Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mad Dogs need help too!

Started by Peter the Veterinarian , Nov 16 2010 01:16 AM

  • Please log in to reply

#1
Peter the Veterinarian
Posted 16 November 2010 - 01:16 AM

Peter the Veterinarian

    New Member

  • Member
  • Pip
  • 3 posts
Hello all,

I'm volunteering for 4 weeks for a charity called the Mad Dogs Trust in Kerala, India (maddogstrust.com). Working conditions out here are basic to say the least, and while I've managed to neuter dogs by torchlight during a powercut, trying to sort out their virus-saturated laptop is proving beyond me! I've run Avast, McAffee, Adaware, Malware Bytes, MSRT and Spybot amongst others, and while all have fished out a few nasties, nothing has finished the job properly. The lack of a windows disc is also holding me back.

The main symptoms are:

1. Cannot use Microsoft/Windows update using Chrome, Firefox or IE8. Some browsers get further than other but none succeed in downloading files.
2. Homepage is reset to 'searchonlinepeople.com' every time IE is restarted
3. When using run > msconfig, I am told that an 'access denied error' has occured.
4. Several files found by various virus/malware applications cannot be deleted by any means that I know of. This even occurs when Avast carried out a boot scan.

I'm hoping one of you chaps can help me! Many thanks, Peter

OTL log below, quick scan, settings as installed:


OTL logfile created on: 11/16/2010 12:43:03 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\penny1\My Documents\Peter Martin
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 4.27 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 61.49 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive E: | 68.36 Gb Total Space | 68.11 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Drive F: | 68.36 Gb Total Space | 67.42 Gb Free Space | 98.62% Space Free | Partition Type: NTFS
Drive G: | 63.70 Gb Total Space | 48.86 Gb Free Space | 76.70% Space Free | Partition Type: NTFS

Computer Name: PENNY | User Name: penny1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 12:27:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\penny1\My Documents\Peter Martin\OTL.exe
PRC - [2010/11/11 13:42:34 | 002,836,656 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/11/09 21:08:33 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/09 21:08:28 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/10 13:17:14 | 000,512,000 | ---- | M] () -- C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe
PRC - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/09/29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/09/29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/08/26 11:32:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/03/14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 04:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/16 12:27:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\penny1\My Documents\Peter Martin\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\xmhyplfg.dll -- (nkdhfmyxn)
SRV - [2010/11/09 21:08:28 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/10 13:17:14 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008/08/26 11:32:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ynoefwde.sys -- (ynoefwde)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\yesjcoov.sys -- (yesjcoov)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vrkroste.sys -- (vrkroste)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\uvbhzwjf.sys -- (uvbhzwjf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\uifrsuvg.sys -- (uifrsuvg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\uazaemla.sys -- (uazaemla)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\twuzhzfl.sys -- (twuzhzfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\tctckyfj.sys -- (tctckyfj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\skqldxyv.sys -- (skqldxyv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sekrlquq.sys -- (sekrlquq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\qsmemask.sys -- (qsmemask)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\pckmtapa.sys -- (pckmtapa)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ouocybrs.sys -- (ouocybrs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\nrueubco.sys -- (nrueubco)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\nnchwplv.sys -- (nnchwplv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\mswqtlix.sys -- (mswqtlix)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lwecqvvc.sys -- (lwecqvvc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\loauftun.sys -- (loauftun)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ljnzoerl.sys -- (ljnzoerl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lbsbsafo.sys -- (lbsbsafo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\kjylgnsk.sys -- (kjylgnsk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\kgeblxfv.sys -- (kgeblxfv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\kdcicvms.sys -- (kdcicvms)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\juuqmtww.sys -- (juuqmtww)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jguvticf.sys -- (jguvticf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ixjzftew.sys -- (ixjzftew)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hgzmltir.sys -- (hgzmltir)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hchbtnfu.sys -- (hchbtnfu)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gwqubbvf.sys -- (gwqubbvf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gsillqks.sys -- (gsillqks)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ftrtjbdp.sys -- (ftrtjbdp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\fjccwygb.sys -- (fjccwygb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\fiikamyo.sys -- (fiikamyo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\faghczoq.sys -- (faghczoq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ersbdxhq.sys -- (ersbdxhq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ecfqcpxa.sys -- (ecfqcpxa)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cxhmqxem.sys -- (cxhmqxem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cgwcnhvv.sys -- (cgwcnhvv)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\bxndvinw.sys -- (bxndvinw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\bkawuwii.sys -- (bkawuwii)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\birguxwr.sys -- (birguxwr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\baduxsyh.sys -- (baduxsyh)
DRV - File not found [Kernel | Unknown | Running] -- -- (aswTdi)
DRV - File not found [Kernel | Unknown | Running] -- -- (aswSP)
DRV - File not found [File_System | Unknown | Running] -- -- (aswMon2)
DRV - File not found [File_System | Unknown | Running] -- -- (aswFsBlk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\aoesptrr.sys -- (aoesptrr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\actplkwg.sys -- (actplkwg)
DRV - File not found [Kernel | Unknown | Running] -- -- (Aavmker4)
DRV - [2010/10/25 22:22:04 | 000,044,800 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\oyseutcl.sys -- (ksfmjtwj)
DRV - [2010/10/25 02:44:45 | 000,043,904 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\gnlok.sys -- (lnhubroeefp)
DRV - [2010/09/23 13:16:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/09 09:22:02 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/06/03 19:35:26 | 001,570,240 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/01 03:57:42 | 005,038,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/22 06:01:14 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/01/20 14:06:34 | 001,205,312 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/31 02:49:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/10/21 08:47:58 | 006,048,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/09/29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/08/05 17:40:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/30 13:44:42 | 000,146,944 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006/01/04 13:11:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.c...earch.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/11/11 13:23:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 08:27:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 11:38:56 | 000,000,000 | ---D | M]

