richardh Posted September 21, 2010 ID:316359 Share Posted September 21, 2010 Good MorningI was infected by the fake security software and browser redirect viruses on a Windows XP machine.I used MBAM and Microsoft Security Essentials to, on the face of it, deal with them, but now I am seeing the Ramnit virus which looks tricky to deal with. I am currently running a full Microsoft scan which is generating lots of Ramnit.E entires but looking at other posts, that is not likely to fix the problem contrary to what Microsoft's own site suggests.Could you kindly walk me through the steps needed to ensure this is cleaned properly.Thanks Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317397 Share Posted September 23, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the Quick Scan button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay. Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317418 Share Posted September 23, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the Quick Scan button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay.Hi EliseThank you for helping.This is what happened. I downloaded and ran OTL and got the two notepad reports. Then whilst trying to download Rootkit unhooker the internet connection was broken and would not reconnect.Microsoft Security Essentials had identified a number of malware items and so I requested cleanup. I then rebooted but PC will no longer boot up to log in window even in Safe Mode - it just cycles through partially boot close down , automatic reboot close down etc.Help! Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317431 Share Posted September 23, 2010 Hi, a few things here.Ramnit is a very annoying infection as it infects many files and even one file left will cause the whole system to reinfect.We should still be able to recover your system but it may take a while. Can you please let me know if you have your windows install CD, which version of windows you are running and exactly at which point your computer restarts. Do you see a blue screen? If so, please note down the stop code. Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317444 Share Posted September 23, 2010 Hi, a few things here.Ramnit is a very annoying infection as it infects many files and even one file left will cause the whole system to reinfect.We should still be able to recover your system but it may take a while. Can you please let me know if you have your windows install CD, which version of windows you are running and exactly at which point your computer restarts. Do you see a blue screen? If so, please note down the stop code.Hi EliseThanks for the reply.In answer to your questions:1. sorry no Windows CD2. Windows XP3. Restarts after blue screen shows for a few seconds but no stop code visibleThanks Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317452 Share Posted September 23, 2010 Lets first try to get that BSOD code. Let me also know exactly at which point the system crashes. Do you still see the XP splash screen, does it get past that and if so, how much?We Need to Diagnose Your BlueScreenWhen you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe ModeSelect "Disable Automatic Restart on System Failure", as shown here:When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:Please post me the error(s). Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317461 Share Posted September 23, 2010 Lets first try to get that BSOD code. Let me also know exactly at which point the system crashes. Do you still see the XP splash screen, does it get past that and if so, how much?We Need to Diagnose Your BlueScreenWhen you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe ModeSelect "Disable Automatic Restart on System Failure", as shown here:When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:Please post me the error(s).Hi EliseOK here goes"STOP c000021a (Fatal System error)The Windows Logon System process terminated unexpectedly with a status of 0 x c0000005 (0 x 00000000 0 x 00000000)" Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317468 Share Posted September 23, 2010 Okay, that gives us a clear indication of the problem. Please download ARCDC from Artellos.com.Double click ARCDC.exeFollow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3You will be prompted with a Terms of Use by Microsoft, please accept.You will see a few dos screens flash by, this is normal.Next you will be able to choose to add extra files. Select the Default Files.The last window will allow you to burn the disk using BurnCDCCYour ISO is located on your desktop. Insert the CD-ROM into the CD-ROM drive, and then restart the computer.If your PC is not booting from the CD, you need to change the boot order:Restart your PC As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key. Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change. Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order The tab should now show your current boot order. If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily. Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.[*]Your PC should now boot from your XP-CD.Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.[*]When the "Welcome to Setup" screen appears, press R to start the Recovery Console.[*]When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.[*]A command prompt will openType the following lines and press enter after each one. If you are asked at any point to overwrite, choose Yes.copy c:\windows\servicepackfiles\i386\explorer.exe explorer.execd system32copy c:\windows\servicepackfiles\i386\winlogon.exe winlogon.exeexitYour computer will now reboot. Let me know how things are. Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317493 Share Posted September 23, 2010 Okay, that gives us a clear indication of the problem. Please download ARCDC from Artellos.com.Double click ARCDC.exeFollow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3You will be prompted with a Terms of Use by Microsoft, please accept.You will see a few dos screens flash by, this is normal.Next you will be able to choose to add extra files. Select the Default Files.The last window will allow you to burn the disk using BurnCDCCYour ISO is located on your desktop. Insert the CD-ROM into the CD-ROM drive, and then restart the computer.If your PC is not booting from the CD, you need to change the boot order:Restart your PC As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key. Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change. Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order The tab should now show your current boot order. If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily. Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.[*]Your PC should now boot from your XP-CD.Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.