[Not curable - Ramnit] Win32/ZBot/Rimnet infection on XP Pro SP3

By oakland600
Dec 29, 2011
  1. Hi,

    Trying to be as specific as possible. Following points provide details and sequence of what I have tried already prior to posting at TechSpot.


    1.O/S is Winxp Pro – service pack 3.

    2.First thing was avg picking up hundreds of win32/zbot detections about 10 days ago. Also “xgamwtuc.exe – application error” appears and an error relating to a dfrgcfg.dll file when booting PC. Also noticed one or two re-directs in Internet Explorer in the days just prior to the AVG detection. Although the home page was still set ok.

    3.Traced location of “xgamwtuc.exe” to c:\documents and settings\dad\local settings\application data\pdlamtll and “dfrgcfg.dll” to c:\documents and settings\dad\local settings\application data\tcpcommsplugin\

    4.Noticed a lot of randomly named text files in these locations.

    5.Manually deleted all suspect folders and text files.

    6.Ran avg rescue disk at boot up and it identified 1000s of infected files. I took the re-name option. Appreciate not always the right thing to do as it can mess up the O/S and apps. However I have a text file of all the re-named system files and can manually change them back to their original name if required.

    7.Second thing was to run the rmzbot.exe app from avg. This cleaned all the re-named files. Some files couldn’t be opened. Ran this again.

    8.Symptoms at this stage were on boot up – “xgamwtuc.exe – application error” still appears. But not the dfrgcfg.dll error.

    9.Can connect to the internet/network but no access to any web-site. When connected 6 text files re-appear one by one in the c:\documents and settings\dad\local settings\application data folder. This stops as soon as I disconnect, however 2 text files are generated in the same location each time I delete the other text files even when off-line.

    10.Tried several full scans using AVG anti-virus but pc re-boots itself just after starting the scan.

    11.Attempted to disable the xgamwtuc and dfrgcfg.dll exes in MSCONFIG but this only seemed to stop the dfrgcfg.dll exe and not xgamwtuc exe – another xgamwtuc exe entry re-appears after re-boot. Registry entry is at HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

    12.MSCONFIG is now running in NORMAL mode causing both the xgamwtuc and dfrgcfg.dll error messages on start-up.

    13.Now starting the Techspot clean-up pre-posting process.

    14.Removed spybot S&D and AVG from PC. Downloaded Avira onto a laptop and burnt it to disk. Installed Avira and briefly connected the infected pc to the internet to allow avira to update. Ran Avira scan and picked up 105 infections. Healed or removed all of these.

    15.Installed Malwarebytes, did update and then full scan. Picked up 9 infections. All healed or removed.

    16.Installed GMER. Turned off real-time anti-virus. Unsure if you want a full scan or just the auto gmer scan that it does when first started. Anyway…auto-scan log shown below. Full scan re-boots the PC after a few seconds. So no full scan log available. Tried un-checking the devices option and the pc freezes after a few minutes into the full scan. Unable to enter safe mode to try full gmer scan. When safe mode selected the pc just re-boots. Been a while since I’ve used safe mode but pretty sure it worked ok last time.

    17.Ran DDS app – logs shown below.

    18.Just ready to post first message and Avira popped up with another detection – “TR/Kazy.48799.5” in “C:\Program Files\Avira\AntiVir Desktop\avguardmgr.exe”. Scanned the file with Malwarebytes which detected a Trojan.Downloader.bh. Log for this scan shown below. Will now re-boot to remove infected file.

    19.MSCONFIG no longer shows the xgamwtuc.exe entry but the dfrgcfg.dll is still listed under start-up. MSCONFIG still set to normal load. Nothing is blocked.

    20.Symptoms now on re-boot are RUNDLL error message against the dfrgcfg.dll file. Otherwise boots ok. Avira still seems to work ok even though the file avguardmgr.exe has been removed.

    21.Text files no longer appear in c:\documents and settings\dad\local settings\application data\ either when connected or not.

    22.Can connect to the network/internet but IE doesn’t launch. Firefox launches but doesn’t show any web-site. Haven’t uninstalled/re-installed these two programs yet – that will be the next job but will await instructions before doing anything else.

    23.Any help you can give will be much appreciated. Apologies for long post and for any mistakes I’ve made in trying to fix the problem.

    24.Thanks in advance for your help.


    Ian




    Malwarebytes main log:


    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.29.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Dad :: CONSERVATORY [administrator]

    29/12/2011 14:32:59
    mbam-log-2011-12-29 (14-32-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201773
    Time elapsed: 19 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 4
    HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\RECYCLER\S-1-5-21-1409082233-308236825-839522115-1004\Dc121\xgamwtuc.exe (Trojan.Downloader.bh) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1409082233-308236825-839522115-1004\Dc127\xgamwtuc.exe (Trojan.Downloader.bh) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1409082233-308236825-839522115-1004\Dc240\xgamwtuc.exe (Trojan.Downloader.bh) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\xgamwtuc.exe (Trojan.Downloader.bh) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\poxhyvwiopejwoxv.exe (Trojan.Downloader.bh) -> Quarantined and deleted successfully.

    (end)



    GMER auto start-up log: (not able to run full scan)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-29 15:38:57
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000070 Maxtor_6V300F0 rev.VA111900
    Running: t7xff30i.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\ufldrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT spwq.sys ZwEnumerateKey [0xB9EC6CA2]
    SSDT spwq.sys ZwEnumerateValueKey [0xB9EC7030]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [B9DC9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9DC9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9DC9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9DC9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\imagedrv \Device\Scsi\imagedrv1 8A7551F8
    Device \Driver\ab26jqzm \Device\Scsi\ab26jqzm1Port5Path0Target0Lun0 8A2C71F8
    Device \Driver\ab26jqzm \Device\Scsi\ab26jqzm1 8A2C71F8
    Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 8A7551F8
    Device \FileSystem\Ntfs \Ntfs 8A7541F8

    ---- EOF - GMER 1.0.15 ----


    DDS-Attach log:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 05/05/2008 21:26:25
    System Uptime: 29/12/2011 16:01:03 (0 hours ago)
    .
    Motherboard: WinFast | | C51MCP51
    Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2210/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 279 GiB total, 9.131 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    G: is FIXED (NTFS) - 466 GiB total, 48.051 GiB free.
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Maxtor 1394 Storage Front Panel*
    Device ID: 1394\MAXTOR&1394_STORAGE_FRONT_PANEL*\73F68C0020B91000
    Manufacturer:
    Name: Maxtor 1394 Storage Front Panel*
    PNP Device ID: 1394\MAXTOR&1394_STORAGE_FRONT_PANEL*\73F68C0020B91000
    Service:
    .
    Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
    Description: Disk drive
    Device ID: SBP2\MAXTOR&ONETOUCH&LUN0\0010B920008CF673
    Manufacturer: (Standard disk drives)
    Name: Maxtor OneTouch IEEE 1394 SBP2 Device
    PNP Device ID: SBP2\MAXTOR&ONETOUCH&LUN0\0010B920008CF673
    Service: disk
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    AC3Filter 1.62b
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop CS5.1
    Adobe Reader 8.3.1
    µTorrent
    Avira Free Antivirus
    Canon MP Navigator EX 3.0
    Canon MP560 series MP Drivers
    Canon MP560 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CompuApps SwissKnife V3
    ConvertXtoDVD 2.2.3.258
    DivX Setup
    FileZilla Client 3.5.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    InterVideo DeviceService
    Java(TM) 6 Update 11
    LDC Driving Test Complete
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Age of Empires Gold
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox (3.5.3)
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Ultra Edition
    neroxml
    NOMAD Jukebox 3
    NOMAD Jukebox 3 Driver
    NVIDIA Drivers
    PDF Settings CS5
    Realtek AC'97 Audio
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SmartPad Software 1.0
    Success Builder Algebra 1
    SuperUtility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.6195
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    WinRAR archiver
    Xilisoft Video Converter Ultimate
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/12/2011 15:41:23, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 805446b2, parameter3 ba56f868, parameter4 ba56f564.
    29/12/2011 15:38:04, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805446b2, parameter3 ab82daa4, parameter4 00000000.
    29/12/2011 15:33:21, error: nvatabus [6] - Device Maxtor 6V300F0 [V60CYKKG] timed out an I/O operation.
    29/12/2011 15:12:34, error: sbp2port [4] - Driver detected an internal error in its data structures for .
    29/12/2011 14:29:01, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DAD-LAP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7B72DCF6-05A4-4F9E-A. The master browser is stopping or an election is being forced.
    29/12/2011 14:10:05, error: System Error [1003] - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 00000000, parameter4 ffdffffe.
    29/12/2011 13:48:30, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
    29/12/2011 13:48:26, error: SRService [104] - The System Restore initialization process failed.
    28/12/2011 19:20:24, error: Service Control Manager [7034] - The Avira Realtime Protection service terminated unexpectedly. It has done this 4 time(s).
    28/12/2011 18:58:47, error: Service Control Manager [7034] - The Avira Realtime Protection service terminated unexpectedly. It has done this 3 time(s).
    28/12/2011 18:58:45, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    28/12/2011 18:58:43, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    28/12/2011 18:57:37, error: sbp2port [9] - The device, , did not respond within the timeout period.
    .
    ==== End Of File ===========================


    DDS-log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Dad at 16:20:05 on 2011-12-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1649 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Elan\USB\ETDUSBCtrl.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Dfrgcfg32] rundll32.exe "c:\documents and settings\dad\local settings\application data\tcpcommsplugin\Dfrgcfg32.dll",appWICres isaapisvc
    mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [ETDUSBWare] c:\program files\elan\usb\ETDUSBCtrl.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    mPolicies-explorer: <NO NAME> =
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{7B72DCF6-05A4-4F9E-AA3A-7AE40B17951D} : NameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\g587as8g.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: QuickWiki: {EE223D7A-F30F-11DD-8F0A-D2AD55D89593} - %profile%\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}
    FF - Ext: TableTools2: tabletools2@mingyi.org - %profile%\extensions\tabletools2@mingyi.org
    FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} - %profile%\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-28 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-28 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-28 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-28 74640]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-5-15 14976]
    S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
    S3 hidflt;Elan HID/USB Mouse Driver;c:\windows\system32\drivers\ETDUSB.sys [2009-7-16 25088]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2011-12-29 14:29:54 -------- d-----w- c:\documents and settings\dad\application data\Malwarebytes
    2011-12-29 14:29:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-29 14:29:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-29 14:29:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-28 19:01:11 -------- d-----w- c:\documents and settings\dad\application data\Avira
    2011-12-28 18:55:04 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-28 18:55:04 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-28 18:55:04 -------- d-----w- c:\program files\Avira
    2011-12-28 18:55:04 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-12-28 18:52:08 -------- d-----w- c:\documents and settings\dad\local settings\application data\pdlamtll
    2011-12-17 09:02:08 -------- d--h--w- C:\$AVG8.VAULT$
    2011-12-07 21:18:15 -------- d-----w- c:\documents and settings\dad\local settings\application data\tcpCommsplugin
    .
    ==================== Find3M ====================
    .
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-11 19:46:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 16:21:09.81 ===============


    Malwarebytes log against file avguardmgr.exe:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.29.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Dad :: CONSERVATORY [administrator]

    29/12/2011 17:10:40
    mbam-log-2011-12-29 (17-10-40).txt

    Scan type: Custom scan
    Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
    Objects scanned: 1
    Time elapsed: 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files\Avira\AntiVir Desktop\avguardmgr.exe (Trojan.Downloader.bh) -> Delete on reboot.

    (end)
  2. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    You're running two AV programs, AVG and Avira.
    One of them has to go.
    If AVG, make sure you use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    Then....

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  3. oakland600

    oakland600 Newcomer, in training Topic Starter

    Hi,

    Thanks for your reply.

    1. I'd already used the AVG Remover tool to get rid of AVG, but it would appear to be still hanging around. I will run the tool again.

    2. In order to access the ESET page I will need to re-install Firefox. Is that ok? As explained in my original post (point 22) IE doesn't launch and Firefox launches but doesn't show any web-site.

    Ian
  4. oakland600

    oakland600 Newcomer, in training Topic Starter

    Hi,

    Just run AVG-Remover again. There seems to be a few "Failed to delete" and other such messages. Before we make any more progress regarding the infection could you have a look at the AVG-Remover log, shown below, to check if AVG has now gone? Thanks.

    I've downloaded the latest Firefox using my laptop and have written it to a cd. I won't install it yet until you give the go-ahead.

    Regards and thanks.
    Ian
  5. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Go ahead with reinstalling Firefox.
    Don't worry about AVG leftovers for now.
  6. oakland600

    oakland600 Newcomer, in training Topic Starter

    Hi,

    Firefox installed ok and I was able to run ESET scanner.

    LOG:

    C:\Documents and Settings\Dad\Desktop\Files for burning\Archive - Hannah and Matthew\Miscellaneous\Miscellaneous2\Louise\BartPE Plugins\regreswiz\regreswiz.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\Archive - Hannah and Matthew\Miscellaneous\Miscellaneous2\PC stuff\Maxtor one touch mini\Software on Disc\Launch.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\Archive - Hannah and Matthew\Miscellaneous\Miscellaneous2\PC stuff\Maxtor one touch mini\Software on Disc\drivers\USB\mxoaldr.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\G-\Drivers\GA-7N400 Pro2 Mobo\Chipset and LAN\winxp\Setup.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\G-\Drivers\GA-7N400 Pro2 Mobo\Chipset and LAN\winxp\Ethernet\nvuenet.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\G-\Drivers\GA-7N400 Pro2 Mobo\Chipset and LAN\winxp\GART\nvugart.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\G-\Drivers\GA-7N400 Pro2 Mobo\Chipset and LAN\winxp\IDE\WinXP\idecoi.dll Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\G-\Drivers\GA-7N400 Pro2 Mobo\Chipset and LAN\winxp\IDE\WinXP\nvuide.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\G-\Drivers\GA-7N400 Pro2 Mobo\Chipset and LAN\winxp\MemCtl\nvumctl.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Desktop\Files for burning\G-\Drivers\GA-7N400 Pro2 Mobo\Chipset and LAN\winxp\SMBus\nvusmb.exe Win32/Ramnit.H virus
    C:\Documents and Settings\Dad\Local Settings\Temp\NERO13349\Toolbar.exe_1324149855.arl Win32/Toolbar.AskSBar application
    C:\Documents and Settings\Dad\My Documents\Back-up of My Docs from main pc. - 25th April 09\ok\New Backup-18sep09\PC games\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan
    C:\Documents and Settings\Dad\My Documents\Utorrent\Apps\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
    C:\Program Files\Adobe\Adobe Bridge CS5.1\libmmd.dll Win32/Ramnit.H virus
    C:\Program Files\Common Files\Ahead\DSFilter\MFC71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Daddio\Application Data\Sun\Java\Deployment\cache\6.0\26\77ca675a-4a52fc7a a variant of Java/Agent.BR trojan
    G:\Documents and Settings\Daddio\Application Data\Sun\Java\Deployment\cache\6.0\38\6d50f966-42fd2d96 a variant of Java/Exploit.CVE-2009-2843.B trojan
    G:\Documents and Settings\Daddio\Local Settings\Temp\NERO13349\Toolbar.exe_1324149886.arl Win32/Toolbar.AskSBar application
    G:\Documents and Settings\Daddio\My Documents\Downloads\Active\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-6fde8f1f-n\jmc.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-6fde8f1f-n\msvcp71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-6fde8f1f-n\msvcr71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13813551-n\jmc.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13813551-n\msvcp71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13813551-n\msvcr71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21023638-n\decora-d3d.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Hannah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21023638-n\decora-sse.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-166cbbdf-n\decora-d3d.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-166cbbdf-n\decora-sse.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-208a0d7f-n\gluegen-rt.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-5176f216-n\decora-d3d.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-5176f216-n\decora-sse.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-5176f216-n\jmc.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-5176f216-n\msvcp71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-5176f216-n\msvcr71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-42b1d099-n\jmc.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-42b1d099-n\msvcp71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-42b1d099-n\msvcr71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-544cdb6d-n\jogl.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-544cdb6d-n\jogl_awt.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-544cdb6d-n\jogl_cg.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16f25644-n\decora-d3d.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16f25644-n\decora-sse.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74aae0b1-n\jmc.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74aae0b1-n\msvcp71.dll Win32/Ramnit.H virus
    G:\Documents and Settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74aae0b1-n\msvcr71.dll Win32/Ramnit.H virus
    G:\epson\epson11326\DEVICEOP.EXE Win32/Ramnit.H virus
    G:\epson\epson11326\E_SCHK03.EXE Win32/Ramnit.H virus
    G:\epson\epson11326\OEMINF.EXE Win32/Ramnit.H virus
    G:\epson\epson11326\SETUP.EXE Win32/Ramnit.H virus
    G:\epson\epson11376\ESCANEX.DLL Win32/Ramnit.H virus
    G:\epson\epson11376\Setup.exe Win32/Ramnit.H virus
    G:\epson\epson11376\LIB\0409\SURES.DLL Win32/Ramnit.H virus
    G:\epson\epson11376\LIB\0C0C\SURES.DLL Win32/Ramnit.H virus
    G:\JB2Driver\ctpde.dll Win32/Ramnit.H virus
    G:\JB2Driver\CTPdeSrv.exe Win32/Ramnit.H virus
    G:\JB2Driver\CTPmsMan.dll Win32/Ramnit.H virus
    G:\JB2Driver\CTPmsWma.dll Win32/Ramnit.H virus
    G:\JB2Driver\PdePgHlp.dll Win32/Ramnit.H virus
    G:\JB2Driver\PdeSrvps.dll Win32/Ramnit.H virus
    G:\JB2Driver\PdRegSrv.dll Win32/Ramnit.H virus
    G:\Program Files\AC3Filter\ac3config.exe Win32/Ramnit.H virus
    G:\Program Files\AC3Filter\ac3filter_intl.dll Win32/Ramnit.H virus
    G:\Program Files\AC3Filter\spdif_test.exe Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\Acelite.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\ACROFX32.DLL Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\Agm.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\Bib.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\CoolType.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\OPP.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Movie\QT3.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Movie\QT4.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Acrobat_com\Acrobat_com.exe Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\Acrofx32.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\ahclient.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\AXSLE.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\BIBUtils.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\icucnv36.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\JP2KLib.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\logsession.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\Onix32.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\pe.dll Win32/Ramnit.H virus
    G:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll Win32/Ramnit.H virus
    G:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe Win32/Ramnit.H virus
    G:\Program Files\AVG\AVG10\HtmLayout.dll Win32/Ramnit.H virus
    G:\Program Files\AvRack\classic.dll Win32/Ramnit.H virus
    G:\Program Files\AvRack\rtlrack.exe Win32/Ramnit.H virus
    G:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNPUTC.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\Canon IJ Network Tool\CNMNPUTC.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\atl80.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\BJEZDCNR.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZCASA.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZCD.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZCOPI.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZCTRL.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZDM.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZDRAW.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZEPP.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZFLDR.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZHLD.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZIMG.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMME.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZPAGE.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZPINF.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZPRN.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZPRNT.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZPZ.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZRSC.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNEZSHLL.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\CNIJLPE.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\FDP.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\IMAGEFIX.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\IMGLNG.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\mfc80.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\mfc80u.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-PhotoPrint EX\vcomp.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\Easy-WebPrint EX\ewpexdl.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\IJEREG\MP560 series\CURALDLL.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\cnpacnoc.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\cnpactoc.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\cnpajaoc.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\cnpakroc.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\cnpapgmg.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\cocr.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\FDP.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\ImageFix.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\imglng.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\IndexModule.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnclng.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnfexp.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnfimp.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnfldt.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnlng.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnplib.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnprint.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\MPNScan.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnscmgr.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\mpnsmgr.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\msvcp80.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\msvcr80.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\pafcv2.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\pptPdfEncrypt.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\rdd20.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\rdd20cn.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\rdd20ct.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\rdd20kr.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\MP Navigator EX 3.0\stad.dll Win32/Ramnit.H virus
    G:\Program Files\Canon\SolutionMenu\CNSLUWRP.DLL Win32/Ramnit.H virus
    G:\Program Files\Canon\SolutionMenu\CURALDLL.DLL Win32/Ramnit.H virus
    G:\Program Files\CanonBJ\IJPrinter\Canon MP560 series\cncisco3.dll Win32/Ramnit.H virus
    G:\Program Files\CanonBJ\IJPrinter\Canon MP560 series\cnmiu3.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\cccpudetect.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\VSFilter.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_samplerate.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_unrar.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_wmv9.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\FFDShow\libmpeg2_ff.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\FFDShow\TomsMoComp_ff.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\avi.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\avs.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\avss.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\dsmux.exe Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\dxr.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\gdsmux.exe Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\mkv2vfr.exe Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\mkx.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\mp4.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\ogm.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\Filters\Haali\ts.dll Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe Win32/Ramnit.H virus
    G:\Program Files\Combined Community Codec Pack\MPC\mpciconlib.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\AudioPlugins\AReadyLB_Nero.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\AudioPlugins\lame_enc.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\AudioPlugins\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\AudioPlugins\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\AudioPlugins\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\DSFilter\AReadyLB_Nero.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\DSFilter\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\DSFilter\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\DSFilter\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\cximage.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\iconv.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\lib3ds_dll.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\libxml2.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\mfc71u.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Lib\zlib1.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\Nero Web\unrar.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\RemoteControl\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\RemoteControl\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Ahead\RemoteControl\NeroAti.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Corel\DirectShowComponents\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Corel\DirectShowComponents\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Corel\PSPThumbShellExt\iepsps.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Corel\PSPThumbShellExt\igcore13d.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Brazil\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Common\Common.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Common\RegEdit.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Danish\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Dutch\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\English\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Finnish\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\French\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\German\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Italian\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Japanese\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Korean\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Norwegian\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\PChinese\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Port\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Spanish\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Swedish\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\TChinese\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Creative\Installation\Turkish\_IsUser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\phonon4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\QtCore4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\QtGui4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\QtNetwork4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\QtSql4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\QtWebKit4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\QtXml4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\accessible\qtaccessiblewidgets4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\codecs\qcncodecs4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\codecs\qjpcodecs4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\codecs\qkrcodecs4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\codecs\qtwcodecs4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\imageformats\qgif4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\imageformats\qico4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\imageformats\qjpeg4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\imageformats\qsvg4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\imageformats\qtiff4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\DivX Shared\Qt4.5\Plugins\sqldrivers\qsqlite4.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\IScript\iscript.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Help 8\cmddef.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Help 8\custsat.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Help 8\dexplmnu.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Help 8\msenv.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Help 8\vslog.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSDesigners7\MSVCP71.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSDesigners7\MSVCR71.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\contextp.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\msenv2p.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\msenv80p.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvp.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\TextMgrP.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\VSCryptoInfo.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\VsLogP.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\MSEnv\vsp.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\MSVCR71.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\SQL Debugging\sqldbg.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\TRANSLAT\WTSP61MS.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\dsref80.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\MSVCP71.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\MSVCR71.DLL Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader80.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\csm.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\dbgautoattach.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\pdm.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\vs7jit.exe Win32/Ramnit.H virus
    G:\Program Files\Common Files\System\msadc\msadce.dll Win32/Ramnit.H virus
    G:\Program Files\Common Files\System\Ole DB\MSOLAP80.DLL Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\AM.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\atl71.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\bps3dll.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\DC120V154_32.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\fpxig.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\igcad14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\igcgm14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\igcore14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\igdgn14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\igfpx14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\ighpgl14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\igJPEG2K14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\iglzw14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\igvect14d.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\JPEGACC.DLL Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\kdu_v50R.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\MSICrlPCU.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Renderer.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\RiffIO.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Xerces.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\DLLs\tcl84.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\DLLs\tclpip84.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\DLLs\tk84.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils\command\wininst-6.exe Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\Lib\distutils\command\wininst-7.1.exe Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\dde1.2\tcldde12.dll Win32/Ramnit.H virus
    G:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Python Libraries\tcl\reg1.1\tclreg11.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\drvmgt.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\HView.exe Win32/Ramnit.H virus
    G:\Program Files\Cossacks\SoundConfig.exe Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Algeria.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Austria.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\England.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\France.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\German.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Holland.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Piemont.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Poland.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Portugalia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Russia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Saksinia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Spain.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Sveden.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Turcia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Ukraine.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks\AI\Venecia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\cew.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\drvmgt.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\HView.exe Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\ScenarioEditor.exe Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Algeria.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Austria.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Bavaria.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Denmark.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\England.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\France.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\German.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Holland.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Piemont.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Poland.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Portugalia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Russia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Saksinia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Spain.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Sveden.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Turcia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Ukraine.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\AI\Venecia.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\History_battl\Denbar.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\History_battl\Gogenfridberg.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\History_battl\MarstonMur.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\History_battl\Mook.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\History_battl\NewPort.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\History_battl\Rymnik.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Algeria\Missal01\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Algeria\Missal02\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Algeria\Missal04\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Algeria\Missal05\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau01\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau02\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau03\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau04\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau06\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau07\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau08\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau09\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Austria\Missau10\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Poland\Misspo01\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Prussia\Misspru01\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Prussia\Misspru02\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Prussia\Misspru03\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Prussia\Misspru04\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Prussia\Misspru05\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Saxony\Missax01\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Saxony\Missax02\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Saxony\Missax03\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Saxony\Missax04\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\Missions\Saxony\Missax05\Mission.dll Win32/Ramnit.H virus
    G:\Program Files\Cossacks - The Art Of War\UserMissions\CMS_Start.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\Burp.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\CTAbout.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\CTIntrfc.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\CTJBNS.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\CTNJBEXP.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\CTRegSvr.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\CTWMATag.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Creative File Manager 2\JBNSHK.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\CPdeSrvU.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\CPmsManU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\CPmsWmaU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\ctpde.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\CTPmsMan.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\Jb4Inst.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\PdePgHlp.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\JBSeriesDrv\PdeSrvps.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CPdeSrvU.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CPmsManU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CPmsWmaU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CtDrvIns.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CtDrvStp.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CTPDE.DLL Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CTPdeSrv.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CTPmsMan.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\CTPmsWma.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\Jb2Inst.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\Jb4Inst.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\PdePgHlp.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\PdeSrvps.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Jukebox 3 Drivers\PdRegSrv.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\AudCvrtu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\AudCvtu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\AudFrmtu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CMSRegOu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CodcMgru.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CrBufEnu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTAboutu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTAppAsc.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTAudEp.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTCDCovU.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTDBEngu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTDetctu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTDRMRes.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTDRMUIu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTEPImpu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTHtmlu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTIniFu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTIntrfc.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTIntrfu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTLogDBu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTMALitU.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTMEMDBu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTMetAcu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTMetAcu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTMetaDu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTNJBDBu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTPlyQUU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTQSWizu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTRegSvu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CtrlSrcu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTSPB.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTSPWizU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTSUSDKu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTThemeu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTTrnQU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTTrnQUU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTVisAud.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTWMPEnu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\CTXMLPsu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\EffcMgru.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\FmtQuryu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\HookWndU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\MFInfou.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\MtdAcqIu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\MtdAcqu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\MxLibu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\NmdPlayu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\PlxLoadu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\PopUpMu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\RecEnumu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\SknChsrU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\startMSu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\ThmResu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\VDJPlayu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\WizCPLu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\MediaSource5\WndTrnsU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\AuChnMap.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CDAsvc.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTDAE.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTDBEng.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTHtml.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTIniF.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTIntrfc.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTIntrfu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTMetaDB.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTNeo6.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTNJBDB.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTRegSvr.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTRegSvu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\CTXMLPsu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\MDAQMGRU.DLL Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\MtpManU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\OpaQManU.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\OpqManps.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\VFSvrps.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Shared Files\VFSvrU.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CTId3Tag.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\ctnmjb2.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\ctaudspi.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\ctcadi.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\ctdmzspi.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\ctksspi.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\ctmbspi.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\CTPreset.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\CtPresetW.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\ctpxspi.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\ctsf.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\NotiMan.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\AVConvU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\AVSrcU2.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTAboutu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTASyncu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTDBEngu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTDBModu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTIntrfu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTLogDBu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTMetaDu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTMSCaps.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTNJBDBu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTPicMaU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTRegSvu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTSMWizu.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\CTXMLPsu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\FmtQuryu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\HookWndU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\MemDBEnu.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\MFInfou.dll Win32/Ramnit.H virus
    G:\Program Files\Creative\Sync Manager Unicode\ZCConvU.dll Win32/Ramnit.H virus
    G:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\CTCabEx.DLL Win32/Ramnit.H virus
    G:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\CTCabEx.DLL Win32/Ramnit.H virus
  7. oakland600

    oakland600 Newcomer, in training Topic Starter

    ESET LOG part 2:

    G:\Program Files\DAEMON Tools Lite\pfctoc.dll Win32/Ramnit.H virus
    G:\Program Files\DAEMON Tools Lite\Plugins\Images\bw5mount.dll Win32/Ramnit.H virus
    G:\Program Files\DAEMON Tools Lite\Plugins\Images\bwtmount.dll Win32/Ramnit.H virus
    G:\Program Files\DAEMON Tools Lite\Plugins\Images\cuemount.dll Win32/Ramnit.H virus
    G:\Program Files\DAEMON Tools Lite\Plugins\Images\iszmount.dll Win32/Ramnit.H virus
    G:\Program Files\DAEMON Tools Lite\Plugins\Images\pfcmount.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Control Panel\dpl100.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX OVS Helper\divx_libeay32.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX OVS Helper\divx_ssleay32.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Converter\dpl100.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus DirectShow Filters\aacadec.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus DirectShow Filters\divx_dec_aac.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DivX Plus Player.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\divx_icuuc40.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPB3.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\dpl100.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXLibrary.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\libdivx.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\libxml2.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\ssldivx.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDeviceManagerPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXFileInfoPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPreferencesPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectDrawVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXColorTransform.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXSubDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\GDIVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\MPGLibDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\OpenGLVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\SSADecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\TextDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Player\DSEPlugins\XiphVorbisDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\DPB3.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\libxml2.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DFXAudioPlugin.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\Direct3DVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DirectDrawVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DirectShowAudioDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DirectSoundAudioOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DivXAACDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DivXASPDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DivXAVCDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DivXColorTransform.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DivXDeinterlaceFilter.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DivXPlaybackModule.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\DivXSubDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\GDIVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\MP3SurroundDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\MPGLibDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\OpenGLVideoOutput.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\SSADecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Plus Web Player\StreamEngine\TextDecode.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\DivXEngine.exe Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\DivXTranscodeDll.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\dpil100.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\dpl100.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\dpv11.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\dtu100.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\dvd2divxsub.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\libOOOgg.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\libxml2.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\mc_enc_avc.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\MSVCP71.DLL Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\ssldivx.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\vorbis.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\xdclm.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\xdsba.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\xdsbp.dll Win32/Ramnit.H virus
    G:\Program Files\DivX\DivX Transcode Engine\xdsbv.dll Win32/Ramnit.H virus
    G:\Program Files\EPSON\escndv\escndv.exe Win32/Ramnit.H virus
    G:\Program Files\EPSON\escndv\setup\escanex.dll Win32/Ramnit.H virus
    G:\Program Files\EPSON\escndv\setup\setup.exe Win32/Ramnit.H virus
    G:\Program Files\EPSON\escndv\setup\sures.dll Win32/Ramnit.H virus
    G:\Program Files\EPSON\PrinterDriverTemp\SPRX500\DEVICEOP.EXE Win32/Ramnit.H virus
    G:\Program Files\EPSON\PrinterDriverTemp\SPRX500\E_SCHK03.EXE Win32/Ramnit.H virus
    G:\Program Files\EPSON\PrinterDriverTemp\SPRX500\OEMINF.EXE Win32/Ramnit.H virus
    G:\Program Files\EPSON\PrinterDriverTemp\SPRX500\SETUP.EXE Win32/Ramnit.H virus
    G:\Program Files\ImgBurn\ImgBurn.exe Win32/Ramnit.H virus
    G:\Program Files\ImgBurn\ImgBurnPreview.exe Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\Setup.exe Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\Setup.exe Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\Setup.exe Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\CTCABEX.DLL Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{951D0FD7-4763-4F75-AA4E-1CA0321D486A}\CTCABEX.DLL Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\Setup.exe Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\CTCABEX.DLL Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\ISSetup.dll Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\CTCABEX.DLL Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\ISSetup.dll Win32/Ramnit.H virus
    G:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\1.6.6\ISSetup.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\ExtExport.exe Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\hmmapi.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\iedvtool.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\ieproxy.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\jsdbgui.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\jsdebuggeride.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\JSProfilerCore.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\jsprofilerui.dll Win32/Ramnit.H virus
    G:\Program Files\Internet Explorer\xpshims.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\AppRegAgent.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\AtMgr.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\AtPlgUI.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\AtPrvw.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\BmpRef.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\CDMedia.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\CDWriter.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\ChinaEffects.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DATCode.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DevCtrl.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DiscCopy.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DiscEdit.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DsRead.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DsReadWrite.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DVDFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DVDMRWFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DVDPRWFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\DVDRWMedia.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\HDMedia.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\ImageTools.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\InstActivation.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\IviAuthorCtrl.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\iviDisc.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\iviMenuCtrl.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\IVIresize.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\IviScnDetect.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\iviSurface.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\IviTrans.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lfbmp13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\LFCMP13n.DLL Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lfdrw13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lfeps13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lffax13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\LFJ2K13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lfmsp13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lfpcd13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\Lfpct13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lfpcx13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\Lfpng13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lfpsd13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lftga13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\lftif13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\Lfwmf13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\log4cpp.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\LTCLR13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\LTDIS13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\ltefx13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\ltfil13n.DLL Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\ltimg13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\ltkrn13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\MEBase.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\MenuBase.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\MenuEditor.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\MenuMix.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\MijgJpeg.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\Mpeg2Parser.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\Pfc.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\StorageTools.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\ThemeMgr.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\VCDFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\AtMgr.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\AtPlgUI.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\AtPrvw.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\BmpRef.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\CDMedia.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\CDWriter.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\ChinaEffects.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DATCode.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DevCtrl.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DiscCopy.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DiscEdit.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DsRead.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DsReadWrite.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DVDFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DVDMRWFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DVDPRWFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\DVDRWMedia.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\emDLL.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\EmpiaPrp.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\HDMedia.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\ImageTools.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IviAuthorCtrl.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviDisc.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviIPL.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviIPLA6.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviIPLM5.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviIPLM6.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviIPLP6.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviIPLPX.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviIPLW7.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviMenuCtrl.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IVIresize.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IVIresizeA6.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IVIresizeM6.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IVIresizeP6.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IVIresizePX.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IVIresizeW7.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IviScnDetect.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\iviSurface.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\IviTrans.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lfbmp13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\LFCMP13n.DLL Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lfdrw13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lfeps13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lffax13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\LFJ2K13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lfmsp13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lfpcd13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Lfpct13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lfpcx13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Lfpng13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lfpsd13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lftga13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\lftif13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Lfwmf13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\log4cpp.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\LTCLR13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\LTDIS13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\ltefx13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\ltfil13n.DLL Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\ltimg13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\ltkrn13n.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\MEBase.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\MenuBase.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\MenuEditor.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\MenuMix.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\MijgJpeg.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Mpeg2Parser.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Pfc.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\StorageTools.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\ThemeMgr.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\VCDFormat.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\WinRip.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Xanalyze.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Xaudio.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Plugins\in_cdda.dll Win32/Ramnit.H virus
    G:\Program Files\InterVideo\WCreator2\Plugins\in_mixer.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\awt.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\axbridge.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\cmm.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\dcpr.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\deploy.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\dt_shmem.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\dt_socket.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\fontmanager.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\hpi.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\hprof.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\instrument.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\ioser12.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\j2pcsc.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\j2pkcs11.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jaas_nt.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\java.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\java_crw_demo.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jawt.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\JdbcOdbc.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jdwp.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jkernel.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jli.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jp2native.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jpeg.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jpicom.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jpiexp.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jpinscp.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jpioji.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jpishare.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jsound.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\jsoundds.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\management.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\mlib_image.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\net.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\nio.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\npoji610.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\npt.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\regutils.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\rmi.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\splashscreen.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\sunmscapi.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\unpack.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\verify.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\zip.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\client\jvm.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\new_plugin\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Win32/Ramnit.H virus
    G:\Program Files\Java\jre6\lib\deploy\lzma.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\psvince.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\ff_liba52.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\ff_libdts.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\ff_samplerate.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\ff_unrar.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\ff_wmv9.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\FLT_ffdshow.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\libmpeg2_ff.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\ffdshow\TomsMoComp_ff.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\libFLAC.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\MACDec.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\avi.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\avs.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\avss.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\dxr.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\mp4.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\ogm.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Filters\Haali\ts.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Media Player Classic\mediainfo.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Media Player Classic\mpciconlib.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Tools\mediainfo.dll Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe Win32/Ramnit.H virus
    G:\Program Files\K-Lite Codec Pack\Tools\xmllite.dll Win32/Ramnit.H virus
    G:\Program Files\Messenger\msgsc.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\clcd32.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\clokspl.exe Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\dplayerx.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\drvmgt.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\language.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\language_x1.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\language_x1_p1.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\age2_x1\clcd32.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\age2_x1\clokspl.exe Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\age2_x1\dplayerx.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Games\Age of Empires II\Data\closedpw.exe Win32/Ramnit.H virus
    G:\Program Files\Microsoft Office\Office14\ADDINS\MSVCR71.DLL Win32/Ramnit.H virus
    G:\Program Files\Microsoft Office\Office14\ADDINS\OTKLOADR.DLL Win32/Ramnit.H virus
    G:\Program Files\Microsoft Silverlight\4.0.60310.0\coreclr.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\cmddef.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\compluslm.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\custsat.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\dbghelp.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\msdis150.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\msenc80.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\msenv.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\mspdb80.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\mspdbcore.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\msvb7.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\ProjectAggregator.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vslog.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vssln.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vstlbinf.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VsWizard.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Packages\Compsvcspkg.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Packages\dirprj.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Packages\Debugger\cpde.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Packages\Debugger\cscompee.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Packages\Debugger\encmgr.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Packages\Debugger\shmetapdb.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Packages\Debugger\vsdebug.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Tools\VDT\vdt80.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\Common7\Tools\VDT\vdt80p.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\sqlserver\mssdi98.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\VB\Bin\msvbprj.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\VC\vcpackages\DirControl.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\VC#\VCSPackages\cslangsvc.dll Win32/Ramnit.H virus
    G:\Program Files\Microsoft Visual Studio 8\VC#\VCSPackages\csproj.dll Win32/Ramnit.H virus
    G:\Program Files\Movie Maker\moviemk.exe Win32/Ramnit.H virus
    G:\Program Files\MSN\MSNCoreFiles\OOBE\obelog.dll Win32/Ramnit.H virus
    G:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll Win32/Ramnit.H virus
    G:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Core\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Core\mfc71u.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Core\MPGEnc.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Core\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Core\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\JMUsbDll.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\mfc71u.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\PLX507.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\sp216.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero CoverDesigner\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero CoverDesigner\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Home\mfc71u.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Home\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Home\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ImageDrive\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ImageDrive\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ImageDrive\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero MediaHome\mfc71u.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero MediaHome\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero MediaHome\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Mobile\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Mobile\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero PhotoSnap\FreeImage.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero PhotoSnap\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero PhotoSnap\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero PhotoSnap\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Recode\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Recode\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Recode\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ShowTime\mfc71u.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ShowTime\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ShowTime\msvcp80.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ShowTime\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero ShowTime\msvcr80.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero SoundTrax\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero SoundTrax\mfc71u.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero SoundTrax\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero SoundTrax\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero StartSmart\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero StartSmart\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero StartSmart\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Toolkit\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Toolkit\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Toolkit\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Vision\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Vision\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero Vision\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero WaveEditor\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero WaveEditor\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Nero\Nero 7\Nero WaveEditor\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Plextor\PXM402U\MFC71.dll Win32/Ramnit.H virus
    G:\Program Files\Plextor\PXM402U\msvcp71.dll Win32/Ramnit.H virus
    G:\Program Files\Plextor\PXM402U\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\Plextor\PXM402U\PlexDriver.exe Win32/Ramnit.H virus
    G:\Program Files\Plextor\PXM402U\XClean.dll Win32/Ramnit.H virus
    G:\Program Files\Plextor\PXM402U\XClean.exe Win32/Ramnit.H virus
    G:\Program Files\Realtek\REALTEK GbE & FE Ethernet PCI NIC Driver\RTINSTALLER32.EXE Win32/Ramnit.H virus
    G:\Program Files\Realtek\REALTEK GbE & FE Ethernet PCI NIC Driver\RtNicprop32.DLL Win32/Ramnit.H virus
    G:\Program Files\Realtek AC97\alcrmv.exe Win32/Ramnit.H virus
    G:\Program Files\Realtek AC97\ChCfg.exe Win32/Ramnit.H virus
    G:\Program Files\Realtek AC97\RtlCPAPI.dll Win32/Ramnit.H virus
    G:\Program Files\Realtek AC97\RTLCPL.exe Win32/Ramnit.H virus
    G:\Program Files\Realtek AC97\SoundMan.exe Win32/Ramnit.H virus
    G:\Program Files\Red Chair Software\Notmad Explorer\sendto.exe Win32/Ramnit.H virus
    G:\Program Files\Red Chair Software\Notmad Explorer\sendtojz.exe Win32/Ramnit.H virus
    G:\Program Files\Red Chair Software\Shared\mprg.dll Win32/Ramnit.H virus
    G:\Program Files\Red Chair Software\Shared\SmallParser.dll Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\deupx.dll Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\msvcr71.dll Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\SASINST.EXE Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\SASSEH.DLL Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\SASWINLO.DLL Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\Plugins\sab_incr.dll Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\Plugins\sab_mapi.dll Win32/Ramnit.H virus
    G:\Program Files\SUPERAntiSpyware\Plugins\sab_wab.dll Win32/Ramnit.H virus
    G:\Program Files\Trusteer\Rapport\bin\atl80.dll Win32/Ramnit.H virus
    G:\Program Files\Trusteer\Rapport\bin\js32.dll Win32/Ramnit.H virus
    G:\Program Files\Trusteer\Rapport\bin\msvcp80.dll Win32/Ramnit.H virus
    G:\Program Files\Trusteer\Rapport\bin\msvcr80.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\dbsetup.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\deskbar.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\mapine.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\MSNLDl.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\MSNLDlPs.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\msnlExt.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\msnlRed.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\WdsMktTools.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\wdsShell.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\wdsView.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\WindowsSearch.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\wordwheel.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Desktop Search\xppreviewproxy.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Live\Messenger\custsat.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Media Connect 2\wmccds.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Connect 2\WMCCFG.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Connect 2\WMCCPL.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Media Connect 2\wmcsci.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmdbexport.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmlaunch.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmpenc.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmpnetwk.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmpnscfg.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmpnssci.dll Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmpshare.exe Win32/Ramnit.H virus
    G:\Program Files\Windows Media Player\wmsetsdk.exe Win32/Ramnit.H virus
    G:\Program Files\WinRAR\Patcher.exe Win32/Ramnit.H virus
    G:\Program Files\WinRAR\Rar.exe Win32/Ramnit.H virus
    G:\Program Files\WinRAR\RarExt.dll Win32/Ramnit.H virus
    G:\Program Files\WinRAR\Uninstall.exe Win32/Ramnit.H virus
    G:\Program Files\WinRAR\UnRAR.exe Win32/Ramnit.H virus
    G:\Program Files\WinRAR\WinRAR.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\audioplayer.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\drmheader.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\DSCopy.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\DSPlay.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\DSSeekFm.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\GenProfile.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\MetadataEdit.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\ReadFromStream.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\UncompAVIToWMV.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\wmprop.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\wmstats.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\WMSyncReader.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\wmvappend.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\wmvcopy.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\WMVNetWrite.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\Bin\WMVRecompress.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmcopy\WMDMCMD.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmcopy\WMDMCOPY.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmperf\MakeFile.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmperf\PerfTest.dll Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmperf\traceprt.dll Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmperf\WPDTestApp.exe Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmperf\wttlog.dll Win32/Ramnit.H virus
    G:\WMSDK\WMFSDK95\WMDM\devicekit\wmdmperf\WTTlogcm.dll Win32/Ramnit.H virus
  8. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    I'm afraid I have very bad news.

    You're infected with Ramnit file infector virus.

    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
  9. oakland600

    oakland600 Newcomer, in training Topic Starter

    ok - thought that might be the case.

    Thanks for your efforts.

    Would I be correct in assuming that only DLL and exe files are likely to be infected?
  10. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Thinking about backing up your files?
    If so, you can back up your data but you have to scan all of it with your AV program before putting anything back after reinstall.
  11. oakland600

    oakland600 Newcomer, in training Topic Starter

    ok will do.

    Thanks for your help.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    You're very welcome [​IMG]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.