[2010/02/03 17:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\Mozilla\Extensions
[2010/11/11 13:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\Mozilla\Firefox\Profiles\hgk9c4wt.default\extensions
[2010/11/11 13:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\penny1\Application Data\Mozilla\Firefox\Profiles\hgk9c4wt.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010/11/16 11:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 11:33:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/09/29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2010/11/10 16:34:58 | 000,425,455 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14657 more lines...
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [Microsoft iexplorer11] C:\DOCUME~1\penny1\LOCALS~1\Temp\WinUpdate.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1289888558906 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1289386158078 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (硅汰牯牥攮數08\04) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.maddogstr...es/1dogpaws.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\penny1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\penny1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/02 21:20:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{162eeb20-ac7c-11df-a01a-0017c4bba794}\Shell\AutoRun\command - "" = J:\PENNY\PENNY\PENNYwo3.exe -- File not found
O33 - MountPoints2\{162eeb20-ac7c-11df-a01a-0017c4bba794}\Shell\open\command - "" = J:\PENNY\PENNY\PENNYwo3.exe -- File not found
O33 - MountPoints2\{22a9a221-b4dd-11df-a03d-0017c4bba794}\Shell\AutoRun\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{22a9a221-b4dd-11df-a03d-0017c4bba794}\Shell\open\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{4b63b154-317a-11df-9f06-0026227315d4}\Shell - "" = AutoRun
O33 - MountPoints2\{4b63b154-317a-11df-9f06-0026227315d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{540764c7-88fb-11df-9f96-0026227315d4}\Shell - "" = AutoRun
O33 - MountPoints2\{540764c7-88fb-11df-9f96-0026227315d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{540764c7-88fb-11df-9f96-0026227315d4}\Shell\AutoRun\command - "" = J:\iStudio.exe -- File not found
O33 - MountPoints2\{9ae9cb96-b41d-11df-a038-0026227315d4}\Shell\AutoRun\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{9ae9cb96-b41d-11df-a038-0026227315d4}\Shell\open\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{ff04dbba-632b-11df-9f5c-0017c4bba794}\Shell - "" = AutoRun
O33 - MountPoints2\{ff04dbba-632b-11df-9f5c-0017c4bba794}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff04dbba-632b-11df-9f5c-0017c4bba794}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{ff04dbbd-632b-11df-9f5c-0017c4bba794}\Shell - "" = AutoRun
O33 - MountPoints2\{ff04dbbd-632b-11df-9f5c-0017c4bba794}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff04dbbd-632b-11df-9f5c-0017c4bba794}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (aswBoot.exe /M:18eae0e18a) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 12:18:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\penny1\IECompatCache
[2010/11/16 11:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/12 19:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\Application Data\Malwarebytes
[2010/11/12 19:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/12 14:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/12 14:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/12 13:52:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/11 21:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\My Documents\Volunteers
[2010/11/11 20:47:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\penny1\PrivacIE
[2010/11/11 20:44:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\penny1\IETldCache
[2010/11/11 20:42:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/11/11 20:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/11/11 20:33:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/11/11 13:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/11 13:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\My Documents\My DAP Downloads
[2010/11/11 13:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2010/11/11 13:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\Application Data\Toolbar4
[2010/11/11 13:23:42 | 000,172,032 | ---- | C] (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/11/11 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/11/11 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict
[2010/11/11 13:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2010/11/11 11:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\Application Data\CyberLink
[2010/11/10 15:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/10 15:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/09 21:10:02 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/09 21:09:50 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/09 20:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\Local Settings\Application Data\Sunbelt Software
[2010/11/09 20:24:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/09 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/09 20:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/11/09 17:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\My Documents\Peter Martin
[2010/11/09 16:31:27 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\penny1\Desktop\Ad-AwareInstall.exe
[2010/11/06 11:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\Desktop\Att
[2010/11/03 08:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/03 08:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/02 10:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/02 10:39:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/02 10:39:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/02 10:39:45 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/11/02 10:38:31 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/10/30 18:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\penny1\Desktop\Kennel photos
[2010/10/30 07:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/10/22 17:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/22 17:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/30 12:48:16 | 001,275,136 | ---- | M] () -- C:\Documents and Settings\penny1\My Documents\candy.JPG
[2011/08/30 12:47:54 | 000,847,276 | ---- | M] () -- C:\Documents and Settings\penny1\My Documents\puppies.JPG