[*]When the "Welcome to Setup" screen appears, press R to start the Recovery Console.[*]When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.[*]A command prompt will openType the following lines and press enter after each one. If you are asked at any point to overwrite, choose Yes.copy c:\windows\servicepackfiles\i386\explorer.exe explorer.execd system32copy c:\windows\servicepackfiles\i386\winlogon.exe winlogon.exeexitYour computer will now reboot. Let me know how things are.HiGot into the Recovery console but am being asked which Windows Installation I would like to log onto.Not sure what it is looking for here? Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317509 Share Posted September 23, 2010 Sorry, that step somehow disappeared from my instructions: should be 1. c:\windows (type 1) Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317519 Share Posted September 23, 2010 Sorry, that step somehow disappeared from my instructions: should be 1. c:\windows (type 1)Hi EliseOK I did all that successfully to the point where PC rebooted - it went in to the Setup screen again and I opted to continue to set up Windows at which point it says cannot find EULA.What next ?Thanks Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317524 Share Posted September 23, 2010 You don't have to choose that option, you have to do this:When the "Welcome to Setup" screen appears, press R to start the Recovery Console. Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317532 Share Posted September 23, 2010 You don't have to choose that option, you have to do this:Hi EliseMaybe I did not explain correctly. I have been through the Recovery Console process you describe above - typed in the lines etc and it rebooted. What should I do then? Did you mean me to go back in to Recovery console again as per your previous post - if so what do I do when I am there?Thanks Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317535 Share Posted September 23, 2010 At this point, can you reboot normally in windows or do you still get the same blue screen?When rebooting you have to remove the CD, otherwise it will boot again from it, and we don't want that. Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317538 Share Posted September 23, 2010 At this point, can you reboot normally in windows or do you still get the same blue screen?When rebooting you have to remove the CD, otherwise it will boot again from it, and we don't want that.HiOK have been able to log back in to Windows normally.Do you want me to go back to downloading RootKit Remover or will that prompt same problem we have just overcome?Thanks Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317541 Share Posted September 23, 2010 No, that was a specific infection that caused this problem, please post the requested logs. Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317550 Share Posted September 23, 2010 No, that was a specific infection that caused this problem, please post the requested logs.HiIt is not letting me connect to the internet to download RootKit toolI am concerned about spreading the virus if I copy the OTL logs on to a USB stick and post them from a different machine. Is that a risk?Also as well as showing Ramnit.E about 57 times there is also Bamital.D showing in Microsoft Security essentials.Bit stuck here!Thanks Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317554 Share Posted September 23, 2010 Hi, Bamital is what caused the computer to become unbootable; it infects explorer.exe and winlogon.exe, which we successfully replaced.You are right to be cautious about transferring logs. What you can try first is this:DR. WEB CUREIT----------------------Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.Please be patient as this scan could take a long time to complete.When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.Click Select All, then choose Cure > Move incurable.In the top menu, click file and choose save report list.Save the DrWeb.csv report to your desktop.Exit Dr.Web Cureit when done.Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report) Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317557 Share Posted September 23, 2010 Hi, Bamital is what caused the computer to become unbootable; it infects explorer.exe and winlogon.exe, which we successfully replaced.You are right to be cautious about transferring logs. What you can try first is this:DR. WEB CUREIT----------------------Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.Please be patient as this scan could take a long time to complete.When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.Click Select All, then choose Cure > Move incurable.In the top menu, click file and choose save report list.Save the DrWeb.csv report to your desktop.Exit Dr.Web Cureit when done.Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)HiUnfortunately I can't download anything on the infected machine as it is being stopped from connecting to the internet.Any safe way of getting DrWeb on to the infected machine if I download on to my other PC?Thanks Link to post Share on other sites More sharing options...
richardh Posted September 23, 2010 Author ID:317559 Share Posted September 23, 2010 Hi, Bamital is what caused the computer to become unbootable; it infects explorer.exe and winlogon.exe, which we successfully replaced.You are right to be cautious about transferring logs. What you can try first is this:DR. WEB CUREIT----------------------Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.Please be patient as this scan could take a long time to complete.When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.Click Select All, then choose Cure > Move incurable.In the top menu, click file and choose save report list.Save the DrWeb.csv report to your desktop.Exit Dr.Web Cureit when done.Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)Hi EliseJust to let you know I have to offline now and won't be back until Monday. Thanks for your help to date.Kind Regards Link to post Share on other sites More sharing options...
Elise Posted September 23, 2010 ID:317603 Share Posted September 23, 2010 No problem, thank you for letting me know. Link to post Share on other sites More sharing options...
