Ranmit infection

View previous topic View next topic Go down

Ranmit infection

Post by bertington on Thu Apr 14, 2011 4:22 pm

Sorry, I'm getting "connection was reset" pages when trying to make this post and it keeps deleting my posts Sad tearing
I'm going to try and get this posted and then just edit the post in, apologies...

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 4:27 pm

Ok a few days ago I noticed i was infected as poorly detailed here - [You must be registered and logged in to see this link.]

That thread suggested I use NOD32, which I did. It found a lot of infected files, mostly named "Ranmit". At the end of the scan it listed a lot of the infected files as "do nothing" or something similar. I selected them all and clicked "clean up". The program failed to do so and I kept having to click "retry" for some files. For a few I started clicking the "delete" button instead, but once I notced some of the pathways mention ATI (my graphics card) I decided to stop deleting them.
Anyway the infection still seems to be here. NOD32 is still producing flash up boxes now and then with infections, my browser seems to be totally hijacked, and when I try to steam games i get "your .dll differs from the server".

Also in the above thread it was suggested I download [You must be registered and logged in to see this link.]
Before NOD32 deleted some of the infection, attempting to run that file crashed my comp, but I've now been able to run it. But it doesn't seem to have done anything.. Please help Sad tearing

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 4:28 pm

Ok I can't seem to paste the OTL or Extras files.... Too much text? Is there particular bits I should paste?

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by Crush on Thu Apr 14, 2011 4:32 pm

Hi,

Attention: Your computer is severely infected with Win32\Ramnit what is now called, a cocktail infection. This is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a [You must be registered and logged in to see this link.], which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a [You must be registered and logged in to see this link.], which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a [You must be registered and logged in to see this link.], which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:




Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the [You must be registered and logged in to see this link.] security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:


Guides for format and reinstall:

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 4:44 pm

test

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 4:46 pm

ARGHHH!!! I can't even post anymore!! Keeps giving me error messages.
Ok, My vista CD is a few hundred miles away from me atm and will probably take a week to get it sent up here. If you could help me to turn my computer into something usable until then it would be much appreciated.

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 4:48 pm

Lol ok I think I've just noticed that the virus is blocking me from even typing this website: [You must be registered and logged in to see this link.] and then "windows" and then "update"
I wasn't able to do that part of the guide because trying to load that website always fails. And it seems everytime I try to make a post here it makes the post fail to get to the website too. Jesus Christ :/

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 4:49 pm

Yeah I also still can't post the OTL or Extra files Sad tearing

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:34 pm

OTL logfile created on: 14/04/2011 15:20:54 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrew\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.25 Gb Total Space | 14.98 Gb Free Space | 21.64% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 32.81 Gb Free Space | 11.01% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/14 15:13:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.com
PRC - [2011/03/24 00:14:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/08/26 02:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/26 02:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/18 14:13:50 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/27 15:05:44 | 000,143,360 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Krait\razerofa.exe
PRC - [2007/02/16 17:46:20 | 000,114,688 | ---- | M] () -- C:\Program Files\Razer\Krait\razertra.exe
PRC - [2007/02/16 17:44:08 | 000,126,976 | ---- | M] () -- C:\Program Files\Razer\Krait\razerhid.exe
PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Modules (SafeList) ==========

MOD - [2011/04/14 15:13:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.com
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/01 09:59:14 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/01/11 06:44:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/26 02:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/05/18 14:13:50 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/01/19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/08/26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 02:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/15 13:47:24 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/05/06 10:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/01/20 15:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/19 20:01:51 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/07 17:27:52 | 000,013,324 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\krait.sys -- (krait03)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.selectedEngine: "Dictionary.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.home.jzip.com/search?fr=i3752"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 00:14:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 15:01:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/14 12:30:37 | 000,000,000 | ---D | M]

[2008/09/15 20:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2011/04/14 14:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\extensions
[2011/04/14 14:55:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/25 20:08:21 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\extensions\firefox@tvunetworks.com
[2010/03/16 02:47:05 | 000,002,275 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\searchplugins\aim-search.xml
[2010/04/11 17:54:37 | 000,000,921 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u5d9z055.default\searchplugins\dictionarycom.xml
[2011/04/14 14:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 14:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/09/29 00:07:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 14:43:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/30 15:00:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/30 15:00:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/30 15:00:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/30 15:00:20 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:34 pm