[2010/11/16 12:19:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/16 12:13:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/16 12:10:08 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1637723038-725345543-1003UA.job
[2010/11/16 11:56:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/16 11:53:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/16 11:41:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 10:47:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/16 10:45:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/16 10:10:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1637723038-725345543-1003Core.job
[2010/11/16 10:02:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/15 21:01:49 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/15 20:25:28 | 000,008,795 | ---- | M] () -- C:\Documents and Settings\penny1\My Documents\MDT logo greyed.jpg
[2010/11/15 20:18:53 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/15 20:18:53 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/15 20:17:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/15 20:14:34 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegPowerClean.job
[2010/11/15 20:14:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010/11/15 20:14:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 20:14:25 | 3147,796,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 18:51:28 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/15 18:51:28 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/15 15:12:02 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/15 14:53:02 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\penny1\My Documents\Quiz for open day.doc
[2010/11/15 13:48:47 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/15 13:48:47 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/15 13:48:47 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/12 15:39:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\penny1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/12 15:38:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/11/12 13:49:39 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RPCReminder.job
[2010/11/12 12:26:48 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\Fri blog contents - Girija.doc
[2010/11/11 20:42:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/11 20:33:27 | 000,001,297 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\My DAP Downloads.lnk
[2010/11/11 13:43:47 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\Download Accelerator Plus (DAP).lnk
[2010/11/10 16:34:58 | 000,425,455 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/10 16:11:31 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\Google Chrome.lnk
[2010/11/10 16:11:31 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\penny1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/10 15:31:13 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\penny1\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/10 15:31:13 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\Spybot - Search & Destroy.lnk
[2010/11/10 15:27:44 | 000,000,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101110-163458.backup
[2010/11/09 21:09:47 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/09 20:24:28 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\penny1\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/09 20:24:28 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/09 16:31:30 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\penny1\Desktop\Ad-AwareInstall.exe
[2010/11/09 15:03:16 | 000,278,861 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\Form49a.pdf
[2010/11/05 17:42:18 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\captions.doc
[2010/11/05 11:28:30 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\penny1\My Documents\LIST OF SPONSORS.doc
[2010/11/03 13:57:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\penny1\My Documents\Doc1.doc
[2010/11/02 15:47:46 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\penny1\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/02 10:41:46 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 10:40:55 | 000,038,648 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/02 10:37:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/02 10:37:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/02 10:37:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/02 10:37:29 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/02 10:35:30 | 000,022,704 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/01 18:27:50 | 000,116,951 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/10/27 15:59:31 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\penny1\Desktop\New Microsoft Word Document (2).doc
[2010/10/25 22:22:04 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\oyseutcl.sys
[2010/10/25 02:44:45 | 000,043,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\gnlok.sys
[2010/10/18 18:00:08 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\penny1\My Documents\spider.sav
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 20:32:20 | 000,008,795 | ---- | C] () -- C:\Documents and Settings\penny1\My Documents\MDT logo greyed.jpg
[2010/11/15 18:45:14 | 3147,796,480 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/15 14:16:24 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\penny1\My Documents\Quiz for open day.doc
[2010/11/12 12:26:47 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\penny1\Desktop\Fri blog contents - Girija.doc
[2010/11/11 13:43:47 | 000,001,297 | ---- | C] () -- C:\Documents and Settings\penny1\Desktop\My DAP Downloads.lnk
[2010/11/11 13:43:47 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\penny1\Desktop\Download Accelerator Plus (DAP).lnk
[2010/11/10 18:30:21 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/10 15:31:13 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\penny1\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/10 15:31:13 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\penny1\Desktop\Spybot - Search & Destroy.lnk
[2010/11/09 20:32:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/09 20:24:28 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\penny1\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/09 20:24:28 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/09 15:03:13 | 000,278,861 | ---- | C] () -- C:\Documents and Settings\penny1\Desktop\Form49a.pdf
