the Recovery Console process you describe above - typed in the lines etc and it rebooted.

What should I do then? Did you mean me to go back in to Recovery console again as per your previous post - if so what do I do when I am there?

Thanks

Link to post
Share on other sites

At this point, can you reboot normally in windows or do you still get the same blue screen?

When rebooting you have to remove the CD, otherwise it will boot again from it, and we don't want that.

Hi

OK have been able to log back in to Windows normally.

Do you want me to go back to downloading RootKit Remover or will that prompt same problem we have just overcome?

Thanks

Link to post
Share on other sites

No, that was a specific infection that caused this problem, please post the requested logs.

Hi

It is not letting me connect to the internet to download RootKit tool

I am concerned about spreading the virus if I copy the OTL logs on to a USB stick and post them from a different machine. Is that a risk?

Also as well as showing Ramnit.E about 57 times there is also Bamital.D showing in Microsoft Security essentials.

Bit stuck here!

Thanks

Link to post
Share on other sites

Hi, Bamital is what caused the computer to become unbootable; it infects explorer.exe and winlogon.exe, which we successfully replaced.

You are right to be cautious about transferring logs. What you can try first is this:

DR. WEB CUREIT

----------------------

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.

alternate download link

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:

  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Link to post
Share on other sites

Hi, Bamital is what caused the computer to become unbootable; it infects explorer.exe and winlogon.exe, which we successfully replaced.

You are right to be cautious about transferring logs. What you can try first is this:

DR. WEB CUREIT

----------------------

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.

alternate download link

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:

  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Hi

Unfortunately I can't download anything on the infected machine as it is being stopped from connecting to the internet.

Any safe way of getting DrWeb on to the infected machine if I download on to my other PC?

Thanks

Link to post
Share on other sites

Hi, Bamital is what caused the computer to become unbootable; it infects explorer.exe and winlogon.exe, which we successfully replaced.

You are right to be cautious about transferring logs. What you can try first is this:

DR. WEB CUREIT

----------------------

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.

alternate download link

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:

  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Hi Elise

Just to let you know I have to offline now and won't be back until Monday. Thanks for your help to date.

Kind Regards

Link to post
Share on other sites

Hi Elise

OK back now with the DrWeb log. Just to let you know that Ramnit is respawning itself merrily still - Security Essentials was throwing out warnings straight after the reboot. Also I could not boot into Safe mode to run drWeb - it would not accept the login password so had to do it in normal mode. Finally, still am being prevented from accessing the internet from infected machine so copied log onto USB stick

- scanned it to make sure it was clean and am posting this from different PC.

27LCHSU4.htm\VBScript.0;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp\27LCHSU4.htm;Trojan.Inor;;

27LCHSU4.htm;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Container contains infected objects;Moved.;

4F.tmp;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Trojan.DownLoader1.22410;Incurable.Moved.;

9.exe;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Trojan.DownLoader1.23379;Incurable.Moved.;

F.exe;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Trojan.DownLoader1.23379;Incurable.Moved.;

R8MUE3IM.htm\VBScript.0;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp\R8MUE3IM.htm;Trojan.Inor;;

R8MUE3IM.htm;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Container contains infected objects;Moved.;

messages.html\VBScript.0;C:\Documents and Settings\All Users\Application Data\Lenovo\messages\messages.html;Trojan.Inor;;

messages.html;C:\Documents and Settings\All Users\Application Data\Lenovo\messages;Container contains infected objects;Moved.;

{08271F1D-8061-C42E-EA3F-5BF3F6FEA86A}-A0007635.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;

{4B8AF548-BAA5-6582-6589-A8A5806D6237}-A0007634.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.510;Deleted.;

{6C7AD351-6CA4-E52D-93FD-F1C4520D9602}-A0007633.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;

{9597F19F-520C-C8D4-DBDA-07A19ABFFEF8}-A0007635.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;

{B9F117E0-52F7-AEA1-8F68-AB25CD1C4EC8}-A0007633.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;

{D95CF044-2768-AADA-CCC7-240B14EB0800}-ugexo.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;

{DA0A3239-2D42-303B-2AAF-F1A23E0DCFA2}-A0007633.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;

{F8DD06BD-EB54-FD7B-78BB-E2B30AEED6A1}-A0007635.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;