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [2B5BEEEC4E692BCD] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\ngfminbl\vmwysnkc.exe) - C:\Program Files\ngfminbl\vmwysnkc.exe File not found
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/14 15:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/14 14:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/04/14 14:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/04/14 14:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/14 14:43:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/14 14:43:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/14 14:43:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/14 12:31:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\ESET
[2011/04/14 12:30:51 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/04/14 12:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/04/14 12:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/04/14 12:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/14 01:06:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/13 20:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\ngfminbl
[2011/04/11 22:12:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/04/11 22:11:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/04/11 22:11:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/04/11 22:11:46 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/04/11 22:11:46 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/04/11 22:11:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/04/11 22:11:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/04/11 22:11:46 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/04/11 22:11:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/04/11 22:11:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/04/11 22:11:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/04/11 22:11:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/04/11 22:11:44 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/04/11 22:11:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/04/11 22:11:44 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/04/11 22:11:44 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/04/11 22:11:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/04/08 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Nefef
[2011/04/08 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Fexigy
[2011/04/05 16:13:27 | 000,022,504 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011/04/05 16:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011/04/05 16:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/03/17 05:56:53 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Yvyxl
[31 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/14 15:01:55 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/14 14:43:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/14 14:43:24 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/14 14:43:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/14 14:43:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/14 14:29:22 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/14 13:47:12 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 13:47:12 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 12:37:35 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/14 12:37:35 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/14 11:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/14 11:46:55 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/14 11:43:26 | 237,451,678 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/14 01:06:29 | 000,001,950 | ---- | M] () -- C:\Users\Andrew\Desktop\HiJackThis.lnk
[2011/04/13 20:04:57 | 000,174,955 | ---- | M] () -- C:\Windows\System32\test.exe
[2011/04/13 01:23:46 | 000,008,505 | -HS- | M] () -- C:\Users\Andrew\Folder.jpg
[2011/04/13 01:23:46 | 000,002,318 | -HS- | M] () -- C:\Users\Andrew\AlbumArtSmall.jpg
[2011/04/13 01:21:48 | 075,657,504 | ---- | M] () -- C:\Users\Andrew\paracast_110410.mp3
[2011/04/12 12:34:00 | 000,091,136 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/11 23:00:34 | 000,371,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/08 21:23:29 | 000,032,018 | ---- | M] () -- C:\Users\Andrew\magichappyland.jpg
[2011/04/08 21:02:19 | 000,001,805 | ---- | M] () -- C:\Users\Andrew\delarge.gif
[2011/04/08 20:51:32 | 000,050,749 | ---- | M] () -- C:\Users\Andrew\germany-flag.jpg
[2011/04/08 20:49:01 | 000,084,490 | ---- | M] () -- C:\Users\Andrew\Flag-Holy-Roman-Empire.png
[2011/04/07 14:43:43 | 000,037,734 | ---- | M] () -- C:\Users\Andrew\rainbow_swastika.jpg
[2011/04/05 16:13:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/03 07:08:21 | 000,012,682 | -HS- | M] () -- C:\Users\Andrew\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
[2011/04/03 07:08:21 | 000,012,682 | -HS- | M] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2011/03/30 23:43:10 | 032,539,213 | ---- | M] () -- C:\Users\Andrew\paracast_110320.mp3.part
[2011/03/30 23:36:18 | 000,000,000 | ---- | M] () -- C:\Users\Andrew\paracast_110320.mp3
[2011/03/28 05:39:05 | 075,657,248 | ---- | M] () -- C:\Users\Andrew\paracast_110327.mp3
[2011/03/18 07:32:35 | 075,657,440 | ---- | M] () -- C:\Users\Andrew\paracast_110313.mp3
[31 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:35 pm

========== Files Created - No Company Name ==========

[2011/04/14 15:01:55 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/14 15:01:55 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/14 11:46:55 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/14 11:37:34 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/13 20:04:53 | 000,174,955 | ---- | C] () -- C:\Windows\System32\test.exe
[2011/04/13 00:36:34 | 075,657,504 | ---- | C] () -- C:\Users\Andrew\paracast_110410.mp3
[2011/04/11 22:11:45 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/04/11 22:11:45 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/04/11 22:11:45 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/04/08 21:23:28 | 000,032,018 | ---- | C] () -- C:\Users\Andrew\magichappyland.jpg
[2011/04/08 21:02:19 | 000,001,805 | ---- | C] () -- C:\Users\Andrew\delarge.gif
[2011/04/08 20:51:32 | 000,050,749 | ---- | C] () -- C:\Users\Andrew\germany-flag.jpg
[2011/04/08 20:49:01 | 000,084,490 | ---- | C] () -- C:\Users\Andrew\Flag-Holy-Roman-Empire.png
[2011/04/07 14:43:42 | 000,037,734 | ---- | C] () -- C:\Users\Andrew\rainbow_swastika.jpg
[2011/04/05 16:13:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/03 07:25:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/03 07:25:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/03 06:49:08 | 000,012,682 | -HS- | C] () -- C:\Users\Andrew\AppData\Local\61am7kh612rw85n14158n8334sb5378m1c5h32
[2011/04/03 06:49:08 | 000,012,682 | -HS- | C] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2011/03/30 23:36:18 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\paracast_110320.mp3
[2011/03/30 23:36:16 | 032,539,213 | ---- | C] () -- C:\Users\Andrew\paracast_110320.mp3.part
[2011/03/28 05:29:50 | 075,657,248 | ---- | C] () -- C:\Users\Andrew\paracast_110327.mp3
[2011/03/18 07:30:32 | 075,657,440 | ---- | C] () -- C:\Users\Andrew\paracast_110313.mp3
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/12 22:46:31 | 000,000,263 | ---- | C] () -- C:\Windows\System32\gapa.ini
[2010/06/16 14:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/05/27 17:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/04/18 18:16:41 | 018,499,623 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2009/12/13 01:13:43 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/11 03:36:54 | 018,030,130 | ---- | C] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2009/10/27 19:03:12 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2009/09/06 22:27:58 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/22 23:34:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/27 21:29:41 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2009/02/18 18:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/21 19:27:22 | 000,091,136 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 00:25:46 | 014,618,605 | ---- | C] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2008/09/21 16:22:08 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/09/19 20:52:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/19 19:17:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/09/15 21:40:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/15 21:40:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/15 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2008/09/15 20:11:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/01 05:15:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/06 01:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/21 07:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,371,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/25 01:22:06 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/01 01:16:53 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/24 14:57:48 | 000,047,466 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\attachment.png
[2008/09/16 01:59:56 | 000,000,286 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/24 00:14:38 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/24 00:14:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 12:07:14 | 000,174,955 | ---- | M] () -- C:\Program Files\Mozilla Firefox\firefoxmgr.exe
[2011/03/24 00:14:38 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/15 21:21:12 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/03 07:08:21 | 000,012,682 | -HS- | M] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2008/11/29 00:26:50 | 014,618,605 | ---- | M] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2009/09/06 22:31:48 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/10/27 19:03:29 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/01/27 01:56:44 | 018,030,130 | ---- | M] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2010/04/18 18:17:13 | 018,499,623 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2010/10/15 15:08:12 | 003,600,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 08:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/21 03:23:54 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 08:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[1996/04/03 20:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
[2006/11/02 08:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\speedfan.sys
[2010/12/31 14:25:17 | 002,038,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2010/08/26 02:19:28 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:36 pm

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/01 01:16:53 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/24 14:57:48 | 000,047,466 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\attachment.png
[2008/09/16 01:59:56 | 000,000,286 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/24 00:14:38 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/24 00:14:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 12:07:14 | 000,174,955 | ---- | M] () -- C:\Program Files\Mozilla Firefox\firefoxmgr.exe
[2011/03/24 00:14:38 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/15 21:21:12 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/03 07:08:21 | 000,012,682 | -HS- | M] () -- C:\ProgramData\61am7kh612rw85n14158n8334sb5378m1c5h32
[2008/11/29 00:26:50 | 014,618,605 | ---- | M] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2009/09/06 22:31:48 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/10/27 19:03:29 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/01/27 01:56:44 | 018,030,130 | ---- | M] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2010/04/18 18:17:13 | 018,499,623 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2010/10/15 15:08:12 | 003,600,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 08:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/21 03:23:54 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 08:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[1996/04/03 20:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
[2006/11/02 08:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\speedfan.sys
[2010/12/31 14:25:17 | 002,038,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2010/08/26 02:19:28 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/01/02 05:10:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/09/19 19:39:20 | 000,000,237 | ---- | M] () -- C:\csb.log
[2011/04/14 11:46:55 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/16 02:29:24 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2011/04/14 14:47:09 | 000,003,064 | ---- | M] () -- C:\JavaRa.log
[2011/04/03 07:25:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/14 11:46:54 | 4070,129,664 | -HS- | M] () -- C:\pagefile.sys
[2008/09/19 19:37:28 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2008/07/26 18:22:44 | 000,000,004 | RHS- | M] () -- C:\WINOS.SYS