[2010/11/05 17:42:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\penny1\Desktop\captions.doc
[2010/11/05 11:28:29 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\penny1\My Documents\LIST OF SPONSORS.doc
[2010/11/03 13:57:32 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\penny1\My Documents\Doc1.doc
[2010/11/02 10:39:38 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/02 10:39:16 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/02 10:39:08 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/02 10:39:07 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/02 10:39:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/02 10:38:57 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/02 10:38:53 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/02 10:38:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/11/02 10:38:34 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/02 10:26:25 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/02 10:26:25 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/02 10:26:25 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/11/02 10:26:25 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/11/02 10:26:25 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/02 10:26:25 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/11/02 10:26:25 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/11/02 10:26:25 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/11/02 10:26:25 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/11/02 10:26:25 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/02 10:26:25 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/11/02 10:26:25 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/11/02 10:26:25 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/02 10:26:25 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/02 10:26:25 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/11/02 10:26:24 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/11/02 10:26:24 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/11/02 10:26:24 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/27 15:59:31 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\penny1\Desktop\New Microsoft Word Document (2).doc
[2010/10/25 17:34:52 | 000,044,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\oyseutcl.sys
[2010/10/25 14:45:27 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 02:45:32 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/24 21:03:54 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/23 18:44:56 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/23 13:47:12 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/23 12:58:49 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/22 22:14:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/22 18:01:37 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/22 16:19:49 | 000,043,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\gnlok.sys
[2010/10/22 15:56:33 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/22 15:44:53 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\7E040C18-11B5-42A6-A424-2E43577EEF30.txt
[2010/10/22 15:42:14 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/22 10:07:51 | 000,004,158 | ---- | C] () -- C:\Documents and Settings\penny1\Local Settings\Application Data\7E040C18-11B5-42A6-A424-2E43577EEF30.txt
[2010/10/22 09:50:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/22 09:49:41 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/18 18:00:08 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\penny1\My Documents\spider.sav
[2010/07/25 08:32:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/25 08:32:31 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\penny1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 10:42:46 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/03 07:22:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/03 07:18:02 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/02/03 05:44:34 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2010/02/03 05:44:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/02/03 02:41:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/02 21:49:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/03/23 17:40:06 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/11/15 21:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/11 13:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/11/16 12:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/27 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/06/27 11:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/11/09 20:24:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/02/03 07:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\Any Video Converter
[2010/08/29 18:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/02/03 07:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\BitTorrent
[2010/06/27 11:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\BitZipper
[2010/11/15 18:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\Dropbox
[2010/11/11 13:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\Toolbar4
[2010/05/21 22:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\penny1\Application Data\ZTEEVDO
[2010/11/16 12:13:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/15 13:48:47 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/16 11:56:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/15 15:12:02 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/15 13:48:47 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/16 10:47:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/16 10:02:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/15 18:51:28 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/15 18:51:28 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/16 11:53:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/15 13:48:47 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/16 12:19:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/16 10:45:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/15 20:14:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2010/11/15 20:14:34 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegPowerClean.job
[2010/11/12 13:49:39 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\RPCReminder.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 600514 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >
  • 0

