explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]

[kricxjo]

Is this CheckSum correct?
I used link from your post and got:

File details OTLPENet.exe
Bytes=127,313,619
MB=121
MD5=349c5ce9edf3818bb233db2f258536ad

I thought it is corrupted, but I downloaded it twice
and received exactly the same values.

I used TotalCommander 7.55 to calculate CheckSum

[essexboy]

I will recheck I believe OT has changed the programme somewhat over the last few days

The MD5 is good though so it is safe to create the boot CD

[kricxjo]

I did exactly as you described, but during "getting folder structure..."
there popped out dialogue box: Run out of memory.
Here are parameters of local HDD and RAM disc:
Label              Total Size        Free Space
RAMDisc(B:)          63.9  MB          59.5  MB
local disc(C:)      289    GB         177    GB
HP_RECOVERY(D:)       8.61 GB           2.87 GB

[essexboy]

How much RAM is there on the system ?

Could you reboot and try again please

[polonus]

Cześć, kricxjo,

This is an English forum only, we haven't got a Polish sub-section yet. What you could do is use Google translate, it works as a charm to translate English into Polish (roughly): http://translate.google.com/
Tutaj znajdziesz Polskie forum AVAST!- po polsku: http://forum.avast.pl/

pozdrawiam,

polonus

[kricxjo]

O.K. I'm initialising Reatogo once again. I have 2GB RAM installed.
Is there any chance to change RAM disc size during start-up?

[kricxjo]

It's really nice to read "Cześć"
So far I didn't have much trouble to understand your posts
and I hope my English is also understandable?
Pozdrawiam

[kricxjo]

The same:" Run out of memory"
I'm really get tired for today. I'll write tomorrow if I managed to do this scan.

[essexboy]

Updated MD5

OTLPENet.exe
Size - 127,313,619 bytes
MD5 - 349C5CE9EDF3818BB233DB2F258536AD

I have asked OT if he has any idea why this is happening.  I will post as soon as I get a reply

[essexboy]

OK had a chat with OT

I may be using a scan that is to large.  I have now whittled it down to the basics and attached it below 

[kricxjo]

Hello, Essexboy

I've just completed your scans.
It is a result of your previous scan instructions posted yesterday at 04:14:57 PM
It just needed more time to do it.

[essexboy]

Could you re-run OTL please with the scan text that I uploaded today as I need to find the location of some spare copies of explorer, wininit etc. Once I have them I will re-locate them to the correct place 

[kricxjo]

Here you are. This is from the updated file.

[essexboy]

Hmm it is not scanning,

could you double click the custom scans and fixes area of OTL
then when the dialogue pops up browse to the scan.txt file you downloaded
select it and then press run scan 

[kricxjo]

out of memory