0

First I would like to say thanks to all who help on this forum. I usually solve all my computer problems myself, but once I got stuck and this forum solved it for me. Now I am stuck again.

I have two computers hooked to router. We also have one running wireless. All are xp. I got up today, and computer took forever to do anything involving the internet. Hotmail took forever to load, webpages took forever, forex charts stopped moving, torrent speed almost gone etc...

I called isp provider 4 times. They said all is fine on their end. They even sent me for a new router, which I have now. I didn't have a password on router, and they said someone else was downloading and using all the bandwidth. So we password protected it. We did speed tests online which of course took forever, just to get the webpages to load. One computer finally passed the test, so they said everything is all right, even though it wasnt'. I called back and that computer could then not pass the speed test. So on the fourth call they got me to turn off all computers but one, and change the ethernet cord on it. Speed test went fine, so they said the cords no longer worked. Two cords on two computers both stopped working at same time. Quite a coincidence. So after they hung up for the fourth time, of course computer couldn't pass speed test a second time. So it seems to have a few moments when all seems well but overall not working properly. I'm quite baffled.

On one computer I noticed something odd. When I typed in a webpage such as google, it only partially loads, but when I move mouse the rest of the page appears. I tried this on second computer with the exact same results. I then tried on wireless computer downstairs with same results. So ALL three computers will only display complete webpages AFTER I move the mouse. So was thinking can't be computer, since all three are doing that. So I am totally mistified here.

Everything involving internet is just completely slow on all computers with a brand new router. Hopefully this is just something simple, but it is beyond me. I'll attach a hijack this log in case it is some kind of virus. Hopefully it is the correct version and the proper log. I ran malwarebytes and removed three items.... rootkit things of some sort. I tried to run superantispyware but it crashed.

Any help would be greatly appreciated since I can't work under these conditions. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:08 AM, on 5/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\CandleWorks\FXTS2\FXTSpp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264278931181
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264281872706
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7970 bytes

5
Contributors
30
Replies
32
Views
7 Years
Discussion Span
Last Post by sandeepxd
0

And no sooner do I post than I finally figure out the problem. Apparently version 2.1 of utorrent chokes out a router causing all computers to have similar problems. I went back to version 2.0 and all seems to be working fine now. Knock on wood.

If anyone does see anything amiss from the hijack this log above from one of our computers, please post away and I'll check this thread.

Otherwise for now seems all is well again.

0

just go to http://www.speedtest.net.
Try it. if u face any problem tell to me.

Did you go for this http://www.speedtest.net/.
Actually i wont ask any thing. It shows world map and some pyramid is showing your actual location. Just click on "Begin Test" above the image.
that's it, it will automatically start testing for uploading and downloading. ok. Try it if again same problem i will give you another one.

Try this!

http://www.bandwidthplace.com/

Edited by crunchie: reduce the spam

0

I spoke too soon. worked for about 10 minutes then back to messed up. speedtest tells me missing license key on one computer and fails to finish on other, currently. Sigh.... need help, don't have the slightest clue what to do next.

0

speed test complete on one computer.
ping 1573 ms
download .06 mbps
upload .02 mbps

bandwidthplace.com test

Download Speed: 100 kbps (12.5 KB/sec transfer rate)
Upload Speed: 23 kbps (2.9 KB/sec transfer rate)
Thursday, May 06, 2010 5:19:18 AM

Seems clear I have no upload or download speed. Just stumped as to why. Every time I try something, seems to work for a few minutes, then back to turtle pace.

Edited by crunchie: Clean-up

0

Well took about 1 hour to login, but think I made it. Everytime I clicked login, it just reloaded same page.

GMER One.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-06 21:01:32
Windows 5.1.2600 Service Pack 2
Running: 0k4n65wi.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\awgdypod.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85956DF8

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] jcepxt <-- ROOTKIT !!!
Service (*** hidden *** ) [BOOT] qgowsxop <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

0

GMER Two.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-06 21:00:50
Windows 5.1.2600 Service Pack 2
Running: 0k4n65wi.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\awgdypod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF23DB0B0] <-- ROOTKIT !!!

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85956DF8

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] jcepxt <-- ROOTKIT !!!
Service (*** hidden *** ) [BOOT] qgowsxop <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\jcepxt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcepxt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcepxt@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcepxt@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\qgowsxop@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\qgowsxop@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\qgowsxop@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\qgowsxop@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\jcepxt@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\jcepxt@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\jcepxt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\jcepxt@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\qgowsxop@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\qgowsxop@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\qgowsxop@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\qgowsxop@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----

0

malewarebytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4073

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/6/2010 11:16:08 PM
mbam-log-2010-05-06 (23-16-08).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 285349
Time elapsed: 1 hour(s), 13 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\jcepxt.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\qgowsxop.sys (Rootkit.Agent) -> Delete on reboot.

0

DDS.text file


DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Owner at 23:35:09.03 on Thu 05/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.545 [GMT -3:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264278931181
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264281872706
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-19 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-19 74480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-19 7408]

=============== Created Last 30 ================

2010-05-06 04:16:42 0 d-----w- c:\program files\Trend Micro
2010-04-19 02:44:13 0 ----a-w- c:\windows\system32\drivers\qgowsxop.sys

==================== Find3M ====================

2010-05-07 02:35:12 804864 ----a-w- c:\windows\system32\drivers\jcepxt.sys
2010-04-29 18:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 18:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 10:16:08 32426 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2010-03-28 01:53:04 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-03-28 01:52:48 5652144 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 14:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-16 13:19:55 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:19:55 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 13:17:38 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:39:04 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 12:39:04 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01:43 226880 ----a-w- c:\windows\system32\dllcache\tcpip6.sys
2009-10-21 08:21:20 19891 ----a-w- c:\program files\common files\mugulo.ban
2009-10-21 08:21:20 19564 ----a-w- c:\program files\common files\becequ.inf
2009-10-21 08:21:20 15431 ----a-w- c:\program files\common files\lizacov.db
2009-10-21 08:10:31 14265 ----a-w- c:\program files\common files\nadyh.scr
2009-10-21 08:10:30 13638 ----a-w- c:\program files\common files\ovawuq.sys
2009-10-21 08:10:30 10872 ----a-w- c:\program files\common files\xatar.com
2009-10-21 07:57:20 11122 ----a-w- c:\program files\common files\emumy.exe
2009-10-15 10:12:43 13034 ----a-w- c:\program files\common files\hyhahir._sy
2009-08-13 07:53:33 21312 ----a-w- c:\program files\wnebeqvk.txt
2009-08-13 06:54:14 19444 ----a-w- c:\program files\common files\aqewymuvov.vbs
2009-08-13 06:54:13 18715 ----a-w- c:\program files\common files\edowymu.vbs
2009-08-13 06:54:13 18544 ----a-w- c:\program files\common files\ezyhife.reg
2009-08-13 06:54:13 15608 ----a-w- c:\program files\common files\batytucyb.dll
2009-08-13 06:54:13 11894 ----a-w- c:\program files\common files\fimiw.inf
2009-08-13 06:42:09 18442 ----a-w- c:\program files\common files\ojasovu.db
2009-08-13 06:42:09 11013 ----a-w- c:\program files\common files\tefuwunak.dat
2005-11-18 02:37:22 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 23:35:54.03 ===============

0

I'm not sure how to attach a file as requested. Hopefully I did it correctly.

Attachments
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/23/2010 6:48:21 PM
System Uptime: 5/6/2010 11:17:17 PM (0 hours ago)

Motherboard: MSI |  | ALBACORE
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 179 GiB total, 33.875 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.499 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP21: 2/8/2010 9:24:38 AM - System Checkpoint
RP22: 2/10/2010 5:27:07 AM - System Checkpoint
RP23: 2/10/2010 8:06:59 PM - Software Distribution Service 3.0
RP24: 2/11/2010 8:17:25 PM - System Checkpoint
RP25: 2/12/2010 9:21:44 PM - System Checkpoint
RP26: 2/14/2010 12:44:15 AM - System Checkpoint
RP27: 2/15/2010 1:48:14 AM - System Checkpoint
RP28: 2/16/2010 2:17:20 AM - System Checkpoint
RP29: 2/18/2010 12:19:25 AM - System Checkpoint
RP30: 2/19/2010 7:54:20 AM - System Checkpoint
RP31: 2/20/2010 4:09:58 AM - Installed Java(TM) 6 Update 17
RP32: 2/21/2010 4:28:05 AM - System Checkpoint
RP33: 2/22/2010 6:21:13 AM - System Checkpoint
RP34: 2/23/2010 7:00:07 AM - System Checkpoint
RP35: 2/24/2010 12:06:05 AM - Software Distribution Service 3.0
RP36: 2/25/2010 12:20:30 AM - System Checkpoint
RP37: 2/26/2010 1:25:31 AM - System Checkpoint
RP38: 2/27/2010 2:05:15 AM - System Checkpoint
RP39: 2/28/2010 2:25:36 AM - System Checkpoint
RP40: 3/1/2010 2:32:28 AM - System Checkpoint
RP41: 3/2/2010 6:46:18 AM - System Checkpoint
RP42: 3/3/2010 9:05:04 AM - System Checkpoint
RP43: 3/4/2010 9:05:08 AM - System Checkpoint
RP44: 3/5/2010 10:05:07 AM - System Checkpoint
RP45: 3/6/2010 11:36:24 AM - System Checkpoint
RP46: 3/7/2010 12:05:09 PM - System Checkpoint
RP47: 3/8/2010 1:05:07 PM - System Checkpoint
RP48: 3/9/2010 2:05:06 PM - System Checkpoint
RP49: 3/9/2010 11:47:48 PM - Software Distribution Service 3.0
RP50: 3/11/2010 12:05:06 AM - System Checkpoint
RP51: 3/12/2010 1:05:07 AM - System Checkpoint
RP52: 3/13/2010 1:06:11 AM - System Checkpoint
RP53: 3/14/2010 3:05:09 AM - System Checkpoint
RP54: 3/15/2010 5:14:27 AM - System Checkpoint
RP55: 3/16/2010 6:38:46 AM - System Checkpoint
RP56: 3/17/2010 10:07:16 AM - System Checkpoint
RP57: 3/18/2010 11:05:06 AM - System Checkpoint
RP58: 3/19/2010 12:36:08 PM - System Checkpoint
RP59: 3/20/2010 1:05:07 PM - System Checkpoint
RP60: 3/20/2010 1:14:43 PM - Installed Java(TM) 6 Update 17
RP61: 3/21/2010 2:34:51 PM - System Checkpoint
RP62: 3/22/2010 3:05:09 PM - System Checkpoint
RP63: 3/23/2010 3:06:11 PM - System Checkpoint
RP64: 3/24/2010 4:05:06 PM - System Checkpoint
RP65: 3/25/2010 4:54:28 PM - System Checkpoint
RP66: 3/26/2010 5:17:56 PM - System Checkpoint
RP67: 3/27/2010 6:18:58 PM - System Checkpoint
RP68: 3/28/2010 6:20:31 PM - System Checkpoint
RP69: 3/29/2010 7:17:44 PM - System Checkpoint
RP70: 3/30/2010 7:17:52 PM - System Checkpoint
RP71: 3/31/2010 7:18:58 PM - System Checkpoint
RP72: 4/1/2010 8:36:58 PM - System Checkpoint
RP73: 4/2/2010 9:18:57 PM - System Checkpoint
RP74: 4/2/2010 11:17:54 PM - Software Distribution Service 3.0
RP75: 4/3/2010 11:23:02 PM - System Checkpoint
RP76: 4/4/2010 11:43:12 PM - System Checkpoint
RP77: 4/6/2010 12:02:28 AM - System Checkpoint
RP78: 4/7/2010 12:03:34 AM - System Checkpoint
RP79: 4/8/2010 1:02:31 AM - System Checkpoint
RP80: 4/9/2010 1:10:37 AM - System Checkpoint
RP81: 4/10/2010 2:02:29 AM - System Checkpoint
RP82: 4/11/2010 2:26:57 AM - System Checkpoint
RP83: 4/12/2010 7:02:01 AM - System Checkpoint
RP84: 4/13/2010 8:01:43 AM - System Checkpoint
RP85: 4/14/2010 8:02:27 AM - System Checkpoint
RP86: 4/15/2010 3:14:11 PM - System Checkpoint
RP87: 4/16/2010 4:26:29 PM - System Checkpoint
RP88: 4/17/2010 5:19:37 PM - System Checkpoint
RP89: 4/18/2010 6:54:09 PM - System Checkpoint
RP90: 4/18/2010 11:27:38 PM - Software Distribution Service 3.0
RP91: 4/19/2010 11:45:56 PM - System Checkpoint
RP92: 4/21/2010 12:35:21 AM - System Checkpoint
RP93: 4/22/2010 1:43:32 AM - System Checkpoint
RP94: 4/23/2010 2:39:49 AM - System Checkpoint
RP95: 4/24/2010 3:39:42 AM - System Checkpoint
RP96: 4/25/2010 4:39:44 AM - System Checkpoint
RP97: 4/26/2010 5:10:27 AM - System Checkpoint
RP98: 4/27/2010 5:20:44 AM - System Checkpoint
RP99: 4/28/2010 5:27:30 AM - System Checkpoint
RP100: 4/29/2010 8:11:02 AM - System Checkpoint
RP101: 4/30/2010 8:32:39 AM - System Checkpoint
RP102: 5/1/2010 9:10:24 AM - System Checkpoint
RP103: 5/2/2010 9:11:27 AM - System Checkpoint
RP104: 5/3/2010 9:46:03 AM - System Checkpoint
RP105: 5/4/2010 3:05:13 PM - System Checkpoint
RP106: 5/5/2010 7:31:56 PM - System Checkpoint
RP107: 5/6/2010 8:13:19 PM - System Checkpoint

==== Installed Programs ======================

Torrent
AAC Decoder
Adobe Acrobat Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
ATI Control Panel
ATI Display Driver
AutoUpdate
BufferChm
CameraDrivers
Canon iP1600
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
CueTour
dBpoweramp Music Converter
Destinations
Director
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DocProc
DocumentViewer
Easy Internet Sign-up
Fax
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
FinalBurner Free v2.17.0.180
FXCM Trading Station
H.264 Decoder
Help and Support Additions
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Help and Support 4.0
HP Image Zone 4.8.6
HP Image Zone Plus 4.8.6
HP Photosmart Cameras 4.5
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPIZplus450
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
J2SE Runtime Environment 5.0
K-Lite Codec Pack 5.2.0 (Full)
KBD
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
MKV Splitter
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
PanoStandAlone
Phoenix Assault from Hewlett-Packard Desktops (remove only)
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security U
0

So that is everything I read to do. Didn't have any problems with anything. So if anyone can help that would be great. Internet speed back to normal all of a sudden, but that has been happening every now and then for 5-10 minutes.

Thanks again in advance.

0

It looks like MBA-M caught that rootkit and has hopefully dealt with it. I will need you to do something else now.

First, reboot your computer. Now, open MBA-M again and check for an update. Once done, run a full scan and remove what is found ( if anything).
Post the log in your next reply.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4073

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/7/2010 3:18:16 AM
mbam-log-2010-05-07 (03-18-16).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 286296
Time elapsed: 1 hour(s), 14 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\jcepxt.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\qgowsxop.sys (Rootkit.Agent) -> Delete on reboot.

0

OTL logfile created on: 5/7/2010 3:21:36 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 499.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 33.90 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.50 Gb Free Space | 21.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/07 01:48:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/06/13 07:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/01 12:38:45 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/06/01 12:17:36 | 000,241,772 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
PRC - [2005/06/01 12:17:36 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2004/10/14 17:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/09/29 23:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/07 01:48:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2006/08/25 12:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 09:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2004/09/29 23:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/10/21 06:07:05 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/08 08:11:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/08/19 23:34:22 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/03/15 01:54:04 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/15 18:52:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/01 14:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 14:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 22:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/06/04 10:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/01/23 12:10:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264278931181 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264281872706 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\loasuywi.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/01 13:18:29 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/30 23:20:12 | 000,000,959 | RHS- | M] () - C:\autorun.bin -- [ NTFS ]
O32 - AutoRun File - [2007/04/02 09:54:24 | 000,000,002 | RHS- | M] () - C:\autorun.inf_被屏蔽木马 -- [ NTFS ]
O32 - AutoRun File - [2006/08/22 19:20:42 | 000,000,000 | RHS- | M] () - C:\autorun.srm -- [ NTFS ]
O32 - AutoRun File - [2006/06/14 10:26:38 | 000,000,024 | RHS- | M] () - C:\autorun.txt -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/07/30 22:20:12 | 000,000,959 | RHS- | M] () - D:\autorun.bin -- [ FAT32 ]
O32 - AutoRun File - [2007/04/02 08:54:24 | 000,000,002 | RHS- | M] () - D:\autorun.inf_被屏蔽木马 -- [ FAT32 ]
O32 - AutoRun File - [2006/08/22 18:20:42 | 000,000,000 | RHS- | M] () - D:\autorun.srm -- [ FAT32 ]
O32 - AutoRun File - [2006/06/14 09:26:38 | 000,000,024 | RHS- | M] () - D:\autorun.txt -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/23 19:32:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/07 01:48:32 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/06 04:04:14 | 000,319,792 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\utorrent.exe
[2010/05/06 01:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/06 01:05:41 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HJTInstall.exe
[2010/05/03 01:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\hxksybgfe
[2010/04/20 03:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/15 20:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Pain in the Ass
[2010/04/01 03:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\PBS
[2010/03/27 22:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\AccurateRip
[2010/03/20 15:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\ATINB6203
[2010/02/26 06:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gumsxo
[2010/02/22 05:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\house pics
[2010/02/15 09:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Media Player Classic
[2010/02/14 03:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\PlayFirst
[2010/02/14 03:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/07 03:23:48 | 000,804,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\jcepxt.sys
[2010/05/07 03:23:46 | 000,586,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\qgowsxop.sys
[2010/05/07 03:19:43 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ytxwcnf.sys
[2010/05/07 02:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/07 01:53:03 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/05/07 01:51:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/07 01:51:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/07 01:51:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 01:50:57 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 01:50:19 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/05/07 01:49:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/05/07 01:49:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/07 01:48:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/06 14:30:15 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\scan results.rtf
[2010/05/06 14:25:06 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 14:19:02 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\0k4n65wi.exe
[2010/05/06 14:18:48 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2010/05/06 04:04:14 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\utorrent.exe
[2010/05/06 01:16:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2010/05/06 01:05:41 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HJTInstall.exe
[2010/05/04 07:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/18 23:32:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 07:16:08 | 000,032,426 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2010/03/27 22:53:04 | 000,015,341 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/27 22:52:49 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/27 22:52:48 | 005,652,144 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/27 22:45:02 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to vlc.lnk
[2010/03/26 14:50:38 | 013,221,888 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\vlc-1.0.5-win32.exe
[2010/03/25 10:00:10 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/25 10:00:10 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/25 10:00:08 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/20 15:10:29 | 138,836,620 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ATINB6203.zip
[2010/03/10 00:51:37 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 03:18:55 | 000,027,423 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\SpringLeagueConfirmation2010.pdf
[2010/02/19 17:25:38 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/02/19 09:28:50 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Provincial championship 2010 - welcome letter.doc
[2010/02/13 23:33:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/06 12:19:13 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/02/06 12:19:13 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/07 03:19:43 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ytxwcnf.sys
[2010/05/06 14:30:14 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\scan results.rtf
[2010/05/06 14:19:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\0k4n65wi.exe
[2010/05/06 14:18:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2010/05/06 01:16:42 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2010/04/18 23:44:13 | 000,586,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\qgowsxop.sys
[2010/03/27 22:53:04 | 005,652,144 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/27 22:53:04 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/27 22:53:04 | 000,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/27 22:45:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to vlc.lnk
[2010/03/26 14:46:20 | 013,221,888 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\vlc-1.0.5-win32.exe
[2010/03/25 09:33:53 | 000,804,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\jcepxt.sys
[2010/03/25 09:33:19 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/03/20 15:10:29 | 138,836,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ATINB6203.zip
[2010/03/08 03:18:59 | 000,027,423 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\SpringLeagueConfirmation2010.pdf
[2010/02/19 09:28:50 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Provincial championship 2010 - welcome letter.doc
[2010/02/06 12:19:13 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/02/06 12:19:13 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/01/24 01:08:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2010/01/23 18:09:59 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/23 18:09:57 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/23 18:09:57 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/23 18:09:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/23 18:09:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/30 07:54:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/21 05:21:20 | 000,019,469 | ---- | C] () -- C:\WINDOWS\yficonic.sys
[2009/04/19 07:12:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2009/03/03 09:03:20 | 000,000,199 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2008/10/22 00:50:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/15 19:04:33 | 000,001,054 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/05/27 10:13:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/03/26 20:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/02/12 00:00:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/12/09 08:17:52 | 000,000,070 | ---- | C] () -- C:\WINDOWS\EDA7DCB3.ini
[2006/10/29 16:56:53 | 000,000,328 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/28 18:53:30 | 000,000,159 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/09 21:43:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/09/25 20:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/06/01 13:20:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/01 13:17:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/01 13:17:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/01 13:17:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/01 13:17:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/01 13:17:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/01 13:17:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/01 12:49:21 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/06/01 12:49:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/06/01 12:48:56 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/06/01 12:46:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/01 12:26:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/01 12:13:34 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/06/01 12:11:44 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/06/01 12:11:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/06/01 12:11:28 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 14:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/16 01:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/10/02 19:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliant
[2008/11/10 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/05/20 21:03:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/03/26 20:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/14 04:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/03/26 20:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/13 04:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/13 05:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/02/14 05:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/25 12:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/03/03 20:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/01/08 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B6BEC960-6F93-4A64-B872-5B6395F74F89}
[2007/07/31 21:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2008/11/19 04:58:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
[2010/05/07 01:49:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 12:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\sp3.cab:AGP440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\agp440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\agp440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/09/19 20:56:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\sp3.cab:atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/04 09:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 09:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 09:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 09:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\eventlog.dll
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\netlogon.dll
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\netlogon.dll
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2009/02/06 15:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 15:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 15:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 15:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2005/01/26 17:45:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/26 17:45:52 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/26 17:45:52 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2007/12/26 00:32:03 | 000,000,002 | RHS- | C] ()(C:\autorun.inf_?????) -- C:\autorun.inf_被屏蔽木马
[2007/04/02 09:54:24 | 000,000,002 | RHS- | M] ()(C:\autorun.inf_?????) -- C:\autorun.inf_被屏蔽木马

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >

0

OTL Extras logfile created on: 5/7/2010 3:21:36 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 499.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 33.90 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.50 Gb Free Space | 21.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\CandleWorks\FXTS2\FXTSpp.exe" = C:\Program Files\CandleWorks\FXTS2\FXTSpp.exe:*:Enabled:FXCM Trading Station II -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.17.0.180
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFF913ED-03A6-42D2-A2A7-5966A612EEB9}" = LS_HSI
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"14DD9322-0AAE-4DA4-90A9-EB42CF296127" = Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"741C4983-B139-407A-AD4E-3D6C7B29704B" = Final Drive Nitro from Hewlett-Packard Desktops (remove only)
"7CEF0F00-BA1B-4861-A102-38CC86CA622B" = Phoenix Assault from Hewlett-Packard Desktops (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATI Display Driver" = ATI Display Driver
"BackWeb-309731 Uninstaller" = Updates from HP
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E2A4EA31-80A1-4460-9510-631AF4D6A636" = Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"FXCM Trading Station" = FXCM Trading Station
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.8.6
"ie8" = Windows Internet Explorer 8
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money" = Remove Microsoft Money 2005 installer
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"uTorrent" = µTorrent
"WeatherBug" = Remove WeatherBug installer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2010 4:55:23 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 8:38:42 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 3:18:44 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 3:18:45 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 3:19:33 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2010 1:50:38 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.9.6.99, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 12:36:04 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 12:37:37 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2010 11:45:26 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2010 11:46:21 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/6/2010 3:13:20 AM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/6/2010 3:13:20 AM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/6/2010 3:13:20 AM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\CandleWorks\FXTS2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/6/2010 3:51:19 PM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/6/2010 3:51:19 PM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/6/2010 3:51:19 PM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\CandleWorks\FXTS2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/6/2010 3:51:19 PM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/6/2010 3:51:19 PM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/6/2010 3:51:19 PM | Computer Name = YOUR-F78BF48CE2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\CandleWorks\FXTS2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/6/2010 10:18:02 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k


< End of report >

0

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/05/07 03:23:48 | 000,804,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\jcepxt.sys
    [2010/05/07 03:23:46 | 000,586,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\qgowsxop.sys
    
    :Commands
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log from the above fix.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
0

All processes killed
========== OTL ==========
File move failed. C:\WINDOWS\system32\drivers\jcepxt.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\qgowsxop.sys scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.YOUR-F78BF48CE2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hal
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 768 bytes

User: hallypoo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: HP_Owner
->Temp folder emptied: 15647469 bytes
->Temporary Internet Files folder emptied: 525165269 bytes
->Java cache emptied: 9881438 bytes
->Google Chrome cache emptied: 6240419 bytes
->Flash cache emptied: 7261868 bytes

User: HP_Owner.YOUR-F78BF48CE2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2864925 bytes
->Java cache emptied: 47936105 bytes
->Flash cache emptied: 262323 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 621 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1092435 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 338903 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 19782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 588.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05072010_041008

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\jcepxt.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\qgowsxop.sys scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF6D77.tmp not found!
File\Folder C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF8489.tmp not found!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\YFDNZSYM\button[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\VDBV1X1Z\01[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\NG0KPEHI\ads[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\NG0KPEHI\sh16[1].html moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\14PEJNJW\thread281460-2[1].html moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

0

OTL logfile created on: 5/7/2010 4:20:57 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\HP_Owner\Desktop\fix computer
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 543.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 34.36 Gb Free Space | 19.16% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.50 Gb Free Space | 21.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/07 01:48:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\fix computer\OTL.exe
PRC - [2010/04/09 11:38:00 | 000,147,456 | ---- | M] () -- C:\Program Files\CandleWorks\FXTS2\FXTSpp.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/06/13 07:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/01 12:38:45 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/06/01 12:17:36 | 000,241,772 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
PRC - [2005/06/01 12:17:36 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2004/10/14 17:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/09/29 23:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/07 01:48:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\fix computer\OTL.exe
MOD - [2006/08/25 12:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 09:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2004/09/29 23:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/10/21 06:07:05 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/08 08:11:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/08/19 23:34:22 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/03/15 01:54:04 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/15 18:52:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/01 14:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 14:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 22:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/06/04 10:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/01/23 12:10:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/07 04:12:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264278931181 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264281872706 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\loasuywi.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/01 13:18:29 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/30 23:20:12 | 000,000,959 | RHS- | M] () - C:\autorun.bin -- [ NTFS ]
O32 - AutoRun File - [2007/04/02 09:54:24 | 000,000,002 | RHS- | M] () - C:\autorun.inf_被屏蔽木马 -- [ NTFS ]
O32 - AutoRun File - [2006/08/22 19:20:42 | 000,000,000 | RHS- | M] () - C:\autorun.srm -- [ NTFS ]
O32 - AutoRun File - [2006/06/14 10:26:38 | 000,000,024 | RHS- | M] () - C:\autorun.txt -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/07/30 22:20:12 | 000,000,959 | RHS- | M] () - D:\autorun.bin -- [ FAT32 ]
O32 - AutoRun File - [2007/04/02 08:54:24 | 000,000,002 | RHS- | M] () - D:\autorun.inf_被屏蔽木马 -- [ FAT32 ]
O32 - AutoRun File - [2006/08/22 18:20:42 | 000,000,000 | RHS- | M] () - D:\autorun.srm -- [ FAT32 ]
O32 - AutoRun File - [2006/06/14 09:26:38 | 000,000,024 | RHS- | M] () - D:\autorun.txt -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/05/07 04:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/07 03:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\fix computer
[2010/05/06 04:04:14 | 000,319,792 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\utorrent.exe
[2010/05/06 01:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/06 01:05:41 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HJTInstall.exe
[2010/05/03 01:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\hxksybgfe
[2010/04/20 03:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/01 03:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\PBS
[2010/03/27 22:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\AccurateRip
[2010/03/20 15:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\ATINB6203
[2010/02/26 06:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gumsxo
[2010/02/22 05:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\house pics
[2010/02/15 09:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Media Player Classic
[2010/02/14 03:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\PlayFirst
[2010/02/14 03:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