Advertisements

#2
kahdah
Posted 16 November 2010 - 07:29 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Peter the Veterinarian

Welcome to G2Go. :D
=====================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\xmhyplfg.dll -- (nkdhfmyxn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ynoefwde.sys -- (ynoefwde)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\yesjcoov.sys -- (yesjcoov)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vrkroste.sys -- (vrkroste)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\uvbhzwjf.sys -- (uvbhzwjf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\uifrsuvg.sys -- (uifrsuvg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\uazaemla.sys -- (uazaemla)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\twuzhzfl.sys -- (twuzhzfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\tctckyfj.sys -- (tctckyfj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\skqldxyv.sys -- (skqldxyv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sekrlquq.sys -- (sekrlquq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\qsmemask.sys -- (qsmemask)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\pckmtapa.sys -- (pckmtapa)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ouocybrs.sys -- (ouocybrs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\nrueubco.sys -- (nrueubco)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\nnchwplv.sys -- (nnchwplv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\mswqtlix.sys -- (mswqtlix)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lwecqvvc.sys -- (lwecqvvc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\loauftun.sys -- (loauftun)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ljnzoerl.sys -- (ljnzoerl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lbsbsafo.sys -- (lbsbsafo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\kjylgnsk.sys -- (kjylgnsk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\kgeblxfv.sys -- (kgeblxfv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\kdcicvms.sys -- (kdcicvms)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\juuqmtww.sys -- (juuqmtww)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jguvticf.sys -- (jguvticf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ixjzftew.sys -- (ixjzftew)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hgzmltir.sys -- (hgzmltir)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hchbtnfu.sys -- (hchbtnfu)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gwqubbvf.sys -- (gwqubbvf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gsillqks.sys -- (gsillqks)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ftrtjbdp.sys -- (ftrtjbdp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\fjccwygb.sys -- (fjccwygb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\fiikamyo.sys -- (fiikamyo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\faghczoq.sys -- (faghczoq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ersbdxhq.sys -- (ersbdxhq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ecfqcpxa.sys -- (ecfqcpxa)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cxhmqxem.sys -- (cxhmqxem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cgwcnhvv.sys -- (cgwcnhvv)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\bxndvinw.sys -- (bxndvinw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\bkawuwii.sys -- (bkawuwii)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\birguxwr.sys -- (birguxwr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\baduxsyh.sys -- (baduxsyh)
DRV - [2010/10/25 22:22:04 | 000,044,800 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\oyseutcl.sys -- (ksfmjtwj)
DRV - [2010/10/25 02:44:45 | 000,043,904 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\gnlok.sys -- (lnhubroeefp)
O4 - HKCU..\Run: [Microsoft iexplorer11] C:\DOCUME~1\penny1\LOCALS~1\Temp\WinUpdate.exe File not found
O20 - HKCU Winlogon: Shell - (硅汰牯牥攮數08\04) - File not found
O33 - MountPoints2\{162eeb20-ac7c-11df-a01a-0017c4bba794}\Shell\AutoRun\command - "" = J:\PENNY\PENNY\PENNYwo3.exe -- File not found
O33 - MountPoints2\{162eeb20-ac7c-11df-a01a-0017c4bba794}\Shell\open\command - "" = J:\PENNY\PENNY\PENNYwo3.exe -- File not found
O33 - MountPoints2\{22a9a221-b4dd-11df-a03d-0017c4bba794}\Shell\AutoRun\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{22a9a221-b4dd-11df-a03d-0017c4bba794}\Shell\open\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{540764c7-88fb-11df-9f96-0026227315d4}\Shell\AutoRun\command - "" = J:\iStudio.exe -- File not found
O33 - MountPoints2\{9ae9cb96-b41d-11df-a038-0026227315d4}\Shell\AutoRun\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{9ae9cb96-b41d-11df-a038-0026227315d4}\Shell\open\command - "" = J:\RELEASE\DEBUG\ghx.exe -- File not found
O33 - MountPoints2\{ff04dbba-632b-11df-9f5c-0017c4bba794}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{ff04dbbd-632b-11df-9f5c-0017c4bba794}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found