< %PROGRAMFILES%\*. >
[2011/04/14 12:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/04/14 15:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/15 21:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/03 13:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/09/27 01:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/04/08 22:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/04/14 12:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2011/04/14 15:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/04/05 16:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID
[2011/04/14 12:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/12/17 13:32:56 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/09/17 19:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/11 22:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/08 22:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/08 22:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/22 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\JAM Software
[2010/12/11 14:02:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/14 12:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\jZip
[2009/05/22 17:26:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/09/19 20:51:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/02/03 05:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/02/11 09:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/14 11:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/09/19 20:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/04/14 12:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/02 11:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/04/14 12:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/09/08 09:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/14 14:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/02/11 09:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/04/14 12:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mumble
[2009/06/22 19:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2011/04/13 20:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\ngfminbl
[2011/04/14 14:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/03/08 23:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Prime95
[2011/04/14 14:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/16 13:57:06 | 000,000,000 | ---D | M] -- C:\Program Files\Razer
[2008/09/19 20:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/04/14 12:58:55 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2008/09/17 19:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2011/04/14 14:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2011/04/14 13:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2009/05/25 23:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/08/05 00:50:06 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2011/04/14 13:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/11 22:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/04/25 03:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2011/04/14 12:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2008/09/17 19:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/04/20 16:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/01/21 03:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 03:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 03:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/21 03:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/05/22 17:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/22 17:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/04/11 22:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/12 22:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 03:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 03:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2009/03/02 18:48:36 | 000,076,407 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Smiley.ico


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 09:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:39 pm

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\********\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\********\Auto Update\Results\Install\\LastSuccessTime: 2011-04-13 18:33:48

< End of report >

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:40 pm

Ok that is the whole OTL file. In that last post I had to star out the word "windows" and then "update" because obviously this virus is not allowing me to send/connect to anything with that word in it... I'll try and do the extras file now