7zAes.dll;C:\Documents and Settings\grantmcgill\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;

7z.dll;C:\Documents and Settings\grantmcgill\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;

jar_cache4568014314664237453.tmp\cpak/Crimepack.class;C:\Documents and Settings\grantmcgill\Local Settings\Temp\jar_cache4568014314664237453.tmp;Exploit.Java.127;;

jar_cache4568014314664237453.tmp;C:\Documents and Settings\grantmcgill\Local Settings\Temp;Archive contains infected objects;Moved.;

jar_cache5742213363573798919.tmp\a4cb9b1a8a5.class;C:\Documents and Settings\grantmcgill\Local Settings\Temp\jar_cache5742213363573798919.tmp;Java.Downloader.89;;

jar_cache5742213363573798919.tmp;C:\Documents and Settings\grantmcgill\Local Settings\Temp;Archive contains infected objects;Moved.;

vnchooks.dll;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSB.tmp;Win32.Rmnet;Cured.;

winvnc.exe;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSB.tmp;Win32.Rmnet;Cured.;

vnchooks.dll;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSC.tmp;Win32.Rmnet;Cured.;

winvnc.exe;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSC.tmp;Win32.Rmnet;Cured.;

ebook.exe;C:\Documents and Settings\grantmcgill\Local Settings\Temp\HSESeasonsGreetings_1285;Win32.Rmnet;Cured.;

OTL[1].exe;C:\Documents and Settings\grantmcgill\Local Settings\Temporary Internet Files\Content.IE5\L3GMITP7;Win32.Rmnet;Cured.;

HiJackThis[1].exe;C:\Documents and Settings\grantmcgill\Local Settings\Temporary Internet Files\Content.IE5\RPM60N1A;Win32.Rmnet;Cured.;

ebook.exe;C:\Documents and Settings\grantmcgill\My Documents\My EBKs\resources;Win32.Rmnet;Cured.;

7zAes.dll;C:\Documents and Settings\lynnejennings\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;

7z.dll;C:\Documents and Settings\lynnejennings\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;

7zAes.dll;C:\Documents and Settings\nadiaforde\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;

7z.dll;C:\Documents and Settings\nadiaforde\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;

7zAes.dll;C:\Documents and Settings\nicoelahazell\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;

7z.dll;C:\Documents and Settings\nicoelahazell\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-3bbda27c-n;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-16882545-n;Win32.Rmnet;Cured.;

gluegen-rt.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-679675f1-n;Win32.Rmnet;Cured.;

jogl.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-117371c9-n;Win32.Rmnet;Cured.;

lzma.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\jre1.6.0_13;Win32.Rmnet;Cured.;

lzma.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\jre1.6.0_15;Win32.Rmnet;Cured.;

7zAes.dll;C:\Documents and Settings\richardhare\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;

7z.dll;C:\Documents and Settings\richardhare\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;

Sched.exe;C:\Documents and Settings\richardhare\Local Settings\Temp;Win32.Rmnet;Cured.;

setup_wm.exe;C:\Documents and Settings\richardhare\Local Settings\Temp;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Documents and Settings\simonbushell\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55ec1eee-n;Win32.Rmnet;Cured.;

gluegen-rt.dll;C:\Documents and Settings\simonbushell\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-688f75e5-n;Win32.Rmnet;Cured.;

jogl.dll;C:\Documents and Settings\simonbushell\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-23172aaa-n;Win32.Rmnet;Cured.;

7zAes.dll;C:\Documents and Settings\simonbushell\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;

7z.dll;C:\Documents and Settings\simonbushell\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;

a3d.dll;C:\drivers\audio;Win32.Rmnet;Cured.;

PostProc.dll;C:\drivers\audio;Win32.Rmnet;Cured.;

SMax4PNP.exe;C:\drivers\audio;Win32.Rmnet;Cured.;

SMWDMIF.dll;C:\drivers\audio;Win32.Rmnet;Cured.;

HDASHCUT.EXE;C:\drivers\other3;Win32.Rmnet;Cured.;

hccutils.dll;C:\drivers\video;Win32.Rmnet;Cured.;

ig4dev32.dll;C:\drivers\video;Win32.Rmnet;Cured.;

ig4icd32.dll;C:\drivers\video;Win32.Rmnet;Cured.;

igfxdev.dll;C:\drivers\video;Win32.Rmnet;Cured.;

igfxdo.dll;C:\drivers\video;Win32.Rmnet;Cured.;

igfxpph.dll;C:\drivers\video;Win32.Rmnet;Cured.;

igldev32.dll;C:\drivers\video;Win32.Rmnet;Cured.;

iglicd32.dll;C:\drivers\video;Win32.Rmnet;Cured.;

igxpco32.dll;C:\drivers\video;Win32.Rmnet;Cured.;

oemdspif.dll;C:\drivers\video;Win32.Rmnet;Cured.;

RSIDLL32.DLL;C:\handpch;Win32.Rmnet;Cured.;

acspecfc.dll;C:\I386;Win32.Rmnet;Cured.;

authz.dll;C:\I386;Win32.Rmnet;Cured.;

browseui.dll;C:\I386;Win32.Rmnet;Cured.;

cdfview.dll;C:\I386;Win32.Rmnet;Cured.;

colbact.dll;C:\I386;Win32.Rmnet;Cured.;

comsvcs.dll;C:\I386;Win32.Rmnet;Cured.;

danim.dll;C:\I386;Win32.Rmnet;Cured.;

es.dll;C:\I386;Win32.Rmnet;Cured.;

extmgr.dll;C:\I386;Win32.Rmnet;Cured.;

gdi32.dll;C:\I386;Win32.Rmnet;Cured.;

hh.exe;C:\I386;Win32.Rmnet;Cured.;

hhsetup.dll;C:\I386;Win32.Rmnet;Cured.;

hlink.dll;C:\I386;Win32.Rmnet;Cured.;

HWDB.DLL;C:\I386;Win32.Rmnet;Cured.;

iepeers.dll;C:\I386;Win32.Rmnet;Cured.;

inseng.dll;C:\I386;Win32.Rmnet;Cured.;

itircl.dll;C:\I386;Win32.Rmnet;Cured.;

itss.dll;C:\I386;Win32.Rmnet;Cured.;

keymgr.dll;C:\I386;Win32.Rmnet;Cured.;

msdtcprx.dll;C:\I386;Win32.Rmnet;Cured.;

msdtctm.dll;C:\I386;Win32.Rmnet;Cured.;

mshtml.dll;C:\I386;Win32.Rmnet;Cured.;

mshtmled.dll;C:\I386;Win32.Rmnet;Cured.;

msrating.dll;C:\I386;Win32.Rmnet;Cured.;

mtxclu.dll;C:\I386;Win32.Rmnet;Cured.;

mtxoci.dll;C:\I386;Win32.Rmnet;Cured.;

NETSETUP.EXE;C:\I386;Win32.Rmnet;Cured.;

ole32.dll;C:\I386;Win32.Rmnet;Cured.;

olecli32.dll;C:\I386;Win32.Rmnet;Cured.;

pngfilt.dll;C:\I386;Win32.Rmnet;Cured.;

quartz.dll;C:\I386;Win32.Rmnet;Cured.;

rpcss.dll;C:\I386;Win32.Rmnet;Cured.;

shdocvw.dll;C:\I386;Win32.Rmnet;Cured.;

shell32.dll;C:\I386;Win32.Rmnet;Cured.;

shlwapi.dll;C:\I386;Win32.Rmnet;Cured.;

spoolsv.exe;C:\I386;Win32.Rmnet;Cured.;

SYSPARSE.EXE;C:\I386;Win32.Rmnet;Cured.;

TELNET.EXE;C:\I386;Win32.Rmnet;Cured.;

txflog.dll;C:\I386;Win32.Rmnet;Cured.;

urlmon.dll;C:\I386;Win32.Rmnet;Cured.;

user32.dll;C:\I386;Win32.Rmnet;Cured.;

wininet.dll;C:\I386;Win32.Rmnet;Cured.;

WINNT32.EXE;C:\I386;Win32.Rmnet;Cured.;

WINNT32A.DLL;C:\I386;Win32.Rmnet;Cured.;

WINNT32U.DLL;C:\I386;Win32.Rmnet;Cured.;

WINNTBBA.DLL;C:\I386;Win32.Rmnet;Cured.;

WINNTBBU.DLL;C:\I386;Win32.Rmnet;Cured.;

winsrv.dll;C:\I386;Win32.Rmnet;Cured.;

WSDU.DLL;C:\I386;Win32.Rmnet;Cured.;

WSDUENG.DLL;C:\I386;Win32.Rmnet;Cured.;

xolehlp.dll;C:\I386;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\ACROBAT;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\EASTMAN;Win32.Rmnet;Cured.;

AWDVSTUB.EXE;C:\I386\WIN9XMIG\FAX;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\FAX;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\HPTOOLS;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\IBMAV;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\MAPI\DLL;Win32.Rmnet;Cured.;

MKNTFRMCACHE.EXE;C:\I386\WIN9XMIG\MAPI\DLL;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\MSI;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\NECKBD;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\NECPA;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\NECWPS;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\OCTOPUS;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\PRINT;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\PWS;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\WIA;Win32.Rmnet;Cured.;

MIGRATE.DLL;C:\I386\WIN9XMIG\WMP;Win32.Rmnet;Cured.;

ISMIG.DLL;C:\I386\WIN9XUPG;Win32.Rmnet;Cured.;

SETUPAPI.DLL;C:\I386\WIN9XUPG;Win32.Rmnet;Cured.;

W95UPG.DLL;C:\I386\WIN9XUPG;Win32.Rmnet;Cured.;

CLUSCOMP.DLL;C:\I386\WINNTUPG;Win32.Rmnet;Cured.;

SPXUPGRD.DLL;C:\I386\WINNTUPG\OEM\SPX\MPS;Win32.Rmnet;Cured.;

TJUPG.DLL;C:\I386\WINNTUPG\OEM\TIGERJET;Win32.Rmnet;Cured.;

msvcr80.dll;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C;Win32.Rmnet;Cured.;

ACE.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

AdobeXMP.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

AGM.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

ARE.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

AXE16SharedExpat.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

AXE8SharedExpat.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

BIB.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

BIBUtils.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

JP2KLib.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

PDFL70.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;

PrnInstaller.exe;C:\Program Files\ABBYY PDF Transformer 2.0\PDF X-Change;Win32.Rmnet;Cured.;

Ainfo.exe;C:\Program Files\ABBYY PDF Transformer 2.0\Support;Win32.Rmnet;Cured.;

Ainfo0.dll;C:\Program Files\ABBYY PDF Transformer 2.0\Support;Win32.Rmnet;Cured.;

Engine0.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;

MorphoRes0.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;

ScanToOffice0.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;

ScanToOfficeShared.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;

ScanMan0.dll;C:\Program Files\ABBYY ScanTo Office 1.0\Scan;Win32.Rmnet;Cured.;

Ainfo.exe;C:\Program Files\ABBYY ScanTo Office 1.0\Support;Win32.Rmnet;Cured.;

Ainfo0.dll;C:\Program Files\ABBYY ScanTo Office 1.0\Support;Win32.Rmnet;Cured.;

AdobeOLS.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

AdobeUpdateManager.exe;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

AUM21.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

ImageLibrary.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

OperaMgr.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

prefrences.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

PsaProxy.exe;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

qt-mt.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;

ADB2.EXE;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Shared_Assets\locales\en_gb;Win32.Rmnet;Cured.;

AiodLite.dll;C:\Program Files\Adobe\Reader 8.0\Esl;Win32.Rmnet;Cured.;

ACE.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;

Acrofx32.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;

AdobeXMP.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;

AGM.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;

rt3d.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;

smax4pnp.exe;C:\Program Files\Analog Devices\Core;Win32.Rmnet;Cured.;

smwdmif.dll;C:\Program Files\Analog Devices\Core;Win32.Rmnet;Cured.;

AEEnable.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;

DevSetup.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;

ListEnv.dll;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;

MicTab.dll;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;

SMax4.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;

SMax4Wiz.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;

malfile.exe;C:\Program Files\AvantGo Connect;Win32.Rmnet;Cured.;

malssp.dll;C:\Program Files\AvantGo Connect;Win32.Rmnet;Cured.;

agmal.dll;C:\Program Files\AvantGo Connect\AvantGo;Win32.Rmnet;Cured.;

agproxy.dll;C:\Program Files\AvantGo Connect\AvantGo;Win32.Rmnet;Cured.;

agsubs.exe;C:\Program Files\AvantGo Connect\AvantGo;Win32.Rmnet;Cured.;

IGeared_tavgp_xputils2.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;

IGeared_tavgp_xputils3.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;

IGeared_tavgp_xputils35.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;

xpavgtbapi.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;

IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;

IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;

IDriverT.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;

iGdiCnv.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;

IScrCnv.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;

ISRT.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;

IUserCnv.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;

IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;

IScript7.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;

ISRT.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;

IUser7.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;

_ISRES1033.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;

ctor.dll;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Rmnet;Cured.;

ILog.dll;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Rmnet;Cured.;

iuser.dll;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Rmnet;Cured.;

iscript.dll;C:\Program Files\Common Files\InstallShield\IScript;Win32.Rmnet;Cured.;

iKernel.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32;Win32.Rmnet;Cured.;

iscript.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32;Win32.Rmnet;Cured.;

iuser.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32;Win32.Rmnet;Cured.;

iKernel.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Rmnet;Cured.;

iscript.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Rmnet;Cured.;

iuser.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Rmnet;Cured.;

regutils.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Rmnet;Cured.;

regutils.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Rmnet;Cured.;

crmw.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

delay.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

dm.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

i2cinst.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

instdrvw.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

MsgBox.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

ndisk.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

nspect.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

paapp.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

pmemw.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

psainst.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

RebootHDD.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

smptr.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

TOC.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

tvtbioschk.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

tvtutilspy.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

xml4c_5_5.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;

funzip.exe;C:\Program Files\Common Files\Lenovo\infozip\unzip;Win32.Rmnet;Cured.;

unzip.exe;C:\Program Files\Common Files\Lenovo\infozip\unzip;Win32.Rmnet;Cured.;

unzipsfx.exe;C:\Program Files\Common Files\Lenovo\infozip\unzip;Win32.Rmnet;Cured.;

zip.exe;C:\Program Files\Common Files\Lenovo\infozip\zip;Win32.Rmnet;Cured.;

zipnote.exe;C:\Program Files\Common Files\Lenovo\infozip\zip;Win32.Rmnet;Cured.;

zipsplit.exe;C:\Program Files\Common Files\Lenovo\infozip\zip;Win32.Rmnet;Cured.;

kehelper.dll;C:\Program Files\Common Files\Lenovo\InvAgent;Win32.Rmnet;Cured.;

proxy.dll;C:\Program Files\Common Files\Lenovo\InvAgent;Win32.Rmnet;Cured.;

XmlWriter.dll;C:\Program Files\Common Files\Lenovo\InvAgent;Win32.Rmnet;Cured.;

adapter.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

devices.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

diskinfo.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

firmware.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

ide.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

memory.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

netsetting.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

norton.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

pci.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

processes.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

regional.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

scsi.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

security.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

smbios.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

startup.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

tater.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

timezone.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

usage.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;

mapdrv.exe;C:\Program Files\Common Files\Lenovo\MND;Win32.Rmnet;Cured.;

netsvcinst.exe;C:\Program Files\Common Files\Lenovo\pfdinst;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\Common Files\Lenovo\Python24\DLLs;Win32.Rmnet;Cured.;

tcl84.dll;C:\Program Files\Common Files\Lenovo\Python24\DLLs;Win32.Rmnet;Cured.;

tk84.dll;C:\Program Files\Common Files\Lenovo\Python24\DLLs;Win32.Rmnet;Cured.;

wininst-6.exe;C:\Program Files\Common Files\Lenovo\Python24\Lib\distutils\command;Win32.Rmnet;Cured.;

wininst-7.1.exe;C:\Program Files\Common Files\Lenovo\Python24\Lib\distutils\command;Win32.Rmnet;Cured.;

reloadsched.exe;C:\Program Files\Common Files\Lenovo\Scheduler;Win32.Rmnet;Cured.;

BuildTOC.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;

FCopier.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;

RRMedia.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;

signiso.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;

USP10.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE11;Win32.Rmnet;Cured.;

context.html;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\HTML;Win32.HLLM.Graz;Deleted.;

ATL70.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

CMDDEF.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

Compsvcspkg.dll;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

CSSPKG.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

HTMDLGS.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

HTMED.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

MSENV.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

MSVCR70.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

MSVCR71.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

TRIDSN.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

VisualStudioTeamCore.dll;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

VSBROWSE.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

VSTLBINF.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;

MSTHES3.DLL;C:\Program Files\Common Files\Microsoft Shared\PROOF;Win32.Rmnet;Cured.;

msxml3.dll;C:\Program Files\Common Files\Microsoft Shared\SFPCA Cache;Win32.Rmnet;Cured.;

MSB1STAR.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT;Win32.Rmnet;Cured.;

WTSP61MS.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT;Win32.Rmnet;Cured.;

MSB1ESEN.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN;Win32.Rmnet;Cured.;

MSB1FREN.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN;Win32.Rmnet;Cured.;

msdia80.dll;C:\Program Files\Common Files\Microsoft Shared\VC;Win32.Rmnet;Cured.;

coloader.dll;C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG;Win32.Rmnet;Cured.;

L50Options.dll;C:\Program Files\Common Files\Sage Line50;Win32.Rmnet;Cured.;

RegisterFunctions.exe;C:\Program Files\Common Files\Sage Line50;Win32.Rmnet;Cured.;

SgOffice.dll;C:\Program Files\Common Files\Sage Office Integration;Win32.Rmnet;Cured.;

cdintf.dll;C:\Program Files\Common Files\Sage Payroll\SagePDFGenerator;Win32.Rmnet;Cured.;

Install.exe;C:\Program Files\Common Files\Sage Payroll\SagePDFGenerator;Win32.Rmnet;Cured.;

PaySDO2HR.dll;C:\Program Files\Common Files\Sage Payroll SDO;Win32.Rmnet;Cured.;

PaySdoCompanyList.dll;C:\Program Files\Common Files\Sage Payroll SDO;Win32.Rmnet;Cured.;

PaySdoCore.dll;C:\Program Files\Common Files\Sage Payroll SDO;Win32.Rmnet;Cured.;

MFC71.dll;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;

MSICrlPCU.dll;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;

primosdk.DLL;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;

Connect.exe;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;

DkMsg.dll;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;

DkServiceMsg.exe;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;

ShowHtml.exe;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;

iedvtool.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;

jsdbgui.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;

jsdebuggeride.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;

JSProfilerCore.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;

jsprofilerui.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;

AppRegAgent.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

ComTruSurroundXT.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

DHIVI.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

DMO_TSXT.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

DownmixDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

DSPDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

expDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

GPIProxy.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

InstActivation.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

IviContainerDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

timestretchDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

viFxMvft.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;

ComTruSurroundXT.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

DHIVI.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

DMO_TSXT.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

DownmixDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

DSPDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

expDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

GPIProxy.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

IviContainerDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

SNX_HID.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

timestretchDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

viFxMvft.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

WinDVD.exe;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;

deploy.dll;C:\Program Files\Java\jre1.5.0_06\bin;Win32.Rmnet;Cured.;

JavaWebStart.dll;C:\Program Files\Java\jre1.5.0_06\bin;Win32.Rmnet;Cured.;

axbridge.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

cmm.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

deploy.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

hpi.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

hprof.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

instrument.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

j2pkcs11.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

java-rmi.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

java.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

java.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

javacpl.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

javaw.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

javaws.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

jdwp.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

jli.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

jpiexp.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

jpinscp.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

jpioji.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

jpishare.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

keytool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

kinit.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

klist.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

ktab.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

management.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

net.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

npjava11.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

npjava12.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

npjava13.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

npjava14.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

npjava32.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

npoji610.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

orbd.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

pack200.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

policytool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

regutils.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

rmid.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

rmiregistry.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

servertool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

splashscreen.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

tnameserv.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

wsdetect.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;

jvm.dll;C:\Program Files\Java\jre1.6.0_03\bin\client;Win32.Rmnet;Cured.;

axbridge.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

cmm.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

deploy.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

hpi.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

hprof.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

instrument.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

j2pkcs11.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

java-rmi.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

java.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

java.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

javacpl.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

javaw.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

javaws.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

jdwp.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

jli.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

jpiexp.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

jpinscp.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

jpioji.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

jpishare.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

keytool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

kinit.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

klist.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

ktab.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

management.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

net.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

npjava11.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

npjava12.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

npjava13.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

npjava14.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

npjava32.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

npoji610.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

orbd.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

pack200.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

policytool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

regutils.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

rmid.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

rmiregistry.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

servertool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

splashscreen.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

tnameserv.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

wsdetect.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;

jvm.dll;C:\Program Files\Java\jre1.6.0_05\bin\client;Win32.Rmnet;Cured.;

axbridge.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

cmm.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

deploy.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

hpi.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

hprof.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

instrument.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

j2pkcs11.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

java.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jdwp.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jkernel.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jli.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jpicom.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jpiexp.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jpinscp.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jpioji.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jpishare.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

management.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

net.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

npoji610.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

regutils.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

splashscreen.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

wsdetect.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;

jvm.dll;C:\Program Files\Java\jre6\bin\client;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\Java\jre6\bin\new_plugin;Win32.Rmnet;Cured.;

npjp2.dll;C:\Program Files\Java\jre6\bin\new_plugin;Win32.Rmnet;Cured.;

lzma.dll;C:\Program Files\Java\jre6\lib\deploy;Win32.Rmnet;Cured.;

jqs_plugin.dll;C:\Program Files\Java\jre6\lib\deploy\jqs\ie;Win32.Rmnet;Cured.;

rnr_tpc.dll;C:\Program Files\Lenovo;Win32.Rmnet;Cured.;

AULauncherUtilities.exe;C:\Program Files\Lenovo\Active Update;Win32.Rmnet;Cured.;

br_check.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

br_funcs.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

burnCd.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

getinfo.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

osrestore.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

overinstall.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

pe_masterpw_app.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

pui.dll;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

rejuvenate_gui.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

rejuvenate_process_status.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

RestoreNow.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

rnr_banner.dll;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

rnr_gui.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

rrcmd.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

rrsync.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

rr_res.dll;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

setpwd.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

wizrr.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;

CSSCertificates.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

R2R.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

RegFix.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

SeedLink.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

SmaService.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

TVTSMA.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

UnZip32.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

util.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

Zip32.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;

r2r.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin\apply;Win32.Rmnet;Cured.;

mapdrv.exe;C:\Program Files\Lenovo\System Update;Win32.Rmnet;Cured.;

kehelper.dll;C:\Program Files\Lenovo\System Update\egather;Win32.Rmnet;Cured.;

proxy.dll;C:\Program Files\Lenovo\System Update\egather;Win32.Rmnet;Cured.;

XmlWriter.dll;C:\Program Files\Lenovo\System Update\egather;Win32.Rmnet;Cured.;

adapter.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

devices.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

diskinfo.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

firmware.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

ide.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

memory.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

netsetting.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

norton.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

pci.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

processes.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

regional.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

scsi.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

security.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

smbios.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

startup.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

tater.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

timezone.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

usage.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;

msconv97.dll;C:\Program Files\Microsoft ActiveSync;Win32.Rmnet;Cured.;

pwiww6.dll;C:\Program Files\Microsoft ActiveSync;Win32.Rmnet;Cured.;

pwiww8.dll;C:\Program Files\Microsoft ActiveSync;Win32.Rmnet;Cured.;

MSVCR70.DLL;C:\Program Files\Microsoft Office\OFFICE11\VS Runtime;Win32.Rmnet;Cured.;

EXCHCSP.DLL;C:\Program Files\Microsoft Office\Office12;Win32.Rmnet;Cured.;

USP10.DLL;C:\Program Files\Microsoft Office\Office12;Win32.Rmnet;Cured.;

MSVCR71.DLL;C:\Program Files\Microsoft Office\Office12\ADDINS;Win32.Rmnet;Cured.;

default.htm\VBScript.0;C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\default.htm;Trojan.Inor;;

default.htm;C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US;Container contains infected objects;Moved.;

sqlvdi.dll;C:\Program Files\Microsoft SQL Server\80\COM;Win32.Rmnet;Cured.;

SQLDMO.DLL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;Win32.Rmnet;Cured.;

sqlvdi.dll;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;Win32.Rmnet;Cured.;

msvcr80.dll;C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap;Win32.Rmnet;Cured.;

obelog.dll;C:\Program Files\MSN\MSNCoreFiles\OOBE;Win32.Rmnet;Cured.;

obemetal.dll;C:\Program Files\MSN\MSNCoreFiles\OOBE;Win32.Rmnet;Cured.;

obepopc.dll;C:\Program Files\MSN\MSNCoreFiles\OOBE;Win32.Rmnet;Cured.;

gsdll32.dll;C:\Program Files\Nitro PDF\PrimoPDF;Win32.Rmnet;Cured.;

PrimDel.exe;C:\Program Files\Nitro PDF\PrimoPDF;Win32.Rmnet;Cured.;

PrimInst.exe;C:\Program Files\Nitro PDF\PrimoPDF;Win32.Rmnet;Cured.;

msvcr80.dll;C:\Program Files\Norton PC Checkup;Win32.Rmnet;Cured.;

msvcr80.dll;C:\Program Files\Norton PC Checkup\executables\nss;Win32.Rmnet;Cured.;

msvcr80.dll;C:\Program Files\Norton PC Checkup\executables\productScanner;Win32.Rmnet;Cured.;

msvcr80.dll;C:\Program Files\Norton PC Checkup\Microsoft.VC80.CRT;Win32.Rmnet;Cured.;

msvcr80.dll;C:\Program Files\Norton Security Scan;Win32.Rmnet;Cured.;

Asapi.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

Dapi5.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

Http.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

libModuleCommon.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

MFC71u.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

msvcr71.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

Nfca.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

OSWindows.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

PCBEEP.exe;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

Pcd5Services.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

pcdr2d3dvideodx9.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

ProgressTrace.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

RunProfiler.exe;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

Scsi.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

SSE3DLL.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;

cleanup.exe;C:\Program Files\PCDR5\xjre\bin;Win32.Rmnet;Cured.;

java.dll;C:\Program Files\PCDR5\xjre\bin;Win32.Rmnet;Cured.;

jvm.dll;C:\Program Files\PCDR5\xjre\bin\jetvm;Win32.Rmnet;Cured.;

baseline410.dll;C:\Program Files\PCDR5\xjre\jetrt;Win32.Rmnet;Cured.;

xlink410.dll;C:\Program Files\PCDR5\xjre\jetrt;Win32.Rmnet;Cured.;

sol.exe;C:\Program Files\sys2;Trojan.DownLoader1.22981;Incurable.Moved.;

index_t.html\VBScript.0;C:\Program Files\ThinkVantage\ALRN\index_t.html;Trojan.Inor;;

index_t.html;C:\Program Files\ThinkVantage\ALRN;Container contains infected objects;Moved.;

message_t.html\VBScript.0;C:\Program Files\ThinkVantage\AMSG\message_t.html;Trojan.Inor;;

message_t.html;C:\Program Files\ThinkVantage\AMSG;Container contains infected objects;Moved.;

vncviewer.exe;C:\Program Files\UltraVNC;Program.RemoteAdmin.37;Incurable.Moved.;

eGathComp.html\VBScript.0;C:\SWSHARE\eGathComp.html;Trojan.Inor;;

eGathComp.html;C:\SWSHARE;Container contains infected objects;Moved.;

index_t.html\VBScript.0;C:\swtools\APPS\alrn\exe\index_t.html;Trojan.Inor;;

index_t.html;C:\swtools\APPS\alrn\exe;Container contains infected objects;Moved.;

message_t.html\VBScript.0;C:\swtools\APPS\amsg\exe\message_t.html;Trojan.Inor;;

message_t.html;C:\swtools\APPS\amsg\exe;Container contains infected objects;Moved.;

A0033409.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0033410.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.510;Deleted.;

A0033411.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0033412.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0033413.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0033414.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0033415.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0033416.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0033481.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Program.RemoteAdmin.37;Invalid path to file ;

A0033489.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.DownLoader1.22981;Incurable.Moved.;

A0038427.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0038428.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.510;Deleted.;

A0038429.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0038430.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0038431.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0038432.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0038433.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0038434.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;

A0038599.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Program.RemoteAdmin.37;Invalid path to file ;

A0038605.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.DownLoader1.22981;Incurable.Moved.;

A0043169.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Win32.Rmnet;Cured.;

Thanks

Link to post
Share on other sites

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a sm

Link to post
Share on other sites

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a sm

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.