richardh Posted September 28, 2010 Author ID:319765 Share Posted September 28, 2010 Hi EliseOK back now with the DrWeb log. Just to let you know that Ramnit is respawning itself merrily still - Security Essentials was throwing out warnings straight after the reboot. Also I could not boot into Safe mode to run drWeb - it would not accept the login password so had to do it in normal mode. Finally, still am being prevented from accessing the internet from infected machine so copied log onto USB stick- scanned it to make sure it was clean and am posting this from different PC.27LCHSU4.htm\VBScript.0;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp\27LCHSU4.htm;Trojan.Inor;;27LCHSU4.htm;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Container contains infected objects;Moved.;4F.tmp;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Trojan.DownLoader1.22410;Incurable.Moved.;9.exe;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Trojan.DownLoader1.23379;Incurable.Moved.;F.exe;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Trojan.DownLoader1.23379;Incurable.Moved.;R8MUE3IM.htm\VBScript.0;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp\R8MUE3IM.htm;Trojan.Inor;;R8MUE3IM.htm;C:\DOCUME~1\GRANTM~1\LOCALS~1\Temp;Container contains infected objects;Moved.;messages.html\VBScript.0;C:\Documents and Settings\All Users\Application Data\Lenovo\messages\messages.html;Trojan.Inor;;messages.html;C:\Documents and Settings\All Users\Application Data\Lenovo\messages;Container contains infected objects;Moved.;{08271F1D-8061-C42E-EA3F-5BF3F6FEA86A}-A0007635.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;{4B8AF548-BAA5-6582-6589-A8A5806D6237}-A0007634.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.510;Deleted.;{6C7AD351-6CA4-E52D-93FD-F1C4520D9602}-A0007633.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;{9597F19F-520C-C8D4-DBDA-07A19ABFFEF8}-A0007635.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;{B9F117E0-52F7-AEA1-8F68-AB25CD1C4EC8}-A0007633.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;{D95CF044-2768-AADA-CCC7-240B14EB0800}-ugexo.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;{DA0A3239-2D42-303B-2AAF-F1A23E0DCFA2}-A0007633.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;{F8DD06BD-EB54-FD7B-78BB-E2B30AEED6A1}-A0007635.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.PWS.Panda.387;Deleted.;7zAes.dll;C:\Documents and Settings\grantmcgill\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;7z.dll;C:\Documents and Settings\grantmcgill\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;jar_cache4568014314664237453.tmp\cpak/Crimepack.class;C:\Documents and Settings\grantmcgill\Local Settings\Temp\jar_cache4568014314664237453.tmp;Exploit.Java.127;;jar_cache4568014314664237453.tmp;C:\Documents and Settings\grantmcgill\Local Settings\Temp;Archive contains infected objects;Moved.;jar_cache5742213363573798919.tmp\a4cb9b1a8a5.class;C:\Documents and Settings\grantmcgill\Local Settings\Temp\jar_cache5742213363573798919.tmp;Java.Downloader.89;;jar_cache5742213363573798919.tmp;C:\Documents and Settings\grantmcgill\Local Settings\Temp;Archive contains infected objects;Moved.;vnchooks.dll;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSB.tmp;Win32.Rmnet;Cured.;winvnc.exe;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSB.tmp;Win32.Rmnet;Cured.;vnchooks.dll;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSC.tmp;Win32.Rmnet;Cured.;winvnc.exe;C:\Documents and Settings\grantmcgill\Local Settings\Temp\7zSC.tmp;Win32.Rmnet;Cured.;ebook.exe;C:\Documents and Settings\grantmcgill\Local Settings\Temp\HSESeasonsGreetings_1285;Win32.Rmnet;Cured.;OTL[1].exe;C:\Documents and Settings\grantmcgill\Local Settings\Temporary Internet Files\Content.IE5\L3GMITP7;Win32.Rmnet;Cured.;HiJackThis[1].exe;C:\Documents and Settings\grantmcgill\Local Settings\Temporary Internet Files\Content.IE5\RPM60N1A;Win32.Rmnet;Cured.;ebook.exe;C:\Documents and Settings\grantmcgill\My Documents\My EBKs\resources;Win32.Rmnet;Cured.;7zAes.dll;C:\Documents and Settings\lynnejennings\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;7z.dll;C:\Documents and Settings\lynnejennings\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;7zAes.dll;C:\Documents and Settings\nadiaforde\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;7z.dll;C:\Documents and Settings\nadiaforde\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;7zAes.dll;C:\Documents and Settings\nicoelahazell\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;7z.dll;C:\Documents and Settings\nicoelahazell\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;msvcr71.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-3bbda27c-n;Win32.Rmnet;Cured.;msvcr71.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-16882545-n;Win32.Rmnet;Cured.;gluegen-rt.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-679675f1-n;Win32.Rmnet;Cured.;jogl.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-117371c9-n;Win32.Rmnet;Cured.;lzma.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\jre1.6.0_13;Win32.Rmnet;Cured.;lzma.dll;C:\Documents and Settings\richardhare\Application Data\Sun\Java\jre1.6.0_15;Win32.Rmnet;Cured.;7zAes.dll;C:\Documents and Settings\richardhare\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;7z.dll;C:\Documents and Settings\richardhare\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;Sched.exe;C:\Documents and Settings\richardhare\Local Settings\Temp;Win32.Rmnet;Cured.;setup_wm.exe;C:\Documents and Settings\richardhare\Local Settings\Temp;Win32.Rmnet;Cured.;msvcr71.dll;C:\Documents and Settings\simonbushell\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55ec1eee-n;Win32.Rmnet;Cured.;gluegen-rt.dll;C:\Documents and Settings\simonbushell\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-688f75e5-n;Win32.Rmnet;Cured.;jogl.dll;C:\Documents and Settings\simonbushell\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-23172aaa-n;Win32.Rmnet;Cured.;7zAes.dll;C:\Documents and Settings\simonbushell\Local Settings\Application Data\Seven Zip\Codecs;Win32.Rmnet;Cured.;7z.dll;C:\Documents and Settings\simonbushell\Local Settings\Application Data\Seven Zip\Formats;Win32.Rmnet;Cured.;a3d.dll;C:\drivers\audio;Win32.Rmnet;Cured.;PostProc.dll;C:\drivers\audio;Win32.Rmnet;Cured.;SMax4PNP.exe;C:\drivers\audio;Win32.Rmnet;Cured.;SMWDMIF.dll;C:\drivers\audio;Win32.Rmnet;Cured.;HDASHCUT.EXE;C:\drivers\other3;Win32.Rmnet;Cured.;hccutils.dll;C:\drivers\video;Win32.Rmnet;Cured.;ig4dev32.dll;C:\drivers\video;Win32.Rmnet;Cured.;ig4icd32.dll;C:\drivers\video;Win32.Rmnet;Cured.;igfxdev.dll;C:\drivers\video;Win32.Rmnet;Cured.;igfxdo.dll;C:\drivers\video;Win32.Rmnet;Cured.;igfxpph.dll;C:\drivers\video;Win32.Rmnet;Cured.;igldev32.dll;C:\drivers\video;Win32.Rmnet;Cured.;iglicd32.dll;C:\drivers\video;Win32.Rmnet;Cured.;igxpco32.dll;C:\drivers\video;Win32.Rmnet;Cured.;oemdspif.dll;C:\drivers\video;Win32.Rmnet;Cured.;RSIDLL32.DLL;C:\handpch;Win32.Rmnet;Cured.;acspecfc.dll;C:\I386;Win32.Rmnet;Cured.;authz.dll;C:\I386;Win32.Rmnet;Cured.;browseui.dll;C:\I386;Win32.Rmnet;Cured.;cdfview.dll;C:\I386;Win32.Rmnet;Cured.;colbact.dll;C:\I386;Win32.Rmnet;Cured.;comsvcs.dll;C:\I386;Win32.Rmnet;Cured.;danim.dll;C:\I386;Win32.Rmnet;Cured.;es.dll;C:\I386;Win32.Rmnet;Cured.;extmgr.dll;C:\I386;Win32.Rmnet;Cured.;gdi32.dll;C:\I386;Win32.Rmnet;Cured.;hh.exe;C:\I386;Win32.Rmnet;Cured.;hhsetup.dll;C:\I386;Win32.Rmnet;Cured.;hlink.dll;C:\I386;Win32.Rmnet;Cured.;HWDB.DLL;C:\I386;Win32.Rmnet;Cured.;iepeers.dll;C:\I386;Win32.Rmnet;Cured.;inseng.dll;C:\I386;Win32.Rmnet;Cured.;itircl.dll;C:\I386;Win32.Rmnet;Cured.;itss.dll;C:\I386;Win32.Rmnet;Cured.;keymgr.dll;C:\I386;Win32.Rmnet;Cured.;msdtcprx.dll;C:\I386;Win32.Rmnet;Cured.;msdtctm.dll;C:\I386;Win32.Rmnet;Cured.;mshtml.dll;C:\I386;Win32.Rmnet;Cured.;mshtmled.dll;C:\I386;Win32.Rmnet;Cured.;msrating.dll;C:\I386;Win32.Rmnet;Cured.;mtxclu.dll;C:\I386;Win32.Rmnet;Cured.;mtxoci.dll;C:\I386;Win32.Rmnet;Cured.;NETSETUP.EXE;C:\I386;Win32.Rmnet;Cured.;ole32.dll;C:\I386;Win32.Rmnet;Cured.;olecli32.dll;C:\I386;Win32.Rmnet;Cured.;pngfilt.dll;C:\I386;Win32.Rmnet;Cured.;quartz.dll;C:\I386;Win32.Rmnet;Cured.;rpcss.dll;C:\I386;Win32.Rmnet;Cured.;shdocvw.dll;C:\I386;Win32.Rmnet;Cured.;shell32.dll;C:\I386;Win32.Rmnet;Cured.;shlwapi.dll;C:\I386;Win32.Rmnet;Cured.;spoolsv.exe;C:\I386;Win32.Rmnet;Cured.;SYSPARSE.EXE;C:\I386;Win32.Rmnet;Cured.;TELNET.EXE;C:\I386;Win32.Rmnet;Cured.;txflog.dll;C:\I386;Win32.Rmnet;Cured.;urlmon.dll;C:\I386;Win32.Rmnet;Cured.;user32.dll;C:\I386;Win32.Rmnet;Cured.;wininet.dll;C:\I386;Win32.Rmnet;Cured.;WINNT32.EXE;C:\I386;Win32.Rmnet;Cured.;WINNT32A.DLL;C:\I386;Win32.Rmnet;Cured.;WINNT32U.DLL;C:\I386;Win32.Rmnet;Cured.;WINNTBBA.DLL;C:\I386;Win32.Rmnet;Cured.;WINNTBBU.DLL;C:\I386;Win32.Rmnet;Cured.;winsrv.dll;C:\I386;Win32.Rmnet;Cured.;WSDU.DLL;C:\I386;Win32.Rmnet;Cured.;WSDUENG.DLL;C:\I386;Win32.Rmnet;Cured.;xolehlp.dll;C:\I386;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\ACROBAT;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\EASTMAN;Win32.Rmnet;Cured.;AWDVSTUB.EXE;C:\I386\WIN9XMIG\FAX;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\FAX;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\HPTOOLS;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\IBMAV;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\MAPI\DLL;Win32.Rmnet;Cured.;MKNTFRMCACHE.EXE;C:\I386\WIN9XMIG\MAPI\DLL;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\MSI;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\NECKBD;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\NECPA;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\NECWPS;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\OCTOPUS;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\PRINT;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\PWS;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\WIA;Win32.Rmnet;Cured.;MIGRATE.DLL;C:\I386\WIN9XMIG\WMP;Win32.Rmnet;Cured.;ISMIG.DLL;C:\I386\WIN9XUPG;Win32.Rmnet;Cured.;SETUPAPI.DLL;C:\I386\WIN9XUPG;Win32.Rmnet;Cured.;W95UPG.DLL;C:\I386\WIN9XUPG;Win32.Rmnet;Cured.;CLUSCOMP.DLL;C:\I386\WINNTUPG;Win32.Rmnet;Cured.;SPXUPGRD.DLL;C:\I386\WINNTUPG\OEM\SPX\MPS;Win32.Rmnet;Cured.;TJUPG.DLL;C:\I386\WINNTUPG\OEM\TIGERJET;Win32.Rmnet;Cured.;msvcr80.dll;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C;Win32.Rmnet;Cured.;ACE.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;AdobeXMP.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;AGM.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;ARE.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;AXE16SharedExpat.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;AXE8SharedExpat.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;BIB.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;BIBUtils.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;JP2KLib.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;PDFL70.dll;C:\Program Files\ABBYY PDF Transformer 2.0;Win32.Rmnet;Cured.;PrnInstaller.exe;C:\Program Files\ABBYY PDF Transformer 2.0\PDF X-Change;Win32.Rmnet;Cured.;Ainfo.exe;C:\Program Files\ABBYY PDF Transformer 2.0\Support;Win32.Rmnet;Cured.;Ainfo0.dll;C:\Program Files\ABBYY PDF Transformer 2.0\Support;Win32.Rmnet;Cured.;Engine0.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;MorphoRes0.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;ScanToOffice0.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;ScanToOfficeShared.dll;C:\Program Files\ABBYY ScanTo Office 1.0;Win32.Rmnet;Cured.;ScanMan0.dll;C:\Program Files\ABBYY ScanTo Office 1.0\Scan;Win32.Rmnet;Cured.;Ainfo.exe;C:\Program Files\ABBYY ScanTo Office 1.0\Support;Win32.Rmnet;Cured.;Ainfo0.dll;C:\Program Files\ABBYY ScanTo Office 1.0\Support;Win32.Rmnet;Cured.;AdobeOLS.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;AdobeUpdateManager.exe;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;AUM21.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;ImageLibrary.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;OperaMgr.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;prefrences.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;PsaProxy.exe;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;qt-mt.dll;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps;Win32.Rmnet;Cured.;ADB2.EXE;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Shared_Assets\locales\en_gb;Win32.Rmnet;Cured.;AiodLite.dll;C:\Program Files\Adobe\Reader 8.0\Esl;Win32.Rmnet;Cured.;ACE.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;Acrofx32.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;AdobeXMP.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;AGM.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;rt3d.dll;C:\Program Files\Adobe\Reader 8.0\Reader;Win32.Rmnet;Cured.;smax4pnp.exe;C:\Program Files\Analog Devices\Core;Win32.Rmnet;Cured.;smwdmif.dll;C:\Program Files\Analog Devices\Core;Win32.Rmnet;Cured.;AEEnable.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;DevSetup.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;ListEnv.dll;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;MicTab.dll;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;SMax4.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;SMax4Wiz.exe;C:\Program Files\Analog Devices\SoundMAX;Win32.Rmnet;Cured.;malfile.exe;C:\Program Files\AvantGo Connect;Win32.Rmnet;Cured.;malssp.dll;C:\Program Files\AvantGo Connect;Win32.Rmnet;Cured.;agmal.dll;C:\Program Files\AvantGo Connect\AvantGo;Win32.Rmnet;Cured.;agproxy.dll;C:\Program Files\AvantGo Connect\AvantGo;Win32.Rmnet;Cured.;agsubs.exe;C:\Program Files\AvantGo Connect\AvantGo;Win32.Rmnet;Cured.;IGeared_tavgp_xputils2.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;IGeared_tavgp_xputils3.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;IGeared_tavgp_xputils35.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;xpavgtbapi.dll;C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components;Win32.Rmnet;Cured.;IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;IDriver2.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;IDriverT.exe;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;iGdiCnv.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;IScrCnv.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;ISRT.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;IUserCnv.dll;C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32;Win32.Rmnet;Cured.;IDriver.exe;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;IScript7.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;ISRT.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;IUser7.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;_ISRES1033.dll;C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32;Win32.Rmnet;Cured.;ctor.dll;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Rmnet;Cured.;ILog.dll;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Rmnet;Cured.;iuser.dll;C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32;Win32.Rmnet;Cured.;iscript.dll;C:\Program Files\Common Files\InstallShield\IScript;Win32.Rmnet;Cured.;iKernel.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32;Win32.Rmnet;Cured.;iscript.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32;Win32.Rmnet;Cured.;iuser.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32;Win32.Rmnet;Cured.;iKernel.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Rmnet;Cured.;iscript.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Rmnet;Cured.;iuser.dll;C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Rmnet;Cured.;regutils.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Rmnet;Cured.;regutils.dll;C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Rmnet;Cured.;crmw.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;delay.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;dm.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;i2cinst.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;instdrvw.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;MsgBox.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;ndisk.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;nspect.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;paapp.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;pmemw.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;psainst.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;RebootHDD.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;smptr.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;TOC.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;tvtbioschk.exe;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;tvtutilspy.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;xml4c_5_5.dll;C:\Program Files\Common Files\Lenovo;Win32.Rmnet;Cured.;funzip.exe;C:\Program Files\Common Files\Lenovo\infozip\unzip;Win32.Rmnet;Cured.;unzip.exe;C:\Program Files\Common Files\Lenovo\infozip\unzip;Win32.Rmnet;Cured.;unzipsfx.exe;C:\Program Files\Common Files\Lenovo\infozip\unzip;Win32.Rmnet;Cured.;zip.exe;C:\Program Files\Common Files\Lenovo\infozip\zip;Win32.Rmnet;Cured.;zipnote.exe;C:\Program Files\Common Files\Lenovo\infozip\zip;Win32.Rmnet;Cured.;zipsplit.exe;C:\Program Files\Common Files\Lenovo\infozip\zip;Win32.Rmnet;Cured.;kehelper.dll;C:\Program Files\Common Files\Lenovo\InvAgent;Win32.Rmnet;Cured.;proxy.dll;C:\Program Files\Common Files\Lenovo\InvAgent;Win32.Rmnet;Cured.;XmlWriter.dll;C:\Program Files\Common Files\Lenovo\InvAgent;Win32.Rmnet;Cured.;adapter.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;devices.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;diskinfo.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;firmware.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;ide.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;memory.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;netsetting.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;norton.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;pci.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;processes.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;regional.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;scsi.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;security.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;smbios.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;startup.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;tater.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;timezone.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;usage.dll;C:\Program Files\Common Files\Lenovo\InvAgent\local\collect;Win32.Rmnet;Cured.;mapdrv.exe;C:\Program Files\Common Files\Lenovo\MND;Win32.Rmnet;Cured.;netsvcinst.exe;C:\Program Files\Common Files\Lenovo\pfdinst;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\Common Files\Lenovo\Python24\DLLs;Win32.Rmnet;Cured.;tcl84.dll;C:\Program Files\Common Files\Lenovo\Python24\DLLs;Win32.Rmnet;Cured.;tk84.dll;C:\Program Files\Common Files\Lenovo\Python24\DLLs;Win32.Rmnet;Cured.;wininst-6.exe;C:\Program Files\Common Files\Lenovo\Python24\Lib\distutils\command;Win32.Rmnet;Cured.;wininst-7.1.exe;C:\Program Files\Common Files\Lenovo\Python24\Lib\distutils\command;Win32.Rmnet;Cured.;reloadsched.exe;C:\Program Files\Common Files\Lenovo\Scheduler;Win32.Rmnet;Cured.;BuildTOC.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;FCopier.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;RRMedia.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;signiso.exe;C:\Program Files\Common Files\Lenovo\spi;Win32.Rmnet;Cured.;USP10.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE11;Win32.Rmnet;Cured.;context.html;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\HTML;Win32.HLLM.Graz;Deleted.;ATL70.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;CMDDEF.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;Compsvcspkg.dll;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;CSSPKG.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;HTMDLGS.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;HTMED.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;MSENV.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;MSVCR70.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;MSVCR71.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;TRIDSN.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;VisualStudioTeamCore.dll;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;VSBROWSE.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;VSTLBINF.DLL;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime;Win32.Rmnet;Cured.;MSTHES3.DLL;C:\Program Files\Common Files\Microsoft Shared\PROOF;Win32.Rmnet;Cured.;msxml3.dll;C:\Program Files\Common Files\Microsoft Shared\SFPCA Cache;Win32.Rmnet;Cured.;MSB1STAR.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT;Win32.Rmnet;Cured.;WTSP61MS.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT;Win32.Rmnet;Cured.;MSB1ESEN.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN;Win32.Rmnet;Cured.;MSB1FREN.DLL;C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN;Win32.Rmnet;Cured.;msdia80.dll;C:\Program Files\Common Files\Microsoft Shared\VC;Win32.Rmnet;Cured.;coloader.dll;C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG;Win32.Rmnet;Cured.;L50Options.dll;C:\Program Files\Common Files\Sage Line50;Win32.Rmnet;Cured.;RegisterFunctions.exe;C:\Program Files\Common Files\Sage Line50;Win32.Rmnet;Cured.;SgOffice.dll;C:\Program Files\Common Files\Sage Office Integration;Win32.Rmnet;Cured.;cdintf.dll;C:\Program Files\Common Files\Sage Payroll\SagePDFGenerator;Win32.Rmnet;Cured.;Install.exe;C:\Program Files\Common Files\Sage Payroll\SagePDFGenerator;Win32.Rmnet;Cured.;PaySDO2HR.dll;C:\Program Files\Common Files\Sage Payroll SDO;Win32.Rmnet;Cured.;PaySdoCompanyList.dll;C:\Program Files\Common Files\Sage Payroll SDO;Win32.Rmnet;Cured.;PaySdoCore.dll;C:\Program Files\Common Files\Sage Payroll SDO;Win32.Rmnet;Cured.;MFC71.dll;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;MSICrlPCU.dll;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;primosdk.DLL;C:\Program Files\Corel\Corel Snapfire Plus;Win32.Rmnet;Cured.;Connect.exe;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;DkMsg.dll;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;DkServiceMsg.exe;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;ShowHtml.exe;C:\Program Files\Diskeeper Corporation\Diskeeper;Win32.Rmnet;Cured.;iedvtool.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;jsdbgui.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;jsdebuggeride.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;JSProfilerCore.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;jsprofilerui.dll;C:\Program Files\Internet Explorer;Win32.Rmnet;Cured.;AppRegAgent.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;ComTruSurroundXT.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;DHIVI.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;DMO_TSXT.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;DownmixDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;DSPDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;expDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;GPIProxy.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;InstActivation.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;IviContainerDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;timestretchDMO.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;viFxMvft.dll;C:\Program Files\InterVideo\Common\Bin;Win32.Rmnet;Cured.;ComTruSurroundXT.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;DHIVI.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;DMO_TSXT.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;DownmixDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;DSPDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;expDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;GPIProxy.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;IviContainerDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;SNX_HID.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;timestretchDMO.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;viFxMvft.dll;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;WinDVD.exe;C:\Program Files\InterVideo\WinDVD;Win32.Rmnet;Cured.;deploy.dll;C:\Program Files\Java\jre1.5.0_06\bin;Win32.Rmnet;Cured.;JavaWebStart.dll;C:\Program Files\Java\jre1.5.0_06\bin;Win32.Rmnet;Cured.;axbridge.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;cmm.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;deploy.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;hpi.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;hprof.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;instrument.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;j2pkcs11.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;java-rmi.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;java.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;java.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;javacpl.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;javaw.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;javaws.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;jdwp.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;jli.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;jpiexp.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;jpinscp.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;jpioji.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;jpishare.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;keytool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;kinit.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;klist.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;ktab.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;management.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;net.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;npjava11.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;npjava12.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;npjava13.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;npjava14.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;npjava32.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;npoji610.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;orbd.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;pack200.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;policytool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;regutils.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;rmid.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;rmiregistry.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;servertool.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;splashscreen.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;tnameserv.exe;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;wsdetect.dll;C:\Program Files\Java\jre1.6.0_03\bin;Win32.Rmnet;Cured.;jvm.dll;C:\Program Files\Java\jre1.6.0_03\bin\client;Win32.Rmnet;Cured.;axbridge.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;cmm.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;deploy.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;hpi.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;hprof.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;instrument.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;j2pkcs11.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;java-rmi.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;java.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;java.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;javacpl.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;javaw.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;javaws.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;jdwp.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;jli.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;jpiexp.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;jpinscp.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;jpioji.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;jpishare.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;keytool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;kinit.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;klist.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;ktab.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;management.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;net.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;npjava11.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;npjava12.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;npjava13.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;npjava14.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;npjava32.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;npoji610.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;orbd.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;pack200.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;policytool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;regutils.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;rmid.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;rmiregistry.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;servertool.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;splashscreen.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;tnameserv.exe;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;wsdetect.dll;C:\Program Files\Java\jre1.6.0_05\bin;Win32.Rmnet;Cured.;jvm.dll;C:\Program Files\Java\jre1.6.0_05\bin\client;Win32.Rmnet;Cured.;axbridge.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;cmm.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;deploy.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;hpi.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;hprof.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;instrument.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;j2pkcs11.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;java.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jdwp.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jkernel.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jli.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jpicom.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jpiexp.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jpinscp.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jpioji.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jpishare.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;management.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;net.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;npoji610.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;regutils.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;splashscreen.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;wsdetect.dll;C:\Program Files\Java\jre6\bin;Win32.Rmnet;Cured.;jvm.dll;C:\Program Files\Java\jre6\bin\client;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\Java\jre6\bin\new_plugin;Win32.Rmnet;Cured.;npjp2.dll;C:\Program Files\Java\jre6\bin\new_plugin;Win32.Rmnet;Cured.;lzma.dll;C:\Program Files\Java\jre6\lib\deploy;Win32.Rmnet;Cured.;jqs_plugin.dll;C:\Program Files\Java\jre6\lib\deploy\jqs\ie;Win32.Rmnet;Cured.;rnr_tpc.dll;C:\Program Files\Lenovo;Win32.Rmnet;Cured.;AULauncherUtilities.exe;C:\Program Files\Lenovo\Active Update;Win32.Rmnet;Cured.;br_check.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;br_funcs.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;burnCd.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;getinfo.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;osrestore.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;overinstall.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;pe_masterpw_app.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;pui.dll;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;rejuvenate_gui.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;rejuvenate_process_status.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;RestoreNow.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;rnr_banner.dll;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;rnr_gui.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;rrcmd.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;rrsync.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;rr_res.dll;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;setpwd.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;wizrr.exe;C:\Program Files\Lenovo\Rescue and Recovery;Win32.Rmnet;Cured.;CSSCertificates.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;R2R.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;RegFix.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;SeedLink.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;SmaService.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;TVTSMA.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;UnZip32.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;util.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;Zip32.dll;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin;Win32.Rmnet;Cured.;r2r.exe;C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin\apply;Win32.Rmnet;Cured.;mapdrv.exe;C:\Program Files\Lenovo\System Update;Win32.Rmnet;Cured.;kehelper.dll;C:\Program Files\Lenovo\System Update\egather;Win32.Rmnet;Cured.;proxy.dll;C:\Program Files\Lenovo\System Update\egather;Win32.Rmnet;Cured.;XmlWriter.dll;C:\Program Files\Lenovo\System Update\egather;Win32.Rmnet;Cured.;adapter.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;devices.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;diskinfo.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;firmware.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;ide.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;memory.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;netsetting.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;norton.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;pci.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;processes.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;regional.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;scsi.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;security.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;smbios.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;startup.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;tater.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;timezone.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;usage.dll;C:\Program Files\Lenovo\System Update\egather\local\collect;Win32.Rmnet;Cured.;msconv97.dll;C:\Program Files\Microsoft ActiveSync;Win32.Rmnet;Cured.;pwiww6.dll;C:\Program Files\Microsoft ActiveSync;Win32.Rmnet;Cured.;pwiww8.dll;C:\Program Files\Microsoft ActiveSync;Win32.Rmnet;Cured.;MSVCR70.DLL;C:\Program Files\Microsoft Office\OFFICE11\VS Runtime;Win32.Rmnet;Cured.;EXCHCSP.DLL;C:\Program Files\Microsoft Office\Office12;Win32.Rmnet;Cured.;USP10.DLL;C:\Program Files\Microsoft Office\Office12;Win32.Rmnet;Cured.;MSVCR71.DLL;C:\Program Files\Microsoft Office\Office12\ADDINS;Win32.Rmnet;Cured.;default.htm\VBScript.0;C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\default.htm;Trojan.Inor;;default.htm;C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US;Container contains infected objects;Moved.;sqlvdi.dll;C:\Program Files\Microsoft SQL Server\80\COM;Win32.Rmnet;Cured.;SQLDMO.DLL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;Win32.Rmnet;Cured.;sqlvdi.dll;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;Win32.Rmnet;Cured.;msvcr80.dll;C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap;Win32.Rmnet;Cured.;obelog.dll;C:\Program Files\MSN\MSNCoreFiles\OOBE;Win32.Rmnet;Cured.;obemetal.dll;C:\Program Files\MSN\MSNCoreFiles\OOBE;Win32.Rmnet;Cured.;obepopc.dll;C:\Program Files\MSN\MSNCoreFiles\OOBE;Win32.Rmnet;Cured.;gsdll32.dll;C:\Program Files\Nitro PDF\PrimoPDF;Win32.Rmnet;Cured.;PrimDel.exe;C:\Program Files\Nitro PDF\PrimoPDF;Win32.Rmnet;Cured.;PrimInst.exe;C:\Program Files\Nitro PDF\PrimoPDF;Win32.Rmnet;Cured.;msvcr80.dll;C:\Program Files\Norton PC Checkup;Win32.Rmnet;Cured.;msvcr80.dll;C:\Program Files\Norton PC Checkup\executables\nss;Win32.Rmnet;Cured.;msvcr80.dll;C:\Program Files\Norton PC Checkup\executables\productScanner;Win32.Rmnet;Cured.;msvcr80.dll;C:\Program Files\Norton PC Checkup\Microsoft.VC80.CRT;Win32.Rmnet;Cured.;msvcr80.dll;C:\Program Files\Norton Security Scan;Win32.Rmnet;Cured.;Asapi.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;Dapi5.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;Http.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;libModuleCommon.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;MFC71u.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;msvcr71.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;Nfca.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;OSWindows.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;PCBEEP.exe;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;Pcd5Services.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;pcdr2d3dvideodx9.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;ProgressTrace.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;RunProfiler.exe;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;Scsi.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;SSE3DLL.dll;C:\Program Files\PCDR5;Win32.Rmnet;Cured.;cleanup.exe;C:\Program Files\PCDR5\xjre\bin;Win32.Rmnet;Cured.;java.dll;C:\Program Files\PCDR5\xjre\bin;Win32.Rmnet;Cured.;jvm.dll;C:\Program Files\PCDR5\xjre\bin\jetvm;Win32.Rmnet;Cured.;baseline410.dll;C:\Program Files\PCDR5\xjre\jetrt;Win32.Rmnet;Cured.;xlink410.dll;C:\Program Files\PCDR5\xjre\jetrt;Win32.Rmnet;Cured.;sol.exe;C:\Program Files\sys2;Trojan.DownLoader1.22981;Incurable.Moved.;index_t.html\VBScript.0;C:\Program Files\ThinkVantage\ALRN\index_t.html;Trojan.Inor;;index_t.html;C:\Program Files\ThinkVantage\ALRN;Container contains infected objects;Moved.;message_t.html\VBScript.0;C:\Program Files\ThinkVantage\AMSG\message_t.html;Trojan.Inor;;message_t.html;C:\Program Files\ThinkVantage\AMSG;Container contains infected objects;Moved.;vncviewer.exe;C:\Program Files\UltraVNC;Program.RemoteAdmin.37;Incurable.Moved.;eGathComp.html\VBScript.0;C:\SWSHARE\eGathComp.html;Trojan.Inor;;eGathComp.html;C:\SWSHARE;Container contains infected objects;Moved.;index_t.html\VBScript.0;C:\swtools\APPS\alrn\exe\index_t.html;Trojan.Inor;;index_t.html;C:\swtools\APPS\alrn\exe;Container contains infected objects;Moved.;message_t.html\VBScript.0;C:\swtools\APPS\amsg\exe\message_t.html;Trojan.Inor;;message_t.html;C:\swtools\APPS\amsg\exe;Container contains infected objects;Moved.;A0033409.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0033410.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.510;Deleted.;A0033411.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0033412.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0033413.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0033414.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0033415.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0033416.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0033481.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Program.RemoteAdmin.37;Invalid path to file ;A0033489.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.DownLoader1.22981;Incurable.Moved.;A0038427.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0038428.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.510;Deleted.;A0038429.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0038430.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0038431.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0038432.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0038433.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0038434.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.PWS.Panda.387;Deleted.;A0038599.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Program.RemoteAdmin.37;Invalid path to file ;A0038605.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Trojan.DownLoader1.22981;Incurable.Moved.;A0043169.exe;C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP8;Win32.Rmnet;Cured.;Thanks Link to post Share on other sites More sharing options...
Elise Posted September 28, 2010 ID:319774 Share Posted September 28, 2010 Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus namesThreat aliases for Win32/Ramnit.AWith this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary. Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a sm Link to post Share on other sites More sharing options...
richardh Posted September 28, 2010 Author ID:319814 Share Posted September 28, 2010 Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus namesThreat aliases for Win32/Ramnit.AWith this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary. Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a sm Link to post Share on other sites More sharing options...
Elise Posted September 28, 2010 ID:319821 Share Posted September 28, 2010 See here for more information about Lenovo system recovery: http://www.pc.ibm.com/us/think/thinkvantag...uerecovery.html Link to post Share on other sites More sharing options...
Recommended Posts