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:40 pm

OTL Extras logfile created on: 14/04/2011 15:20:54 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrew\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.25 Gb Total Space | 14.98 Gb Free Space | 21.64% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 32.81 Gb Free Space | 11.01% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3680316882-2675168402-2279185747-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FB5F78A-B0CD-4B82-A646-B7E1C9C12F68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24FD810E-95CD-47EE-8DC0-6406D3FBF1B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EFBB532-3E87-46F6-8F57-522A40B8DBCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{540A0EDC-55D0-49CB-BE15-DAFA7A4552A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6B2EC367-72AD-46D6-8DBC-44E8934B76AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{85AA24BD-6A84-4946-99FD-931BCA64DF39}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8DEBFA48-9C14-491E-98C7-2EBB0A89A891}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E264F42-6ED1-4063-9638-43B41985DB70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AABA84DA-6051-4029-9E0B-99FBA041187D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C88261CB-7237-4BFD-B4F5-82A97F273FB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A4A3F9-A976-4D51-AE02-6B32702565C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DC9769D-CC34-4D78-87CE-E183A56D009B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{24ACA405-4DB1-4A9F-9E67-8DF89094724D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{2AD8480B-CE98-45CD-A2B5-3B357A0329AE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2DCDC92D-7DB9-4E0D-89DE-784CED3731FD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{2E6B4082-4F61-48F3-B32A-87693F5EAA46}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{4171C89A-183B-4FE1-937D-BCD34DCDFD99}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F0200E7-69C7-4D10-9A22-4C96CE820351}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6A8E9546-C351-4775-8B6F-7726318C73B1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\day of defeat\hl.exe |
"{6E82B0DE-8F56-4B34-AAA8-FA5E581BC2B5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{701C9AA6-0C10-4B48-8DFC-021DDD1D1705}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{709DEB71-F31A-4F67-9879-C05441292502}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{714BFB6F-F918-4DE1-8BE3-F1C19481E8B5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{79EB2441-FD26-4D4E-82EB-C5C54D2679C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{7F70E632-A822-475D-B69D-09C1398F1395}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{82CB4102-8FDA-4A20-BD72-BB8BD40767C1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{895B9329-D033-43C9-A983-275B3359B9CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"{8C69321F-A688-4838-8B77-B3C5ADCC0F5E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DFB19E1-48D7-42F5-8E9D-1432E2436A92}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{91BB9FCD-2A6F-401F-BE90-B13E29D3C71E}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9A480546-3828-43C3-BFD2-4A16CABD7CE4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9D5C831F-3F8B-4AF3-9C96-38351493EF35}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A11BB17A-9ADD-4EE9-8339-04F89A887D41}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A4349C70-E69F-4FCC-8F6F-76CBB8B68619}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\day of defeat\hl.exe |
"{A46747F3-EFD2-45BF-AAA4-EECC7C47A84E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A73A1ED0-59C7-4AF5-AEE4-D87AB83D090B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{AFCBC7B2-A6E6-453A-98B2-7A68EBF1D629}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{B153844F-1735-45A3-8AD7-E0953287DC2E}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B75ED986-03DA-420F-BA35-5FB4A5CE6900}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C02CAF9F-30EA-4F74-83BD-C5966312D0AA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C16D7048-F788-48E2-AA39-9C0215785F6F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{C2CD2145-A135-4AC9-AAF6-4EDE81CF6552}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"{C3843D33-D60A-46DC-882B-452ED58218E3}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C5F0A187-12FD-4F7E-8647-2E16C899A355}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{CB2E3892-3811-4191-BBD5-B53FD9AC1BF8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CB69C03A-4049-419A-8026-BF40F4854188}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{CE43C6C8-29DC-4A44-BCE8-EB9F101579B2}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D0123EF2-2DCF-44AA-85B6-1D9636F689DE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D056FFDC-94A5-4E6A-BAC7-23717FF53E70}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D1F639CC-1235-4311-A035-6913D9CDEB00}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{DC16C2F3-0F8B-4C5B-A72F-BC65C8E51D79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life\hl.exe |
"{DCE6D798-B6EE-4448-9590-7BB03AC58991}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{E32149D1-5038-4C65-AA4D-1107D5FF571D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FB4F1E5D-88C9-48EE-90D8-9E06899C61E2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{FF8D796E-98A5-43A4-817A-2C496EBFC57A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0DFB5BD1-2F51-4FAA-A9E4-2223D24E6988}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{25B7B7DC-B9F0-44AF-A1B7-948166E605E9}C:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe |
"TCP Query User{2EEF5E9F-C081-4CBD-AEDB-1F74508BFF84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3795C03A-76E2-4F03-96C8-E254D625AE20}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3AD666FA-38D0-46C6-978F-C2F536C14154}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{3B7FEBA0-A1B9-4DD7-BFA3-960668161CE8}C:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe |
"TCP Query User{5796A521-6736-4E6B-B6EE-28C9C093CC1B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{60987D07-58AF-40AF-B0C4-B42D23CC4B2D}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{61B79405-F47B-49A1-8066-69976474243E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6ADCA702-95BF-4B60-9781-92C00EC528F8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9072B7C6-FC6F-40D5-85AB-F61A00D8C09C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{BC4C5EB2-76B3-4B12-86AA-E70E7B6DB83B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DA5078E1-1D12-4DFD-BBF5-69CE4FED4555}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{0CE0BCCB-3B11-48AA-BA0E-8A0732C9D02A}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{22147FE9-F8A8-48C0-93A6-6E3C793D0D6F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2460CCC5-5C93-4FFF-85EB-522B40D31016}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{29E6B75E-2738-4125-B3A4-352444005A77}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{29FFBEE6-4A14-4F0E-B92F-FA9CB6DBC970}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{31130C3F-39A6-427E-800C-5E70A1C1E47B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{407FE22A-DEBC-4DF9-8870-B2C8A561F8F8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{4F4A9B2A-C641-4367-A790-15B70FF41014}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{5EEF7280-0FA9-47E9-BD06-88AA86DAE6B6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{6FE3F465-9C6A-4676-A4A5-0E674340E515}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{762C3A4D-46C0-4B78-BC5E-D443A40DB0BA}C:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\team fortress 2\hl2.exe |
"UDP Query User{AAC8F1C7-6B63-4666-BA08-AF8CD6B6654E}C:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\horn_\half-life 2 deathmatch\hl2.exe |
"UDP Query User{EE13A1C2-5B66-4885-A7F1-24431C791B6B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:41 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Krait
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM Toolbar" = AIM Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"HijackThis" = HijackThis 2.0.2
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"jZip" = jZip
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"Mumble" = Mumble and Murmur
"Natural Selection_is1" = Natural Selection 3.2
"Pacific Poker" = Pacific Poker
"SopCast" = SopCast 3.2.9
"SpeedFan" = SpeedFan (remove only)
"Steam App 30" = Day of Defeat
"Steam App 550" = Left 4 Dead 2
"Steam App 70" = Half-Life
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TreeSize Free_is1" = TreeSize Free V2.5
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 7:41 pm

Ok that's both the OTL and the extras file Smile

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by Crush on Thu Apr 14, 2011 8:23 pm

Did you see my post on the last page about the severity of this infection?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Thu Apr 14, 2011 9:08 pm

[You must be registered and logged in to see this link.] wrote:Did you see my post on the last page about the severity of this infection?

Sorry, with the virus constantly sabotaging my posts I kept having to rewrite them and it looks like I left out my main response to what you said.

I live a few hundred miles from my vista disc and I rekon it will take at least a week to get it sent up here. I was hoping in the meantime (because I still need to use my pc) if I could take you up on the offer of seeing what best you could do.

I was also wondering if my E: drive was ok? It's essentially just a load of torrents. Will I need to discard those too!? Sad tearing

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by Crush on Fri Apr 15, 2011 12:01 am

Given the severity of this infection I would not use it for anything in its compromised state so anything we could do would be in vain if you're just going to reformat.

The torrents are likely how you got infected. I personally would stop downloading them altogether, yes

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Fri Apr 15, 2011 12:41 am

I only use a private site for torrents and I've never had any problem before with them. I'm fairly certain it was a porn website Sad tearing

What exactly can I save from my current computer? I'm ok with just wiping my C: drive, but wiping 300gigs of films would be a huge loss Sad tearing
Would there be a way of determining if the virus has spread to that drive in particular?

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by Crush on Fri Apr 15, 2011 1:14 am

You should only be backing up files you absolutely need and can't obtain again. This kind of virus that affects so many files and has these kinds of effects is not common.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Fri Apr 15, 2011 1:36 am

Is there really no way of scanning film/mp3 files for infections to see if it might have been left untouched? Surely it's easy to see if malicious code has been added onto a file that normally doens't have any code in it. Or something... Sad tearing

300gigs of music and film!!! I can't replace it!! Sad tearing

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by Crush on Fri Apr 15, 2011 5:23 am

Not with an infection that literally affects everything on the drive to a point that it is a fruitless endeavor to disinfect unfortunately

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Sat Apr 16, 2011 11:16 pm

Ok, thanks Sad tearing

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by Crush on Sun Apr 17, 2011 2:51 am

Is there anything more we can help you with?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Tue Apr 19, 2011 5:42 pm

Erm yes pls. Well not quite yet, my vista disc hasn't arrived yet :/

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by Crush on Tue Apr 19, 2011 7:09 pm

Ok. Let us know when it does

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Wed May 04, 2011 5:47 pm

OK now I have more problems Sad tearing
I eventually got my vista disc sent up, but having just read through the reinstall guide, I need my motherboard disc too! I have abolutely no idea where it is and my mum can't find it back home.

And to be honest...
[You must be registered and logged in to see this link.]

This stuff about partitioning drives and BIOS sounds way, way out of my ability. I needed a friend just to install a printer Sad tearing

I think I'm going to wait to reinstall when I get back home (in about 3 weeks)

At first I thought I'd be fine leaving the virus in the background, but now it seems to have completely taken over my HD. ESET gives me warnings non stop about files it's unable to delete, and the hard drive is CONSTANTLY (literally non stop) making noise, as if it's reading/writing. I get constant fps drop in even old games, and programs often crash, I'm assuming from lack of memory.

Is there any way I can at least attempt a fix so that my pc's in a workable state for the next month. Please!!!



bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ranmit infection

Post by bertington on Fri May 06, 2011 4:44 pm

Bump!

bertington
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-04-14
OS OS : vista 32 bit
Points Points : 21074
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum