it would just download up to 95 percent and then it wont continue. i only have malwarebytes the free one and it discovers 8 infections ... im getting that trojan pramro
and ive seen on my c drive the uthh.exe that cannot be deleted. and as searching for a
cure i have seen this combofix and out of curiosity ive downloaded and run it but nothing happen'd. i hope you guys can help me out ... thanks in advance
this is my otl log file
note- this is my first time to do forums just tell me if i did something wrong .. thanks
OTL Extras logfile created on: 1/21/2012 10:51:10 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ron\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 529.20 Mb Available Physical Memory | 52.17% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.39 Gb Total Space | 61.11 Gb Free Space | 70.74% Space Free | Partition Type: NTFS
Drive E: | 5.75 Gb Total Space | 0.55 Gb Free Space | 9.59% Space Free | Partition Type: FAT32
Computer Name: RON-82C6EAEB99E | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\orat.pif" = E:\orat.pif:*:Enabled:ipsec -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\explorer.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winhivch.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winhivch.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winffpi.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winffpi.exe:*:Enabled:ipsec
"C:\uthh.exe" = C:\uthh.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Ron\LOCALS~1\Temp\xcmxf.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\xcmxf.exe:*:Enabled:ipsec
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\DOCUME~1\Ron\LOCALS~1\Temp\bttf.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\bttf.exe:*:Enabled:ipsec
"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe" = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe:*:Enabled:ipsec -- (Hewlett-Packard Company)
"C:\DOCUME~1\Ron\LOCALS~1\Temp\aqos.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\aqos.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\lkbglh.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\lkbglh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\hlcf.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\hlcf.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\hwdy.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\hwdy.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winurgwts.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winurgwts.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winhihpp.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winhihpp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winxqvxf.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winxqvxf.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\hfir.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\hfir.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\unlvcq.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\unlvcq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\oroa.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\oroa.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\svgd.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\svgd.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\gmihx.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\gmihx.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\Ron\LOCALS~1\Temp\abfe.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\abfe.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\mmnla.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\mmnla.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\xwvivf.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\xwvivf.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\lwdsc.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\lwdsc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\cdss.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\cdss.exe:*:Enabled:ipsec
"C:\Program Files\Garena Plus\GarenaMessenger.exe" = C:\Program Files\Garena Plus\GarenaMessenger.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winkdcykd.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winkdcykd.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\ttpsa.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\ttpsa.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winjmyrkg.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winjmyrkg.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\lcybvq.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\lcybvq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winibjyx.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winibjyx.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winxwxwyj.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winxwxwyj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winemovuk.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winemovuk.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\duwh.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\duwh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winhhocmp.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winhhocmp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\vrer.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\vrer.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winalrhif.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winalrhif.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winslgc.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winslgc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\vrdk.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\vrdk.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\jliv.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\jliv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\fquyx.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\fquyx.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winjjyqqx.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winjjyqqx.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winxnnrcd.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winxnnrcd.exe:*:Enabled:ipsec
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ipsec -- (BitTorrent, Inc.)
"C:\DOCUME~1\Ron\LOCALS~1\Temp\wbhpjq.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\wbhpjq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\kexwbw.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\kexwbw.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winysde.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winysde.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\winlyorke.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\winlyorke.exe:*:Enabled:ipsec
"C:\DOCUME~1\Ron\LOCALS~1\Temp\uvapf.exe" = C:\DOCUME~1\Ron\LOCALS~1\Temp\uvapf.exe:*:Enabled:ipsec -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free Download Manager_is1" = Free Download Manager 3.8
"im" = Garena Plus
"InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinRAR archiver" = WinRAR 4.10 beta 5 (32-bit)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/16/2012 2:26:12 AM | Computer Name = RON-82C6EAEB99E | Source = Application Error | ID = 1000
Description = Faulting application sp29885.exe, version 4.0.100.1189, faulting module
unknown, version 0.0.0.0, fault address 0x34312e36.
Error - 1/20/2012 7:20:36 PM | Computer Name = RON-82C6EAEB99E | Source = Application Hang | ID = 1002
Description = Hanging application HiJackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 1/20/2012 9:33:36 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 1/20/2012 9:33:36 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 1/20/2012 9:33:36 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\browsercomps.dll.
Reference
error message: The operation completed successfully. .
Error - 1/20/2012 9:44:35 PM | Computer Name = RON-82C6EAEB99E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 1/20/2012 10:05:23 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 1/20/2012 10:05:23 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 1/20/2012 10:05:23 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\browsercomps.dll.
Reference
error message: The operation completed successfully. .
Error - 1/20/2012 10:41:15 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 1/20/2012 10:41:15 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 1/20/2012 10:41:15 PM | Computer Name = RON-82C6EAEB99E | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\browsercomps.dll.
Reference
error message: The operation completed successfully. .
< End of report >