:files
C:\Windows\tasks\at*.job

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
===========
Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#3
Peter the Veterinarian
Posted 16 November 2010 - 10:43 PM

Peter the Veterinarian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
All processes killed
========== OTL ==========
Service nkdhfmyxn stopped successfully!
Service nkdhfmyxn deleted successfully!
File C:\WINDOWS\System32\xmhyplfg.dll not found.
Service ynoefwde stopped successfully!
Service ynoefwde deleted successfully!
File C:\WINDOWS\System32\Drivers\ynoefwde.sys not found.
Service yesjcoov stopped successfully!
Service yesjcoov deleted successfully!
File C:\WINDOWS\System32\Drivers\yesjcoov.sys not found.
Service vrkroste stopped successfully!
Service vrkroste deleted successfully!
File C:\WINDOWS\System32\Drivers\vrkroste.sys not found.
Service uvbhzwjf stopped successfully!
Service uvbhzwjf deleted successfully!
File C:\WINDOWS\System32\Drivers\uvbhzwjf.sys not found.
Service uifrsuvg stopped successfully!
Service uifrsuvg deleted successfully!
File C:\WINDOWS\System32\Drivers\uifrsuvg.sys not found.
Service uazaemla stopped successfully!
Service uazaemla deleted successfully!
File C:\WINDOWS\System32\Drivers\uazaemla.sys not found.
Service twuzhzfl stopped successfully!
Service twuzhzfl deleted successfully!
File C:\WINDOWS\System32\Drivers\twuzhzfl.sys not found.
Service tctckyfj stopped successfully!
Service tctckyfj deleted successfully!
File C:\WINDOWS\System32\Drivers\tctckyfj.sys not found.
Service skqldxyv stopped successfully!
Service skqldxyv deleted successfully!
File C:\WINDOWS\System32\Drivers\skqldxyv.sys not found.
Service sekrlquq stopped successfully!
Service sekrlquq deleted successfully!
File C:\WINDOWS\System32\Drivers\sekrlquq.sys not found.
Service qsmemask stopped successfully!
Service qsmemask deleted successfully!
File C:\WINDOWS\System32\Drivers\qsmemask.sys not found.
Service pckmtapa stopped successfully!
Service pckmtapa deleted successfully!
File C:\WINDOWS\System32\Drivers\pckmtapa.sys not found.
Service ouocybrs stopped successfully!
Service ouocybrs deleted successfully!
File C:\WINDOWS\System32\Drivers\ouocybrs.sys not found.
Service nrueubco stopped successfully!
Service nrueubco deleted successfully!
File C:\WINDOWS\System32\Drivers\nrueubco.sys not found.
Service nnchwplv stopped successfully!
Service nnchwplv deleted successfully!
File C:\WINDOWS\System32\Drivers\nnchwplv.sys not found.
Service mswqtlix stopped successfully!
Service mswqtlix deleted successfully!
File C:\WINDOWS\System32\Drivers\mswqtlix.sys not found.
Service lwecqvvc stopped successfully!
Service lwecqvvc deleted successfully!
File C:\WINDOWS\System32\Drivers\lwecqvvc.sys not found.
Service loauftun stopped successfully!
Service loauftun deleted successfully!
File C:\WINDOWS\System32\Drivers\loauftun.sys not found.
Service ljnzoerl stopped successfully!
Service ljnzoerl deleted successfully!
File C:\WINDOWS\System32\Drivers\ljnzoerl.sys not found.
Service lbsbsafo stopped successfully!
Service lbsbsafo deleted successfully!
File C:\WINDOWS\System32\Drivers\lbsbsafo.sys not found.
Service kjylgnsk stopped successfully!
Service kjylgnsk deleted successfully!
File C:\WINDOWS\System32\Drivers\kjylgnsk.sys not found.
Service kgeblxfv stopped successfully!
Service kgeblxfv deleted successfully!
File C:\WINDOWS\System32\Drivers\kgeblxfv.sys not found.
Service kdcicvms stopped successfully!
Service kdcicvms deleted successfully!
File C:\WINDOWS\System32\Drivers\kdcicvms.sys not found.
Service juuqmtww stopped successfully!
Service juuqmtww deleted successfully!
File C:\WINDOWS\System32\Drivers\juuqmtww.sys not found.
Service jguvticf stopped successfully!
Service jguvticf deleted successfully!
File C:\WINDOWS\System32\Drivers\jguvticf.sys not found.
Service ixjzftew stopped successfully!
Service ixjzftew deleted successfully!
File C:\WINDOWS\System32\Drivers\ixjzftew.sys not found.
Service hgzmltir stopped successfully!
Service hgzmltir deleted successfully!
File C:\WINDOWS\System32\Drivers\hgzmltir.sys not found.
Service hchbtnfu stopped successfully!
Service hchbtnfu deleted successfully!
File C:\WINDOWS\System32\Drivers\hchbtnfu.sys not found.
Service gwqubbvf stopped successfully!
Service gwqubbvf deleted successfully!
File C:\WINDOWS\System32\Drivers\gwqubbvf.sys not found.
Service gsillqks stopped successfully!
Service gsillqks deleted successfully!
File C:\WINDOWS\System32\Drivers\gsillqks.sys not found.
Service ftrtjbdp stopped successfully!
Service ftrtjbdp deleted successfully!
File C:\WINDOWS\System32\Drivers\ftrtjbdp.sys not found.
Service fjccwygb stopped successfully!
Service fjccwygb deleted successfully!
File C:\WINDOWS\System32\Drivers\fjccwygb.sys not found.
Service fiikamyo stopped successfully!
Service fiikamyo deleted successfully!
File C:\WINDOWS\System32\Drivers\fiikamyo.sys not found.
Service faghczoq stopped successfully!
Service faghczoq deleted successfully!
File C:\WINDOWS\System32\Drivers\faghczoq.sys not found.
Service ersbdxhq stopped successfully!
Service ersbdxhq deleted successfully!
File C:\WINDOWS\System32\Drivers\ersbdxhq.sys not found.
Service ecfqcpxa stopped successfully!
Service ecfqcpxa deleted successfully!
File C:\WINDOWS\System32\Drivers\ecfqcpxa.sys not found.
Service cxhmqxem stopped successfully!
Service cxhmqxem deleted successfully!
File C:\WINDOWS\System32\Drivers\cxhmqxem.sys not found.
Service cgwcnhvv stopped successfully!
Service cgwcnhvv deleted successfully!
File C:\WINDOWS\System32\Drivers\cgwcnhvv.sys not found.
Service bxndvinw stopped successfully!
Service bxndvinw deleted successfully!
File C:\WINDOWS\System32\Drivers\bxndvinw.sys not found.
Service bkawuwii stopped successfully!
Service bkawuwii deleted successfully!
File C:\WINDOWS\System32\Drivers\bkawuwii.sys not found.
Service birguxwr stopped successfully!
Service birguxwr deleted successfully!
File C:\WINDOWS\System32\Drivers\birguxwr.sys not found.
Service baduxsyh stopped successfully!
Service baduxsyh deleted successfully!
File C:\WINDOWS\System32\Drivers\baduxsyh.sys not found.
Service ksfmjtwj stopped successfully!
Service ksfmjtwj deleted successfully!
C:\WINDOWS\system32\drivers\oyseutcl.sys moved successfully.
Service lnhubroeefp stopped successfully!
Service lnhubroeefp deleted successfully!
C:\WINDOWS\system32\drivers\gnlok.sys moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft iexplorer11 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:硅汰牯牥攮數08\04 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{162eeb20-ac7c-11df-a01a-0017c4bba794}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{162eeb20-ac7c-11df-a01a-0017c4bba794}\ not found.
File J:\PENNY\PENNY\PENNYwo3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{162eeb20-ac7c-11df-a01a-0017c4bba794}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{162eeb20-ac7c-11df-a01a-0017c4bba794}\ not found.
File J:\PENNY\PENNY\PENNYwo3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22a9a221-b4dd-11df-a03d-0017c4bba794}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22a9a221-b4dd-11df-a03d-0017c4bba794}\ not found.
File J:\RELEASE\DEBUG\ghx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22a9a221-b4dd-11df-a03d-0017c4bba794}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22a9a221-b4dd-11df-a03d-0017c4bba794}\ not found.
File J:\RELEASE\DEBUG\ghx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{540764c7-88fb-11df-9f96-0026227315d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{540764c7-88fb-11df-9f96-0026227315d4}\ not found.
File J:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae9cb96-b41d-11df-a038-0026227315d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ae9cb96-b41d-11df-a038-0026227315d4}\ not found.
File J:\RELEASE\DEBUG\ghx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae9cb96-b41d-11df-a038-0026227315d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ae9cb96-b41d-11df-a038-0026227315d4}\ not found.
File J:\RELEASE\DEBUG\ghx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff04dbba-632b-11df-9f5c-0017c4bba794}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff04dbba-632b-11df-9f5c-0017c4bba794}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff04dbbd-632b-11df-9f5c-0017c4bba794}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff04dbbd-632b-11df-9f5c-0017c4bba794}\ not found.
File I:\AutoRun.exe not found.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 96363972 bytes
->Flash cache emptied: 589 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10613976 bytes
->Flash cache emptied: 715 bytes

User: penny1
->Temp folder emptied: 316676 bytes
->Temporary Internet Files folder emptied: 11092132 bytes
->FireFox cache emptied: 75630313 bytes
->Google Chrome cache emptied: 23149906 bytes
->Flash cache emptied: 84037 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4285428 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117818 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 250120873 bytes

Total Files Cleaned = 450.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11172010_100417

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DF291A.tmp not found!
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DFA058.tmp not found!
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DFB634.tmp not found!
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DFB639.tmp not found!
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DFB691.tmp not found!
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DFB696.tmp not found!
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DFB79C.tmp not found!
File\Folder C:\Documents and Settings\penny1\Local Settings\Temp\~DFB7A1.tmp not found!
C:\Documents and Settings\penny1\Local Settings\Temporary Internet Files\Content.IE5\PCXR6SB7\DLLegalization[1].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
Peter the Veterinarian
Posted 16 November 2010 - 10:43 PM

Peter the Veterinarian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
There you go - thanks for picking this up so quickly! Awaiting your instructions...
  • 0

#5
kahdah
Posted 17 November 2010 - 07:05 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No problem you left out a step after the OTL part please follow the instructions for running Combofix they are under the OTL instructions in my previous post.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP