Ranmit infection

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Ranmit infection14th April 2011, 7:35 pm

========== Files Created - No Company Name ==========

[2011/04/14 15:01:55 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/14 15:01:55 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/14 11:46:55 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/14 11:37:34 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/13 20:04:53 | 000,174,955 | ---- | C] () -- C:\Windows\System32\test.exe
[2011/04/13 00:36:34 | 075,657,504 | ---- | C] () -- C:\Users\Andrew\paracast_110410.mp3
[2011/04/11 22:11:45 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/04/11 22:11:45 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/04/11 22:11:45 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/04/08 21:23:28 | 000,032,018 | ---- | C] () -- C:\Users\Andrew\magichappyland.jpg
[2011/04/08 21:02:19 | 000,001,805 | ---- | C] () -- C:\Users\Andrew\delarge.gif
[2011/04/08 20:51:32 | 000,050,749 | ---- | C] () -- C:\Users\Andrew\germany-flag.jpg
[2011/04/08 20:49:01 | 000,084,490 | ---- | C] () -- C:\Users\Andrew\Flag-Holy-Roman-Empire.png
[2011/04/07 14:43:42 | 000,037,734 | ---- | C] () -- C:\Users\Andrew\rainbow_swastika.jpg
[2011/04/05 16:13:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/03 07:25:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/03 07:25:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/03 06:49:08 | 000,012,682 | -HS- | C] () -- C:\Users\Andrew\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
[2011/04/03 06:49:08 | 000,012,682 | -HS- | C] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2011/03/30 23:36:18 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\paracast_110320.mp3
[2011/03/30 23:36:16 | 032,539,213 | ---- | C] () -- C:\Users\Andrew\paracast_110320.mp3.part
[2011/03/28 05:29:50 | 075,657,248 | ---- | C] () -- C:\Users\Andrew\paracast_110327.mp3
[2011/03/18 07:30:32 | 075,657,440 | ---- | C] () -- C:\Users\Andrew\paracast_110313.mp3
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/12 22:46:31 | 000,000,263 | ---- | C] () -- C:\Windows\System32\gapa.ini
[2010/06/16 14:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/05/27 17:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/04/18 18:16:41 | 018,499,623 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2009/12/13 01:13:43 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/11 03:36:54 | 018,030,130 | ---- | C] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2009/10/27 19:03:12 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2009/09/06 22:27:58 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/22 23:34:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/27 21:29:41 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2009/02/18 18:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/21 19:27:22 | 000,091,136 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 00:25:46 | 014,618,605 | ---- | C] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2008/09/21 16:22:08 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/09/19 20:52:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/19 19:17:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/09/15 21:40:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/15 21:40:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/15 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2008/09/15 20:11:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/01 05:15:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/06 01:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/21 07:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,371,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/25 01:22:06 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/01 01:16:53 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/24 14:57:48 | 000,047,466 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\attachment.png
[2008/09/16 01:59:56 | 000,000,286 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/24 00:14:38 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/24 00:14:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 12:07:14 | 000,174,955 | ---- | M] () -- C:\Program Files\Mozilla Firefox\firefoxmgr.exe
[2011/03/24 00:14:38 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/15 21:21:12 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/03 07:08:21 | 000,012,682 | -HS- | M] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2008/11/29 00:26:50 | 014,618,605 | ---- | M] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2009/09/06 22:31:48 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/10/27 19:03:29 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/01/27 01:56:44 | 018,030,130 | ---- | M] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2010/04/18 18:17:13 | 018,499,623 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2010/10/15 15:08:12 | 003,600,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 08:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/21 03:23:54 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 08:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[1996/04/03 20:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
[2006/11/02 08:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\speedfan.sys
[2010/12/31 14:25:17 | 002,038,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2010/08/26 02:19:28 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

Re: Ranmit infection14th April 2011, 7:36 pm

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/01 01:16:53 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/24 14:57:48 | 000,047,466 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\attachment.png
[2008/09/16 01:59:56 | 000,000,286 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/24 00:14:38 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/24 00:14:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 12:07:14 | 000,174,955 | ---- | M] () -- C:\Program Files\Mozilla Firefox\firefoxmgr.exe
[2011/03/24 00:14:38 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/15 21:21:12 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/03 07:08:21 | 000,012,682 | -HS- | M] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2008/11/29 00:26:50 | 014,618,605 | ---- | M] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2009/09/06 22:31:48 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/10/27 19:03:29 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/01/27 01:56:44 | 018,030,130 | ---- | M] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2010/04/18 18:17:13 | 018,499,623 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2010/10/15 15:08:12 | 003,600,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 08:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/21 03:23:54 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 08:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[1996/04/03 20:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
[2006/11/02 08:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\speedfan.sys
[2010/12/31 14:25:17 | 002,038,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2010/08/26 02:19:28 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/01/02 05:10:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/09/19 19:39:20 | 000,000,237 | ---- | M] () -- C:\csb.log
[2011/04/14 11:46:55 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/16 02:29:24 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2011/04/14 14:47:09 | 000,003,064 | ---- | M] () -- C:\JavaRa.log
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/14 11:46:54 | 4070,129,664 | -HS- | M] () -- C:\pagefile.sys
[2008/09/19 19:37:28 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2008/07/26 18:22:44 | 000,000,004 | RHS- | M] () -- C:\WINOS.SYS

< %PROGRAMFILES%\*. >
[2011/04/14 12:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/04/14 15:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/15 21:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/03 13:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/09/27 01:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/04/08 22:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/04/14 12:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2011/04/14 15:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/04/05 16:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID
[2011/04/14 12:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/12/17 13:32:56 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/09/17 19:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/11 22:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/08 22:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/08 22:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/22 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\JAM Software
[2010/12/11 14:02:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/14 12:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\jZip
[2009/05/22 17:26:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/09/19 20:51:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/02/03 05:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/02/11 09:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/14 11:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/09/19 20:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/04/14 12:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/02 11:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/04/14 12:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/09/08 09:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/14 14:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/02/11 09:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/04/14 12:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mumble
[2009/06/22 19:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2011/04/13 20:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\ngfminbl
[2011/04/14 14:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/03/08 23:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Prime95
[2011/04/14 14:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/16 13:57:06 | 000,000,000 | ---D | M] -- C:\Program Files\Razer
[2008/09/19 20:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/04/14 12:58:55 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2008/09/17 19:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2011/04/14 14:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2011/04/14 13:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2009/05/25 23:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/08/05 00:50:06 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2011/04/14 13:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/11 22:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/04/25 03:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2011/04/14 12:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2008/09/17 19:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/04/20 16:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/01/21 03:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 03:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 03:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/21 03:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/05/22 17:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/22 17:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/04/11 22:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/12 22:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 03:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 03:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2009/03/02 18:48:36 | 000,076,407 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Smiley.ico

< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 09:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

Re: Ranmit infection14th April 2011, 7:39 pm

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\********\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\********\Auto Update\Results\Install\\LastSuccessTime: 2011-04-13 18:33:48

< End of report >

Re: Ranmit infection14th April 2011, 7:40 pm

Ok that is the whole OTL file. In that last post I had to star out the word "windows" and then "update" because obviously this virus is not allowing me to send/connect to anything with that word in it... I'll try and do the extras file now

Re: Ranmit infection14th April 2011, 7:40 pm

OTL Extras logfile created on: 14/04/2011 15:20:54 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrew\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.25 Gb Total Space | 14.98 Gb Free Space | 21.64% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 32.81 Gb Free Space | 11.01% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3680316882-2675168402-2279185747-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FB5F78A-B0CD-4B82-A646-B7E1C9C12F68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24FD810E-95CD-47EE-8DC0-6406D3FBF1B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EFBB532-3E87-46F6-8F57-522A40B8DBCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{540A0EDC-55D0-49CB-BE15-DAFA7A4552A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6B2EC367-72AD-46D6-8DBC-44E8934B76AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{85AA24BD-6A84-4946-99FD-931BCA64DF39}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8DEBFA48-9C14-491E-98C7-2EBB0A89A891}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E264F42-6ED1-4063-9638-43B41985DB70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AABA84DA-6051-4029-9E0B-99FBA041187D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C88261CB-7237-4BFD-B4F5-82A97F273FB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A4A3F9-A976-4D51-AE02-6B32702565C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DC9769D-CC34-4D78-87CE-E183A56D009B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{24ACA405-4DB1-4A9F-9E67-8DF89094724D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{2AD8480B-CE98-45CD-A2B5-3B357A0329AE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2DCDC92D-7DB9-4E0D-89DE-784CED3731FD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{2E6B4082-4F61-48F3-B32A-87693F5EAA46}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{4171C89A-183B-4FE1-937D-BCD34DCDFD99}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F0200E7-69C7-4D10-9A22-4C96CE820351}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6A8E9546-C351-4775-8B6F-7726318C73B1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\day of defeat\hl.exe |
"{6E82B0DE-8F56-4B34-AAA8-FA5E581BC2B5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{701C9AA6-0C10-4B48-8DFC-021DDD1D1705}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{709DEB71-F31A-4F67-9879-C05441292502}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{714BFB6F-F918-4DE1-8BE3-F1C19481E8B5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{79EB2441-FD26-4D4E-82EB-C5C54D2679C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{7F70E632-A822-475D-B69D-09C1398F1395}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{82CB4102-8FDA-4A20-BD72-BB8BD40767C1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{895B9329-D033-43C9-A983-275B3359B9CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"{8C69321F-A688-4838-8B77-B3C5ADCC0F5E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DFB19E1-48D7-42F5-8E9D-1432E2436A92}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{91BB9FCD-2A6F-401F-BE90-B13E29D3C71E}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9A480546-3828-43C3-BFD2-4A16CABD7CE4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9D5C831F-3F8B-4AF3-9C96-38351493EF35}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A11BB17A-9ADD-4EE9-8339-04F89A887D41}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A4349C70-E69F-4FCC-8F6F-76CBB8B68619}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\day of defeat\hl.exe |
"{A46747F3-EFD2-45BF-AAA4-EECC7C47A84E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A73A1ED0-59C7-4AF5-AEE4-D87AB83D090B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{AFCBC7B2-A6E6-453A-98B2-7A68EBF1D629}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{B153844F-1735-45A3-8AD7-E0953287DC2E}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B75ED986-03DA-420F-BA35-5FB4A5CE6900}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C02CAF9F-30EA-4F74-83BD-C5966312D0AA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C16D7048-F788-48E2-AA39-9C0215785F6F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{C2CD2145-A135-4AC9-AAF6-4EDE81CF6552}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"{C3843D33-D60A-46DC-882B-452ED58218E3}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C5F0A187-12FD-4F7E-8647-2E16C899A355}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{CB2E3892-3811-4191-BBD5-B53FD9AC1BF8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CB69C03A-4049-419A-8026-BF40F4854188}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{CE43C6C8-29DC-4A44-BCE8-EB9F101579B2}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D0123EF2-2DCF-44AA-85B6-1D9636F689DE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D056FFDC-94A5-4E6A-BAC7-23717FF53E70}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D1F639CC-1235-4311-A035-6913D9CDEB00}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{DC16C2F3-0F8B-4C5B-A72F-BC65C8E51D79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{DCE6D798-B6EE-4448-9590-7BB03AC58991}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{E32149D1-5038-4C65-AA4D-1107D5FF571D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FB4F1E5D-88C9-48EE-90D8-9E06899C61E2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{FF8D796E-98A5-43A4-817A-2C496EBFC57A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0DFB5BD1-2F51-4FAA-A9E4-2223D24E6988}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{25B7B7DC-B9F0-44AF-A1B7-948166E605E9}C:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe |
"TCP Query User{2EEF5E9F-C081-4CBD-AEDB-1F74508BFF84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3795C03A-76E2-4F03-96C8-E254D625AE20}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3AD666FA-38D0-46C6-978F-C2F536C14154}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{3B7FEBA0-A1B9-4DD7-BFA3-960668161CE8}C:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe |
"TCP Query User{5796A521-6736-4E6B-B6EE-28C9C093CC1B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{60987D07-58AF-40AF-B0C4-B42D23CC4B2D}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{61B79405-F47B-49A1-8066-69976474243E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6ADCA702-95BF-4B60-9781-92C00EC528F8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9072B7C6-FC6F-40D5-85AB-F61A00D8C09C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{BC4C5EB2-76B3-4B12-86AA-E70E7B6DB83B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DA5078E1-1D12-4DFD-BBF5-69CE4FED4555}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{0CE0BCCB-3B11-48AA-BA0E-8A0732C9D02A}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{22147FE9-F8A8-48C0-93A6-6E3C793D0D6F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2460CCC5-5C93-4FFF-85EB-522B40D31016}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{29E6B75E-2738-4125-B3A4-352444005A77}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{29FFBEE6-4A14-4F0E-B92F-FA9CB6DBC970}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{31130C3F-39A6-427E-800C-5E70A1C1E47B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{407FE22A-DEBC-4DF9-8870-B2C8A561F8F8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{4F4A9B2A-C641-4367-A790-15B70FF41014}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{5EEF7280-0FA9-47E9-BD06-88AA86DAE6B6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{6FE3F465-9C6A-4676-A4A5-0E674340E515}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{762C3A4D-46C0-4B78-BC5E-D443A40DB0BA}C:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe |
"UDP Query User{AAC8F1C7-6B63-4666-BA08-AF8CD6B6654E}C:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe |
"UDP Query User{EE13A1C2-5B66-4885-A7F1-24431C791B6B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

Re: Ranmit infection14th April 2011, 7:41 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Krait
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM Toolbar" = AIM Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"HijackThis" = HijackThis 2.0.2
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"jZip" = jZip
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"Mumble" = Mumble and Murmur
"Natural Selection_is1" = Natural Selection 3.2
"Pacific Poker" = Pacific Poker
"SopCast" = SopCast 3.2.9
"SpeedFan" = SpeedFan (remove only)
"Steam App 30" = Day of Defeat
"Steam App 550" = Left 4 Dead 2
"Steam App 70" = Half-Life
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TreeSize Free_is1" = TreeSize Free V2.5
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Re: Ranmit infection14th April 2011, 7:41 pm

Ok that's both the OTL and the extras file Smile...

Re: Ranmit infection14th April 2011, 8:23 pm

Did you see my post on the last page about the severity of this infection?

Re: Ranmit infection14th April 2011, 9:08 pm

Crush wrote:

Did you see my post on the last page about the severity of this infection?

Sorry, with the virus constantly sabotaging my posts I kept having to rewrite them and it looks like I left out my main response to what you said.

I live a few hundred miles from my vista disc and I rekon it will take at least a week to get it sent up here. I was hoping in the meantime (because I still need to use my pc) if I could take you up on the offer of seeing what best you could do.

I was also wondering if my E: drive was ok? It's essentially just a load of torrents. Will I need to discard those too!? Sad tearing

Re: Ranmit infection15th April 2011, 12:01 am

Given the severity of this infection I would not use it for anything in its compromised state so anything we could do would be in vain if you're just going to reformat.

The torrents are likely how you got infected. I personally would stop downloading them altogether, yes

Re: Ranmit infection15th April 2011, 12:41 am

I only use a private site for torrents and I've never had any problem before with them. I'm fairly certain it was a porn website Sad tearing

What exactly can I save from my current computer? I'm ok with just wiping my C: drive, but wiping 300gigs of films would be a huge loss Sad tearing

Would there be a way of determining if the virus has spread to that drive in particular?

Re: Ranmit infection15th April 2011, 1:14 am

You should only be backing up files you absolutely need and can't obtain again. This kind of virus that affects so many files and has these kinds of effects is not common.

Re: Ranmit infection15th April 2011, 1:36 am

Is there really no way of scanning film/mp3 files for infections to see if it might have been left untouched? Surely it's easy to see if malicious code has been added onto a file that normally doens't have any code in it. Or something... Sad tearing

300gigs of music and film!!! I can't replace it!! Sad tearing

Re: Ranmit infection15th April 2011, 5:23 am

Not with an infection that literally affects everything on the drive to a point that it is a fruitless endeavor to disinfect unfortunately

Re: Ranmit infection16th April 2011, 11:16 pm

Ok, thanks Sad tearing

Re: Ranmit infection17th April 2011, 2:51 am

Is there anything more we can help you with?

Re: Ranmit infection19th April 2011, 5:42 pm

Erm yes pls. Well not quite yet, my vista disc hasn't arrived yet :/

Re: Ranmit infection19th April 2011, 7:09 pm

Ok. Let us know when it does

Re: Ranmit infection4th May 2011, 5:47 pm

OK now I have more problems Sad tearing

I eventually got my vista disc sent up, but having just read through the reinstall guide, I need my motherboard disc too! I have abolutely no idea where it is and my mum can't find it back home.

And to be honest...
http://www.GeekPolice.net/t15119-how-to-reformat-and-reinstall-your-operating-system

This stuff about partitioning drives and BIOS sounds way, way out of my ability. I needed a friend just to install a printer Sad tearing

I think I'm going to wait to reinstall when I get back home (in about 3 weeks)

At first I thought I'd be fine leaving the virus in the background, but now it seems to have completely taken over my HD. ESET gives me warnings non stop about files it's unable to delete, and the hard drive is CONSTANTLY (literally non stop) making noise, as if it's reading/writing. I get constant fps drop in even old games, and programs often crash, I'm assuming from lack of memory.

Is there any way I can at least attempt a fix so that my pc's in a workable state for the next month. Please!!!

Re: Ranmit infection6th May 2011, 4:44 pm

Bump!

Ranmit infection

descriptionRe: Ranmit infection14th April 2011, 7:35 pm

descriptionRe: Ranmit infection14th April 2011, 7:36 pm

descriptionRe: Ranmit infection14th April 2011, 7:39 pm

descriptionRe: Ranmit infection14th April 2011, 7:40 pm

descriptionRe: Ranmit infection14th April 2011, 7:40 pm

descriptionRe: Ranmit infection14th April 2011, 7:41 pm

descriptionRe: Ranmit infection14th April 2011, 7:41 pm

descriptionRe: Ranmit infection14th April 2011, 8:23 pm

descriptionRe: Ranmit infection14th April 2011, 9:08 pm

descriptionRe: Ranmit infection15th April 2011, 12:01 am

descriptionRe: Ranmit infection15th April 2011, 12:41 am

descriptionRe: Ranmit infection15th April 2011, 1:14 am

descriptionRe: Ranmit infection15th April 2011, 1:36 am

descriptionRe: Ranmit infection15th April 2011, 5:23 am

descriptionRe: Ranmit infection16th April 2011, 11:16 pm

descriptionRe: Ranmit infection17th April 2011, 2:51 am

descriptionRe: Ranmit infection19th April 2011, 5:42 pm

descriptionRe: Ranmit infection19th April 2011, 7:09 pm

descriptionRe: Ranmit infection4th May 2011, 5:47 pm

descriptionRe: Ranmit infection6th May 2011, 4:44 pm

descriptionRe: Ranmit infection

Re: Ranmit infection14th April 2011, 7:35 pm

Re: Ranmit infection14th April 2011, 7:36 pm

Re: Ranmit infection14th April 2011, 7:39 pm

Re: Ranmit infection14th April 2011, 7:40 pm

Re: Ranmit infection14th April 2011, 7:40 pm

Re: Ranmit infection14th April 2011, 7:41 pm

Re: Ranmit infection14th April 2011, 7:41 pm

Re: Ranmit infection14th April 2011, 8:23 pm

Re: Ranmit infection14th April 2011, 9:08 pm

Re: Ranmit infection15th April 2011, 12:01 am

Re: Ranmit infection15th April 2011, 12:41 am

Re: Ranmit infection15th April 2011, 1:14 am

Re: Ranmit infection15th April 2011, 1:36 am

Re: Ranmit infection15th April 2011, 5:23 am

Re: Ranmit infection16th April 2011, 11:16 pm

Re: Ranmit infection17th April 2011, 2:51 am

Re: Ranmit infection19th April 2011, 5:42 pm

Re: Ranmit infection19th April 2011, 7:09 pm

Re: Ranmit infection4th May 2011, 5:47 pm

Re: Ranmit infection6th May 2011, 4:44 pm

Re: Ranmit infection