========== Files - Modified Within 90 Days ==========

[2010/05/07 04:23:05 | 000,804,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\jcepxt.sys
[2010/05/07 04:23:03 | 000,586,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\qgowsxop.sys
[2010/05/07 04:15:53 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/05/07 04:14:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/07 04:13:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/07 04:13:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 04:13:31 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 04:12:43 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/05/07 04:12:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/05/07 04:12:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/05/07 03:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/07 01:49:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/06 14:25:06 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 04:04:14 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\utorrent.exe
[2010/05/06 01:05:41 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HJTInstall.exe
[2010/05/04 07:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/18 23:32:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 07:16:08 | 000,032,426 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2010/03/27 22:53:04 | 000,015,341 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/27 22:52:49 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/27 22:52:48 | 005,652,144 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/27 22:45:02 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to vlc.lnk
[2010/03/26 14:50:38 | 013,221,888 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\vlc-1.0.5-win32.exe
[2010/03/25 10:00:10 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/25 10:00:10 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/25 10:00:08 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/20 15:10:29 | 138,836,620 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ATINB6203.zip
[2010/03/10 00:51:37 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 03:18:55 | 000,027,423 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\SpringLeagueConfirmation2010.pdf
[2010/02/19 17:25:38 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/02/19 09:28:50 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Provincial championship 2010 - welcome letter.doc
[2010/02/13 23:33:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/06 12:19:13 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/02/06 12:19:13 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk

========== Files Created - No Company Name ==========

[2010/04/18 23:44:13 | 000,586,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\qgowsxop.sys
[2010/03/27 22:53:04 | 005,652,144 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/27 22:53:04 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/27 22:53:04 | 000,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/27 22:45:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to vlc.lnk
[2010/03/26 14:46:20 | 013,221,888 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\vlc-1.0.5-win32.exe
[2010/03/25 09:33:53 | 000,804,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\jcepxt.sys
[2010/03/25 09:33:19 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/03/20 15:10:29 | 138,836,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ATINB6203.zip
[2010/03/08 03:18:59 | 000,027,423 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\SpringLeagueConfirmation2010.pdf
[2010/02/19 09:28:50 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Provincial championship 2010 - welcome letter.doc
[2010/02/06 12:19:13 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/02/06 12:19:13 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/01/24 01:08:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2010/01/23 18:09:59 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/23 18:09:57 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/23 18:09:57 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/23 18:09:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/23 18:09:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/30 07:54:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/21 05:21:20 | 000,019,469 | ---- | C] () -- C:\WINDOWS\yficonic.sys
[2009/04/19 07:12:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2009/03/03 09:03:20 | 000,000,199 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2008/10/22 00:50:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/15 19:04:33 | 000,001,054 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/05/27 10:13:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/03/26 20:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/02/12 00:00:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/12/09 08:17:52 | 000,000,070 | ---- | C] () -- C:\WINDOWS\EDA7DCB3.ini
[2006/10/29 16:56:53 | 000,000,328 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/28 18:53:30 | 000,000,159 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/09 21:43:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/09/25 20:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/06/01 13:20:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/01 13:17:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/01 13:17:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/01 13:17:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/01 13:17:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/01 13:17:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/01 13:17:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/01 12:49:21 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/06/01 12:49:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/06/01 12:48:56 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/06/01 12:46:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/01 12:26:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/01 12:13:34 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/06/01 12:11:44 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/06/01 12:11:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/06/01 12:11:28 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 14:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/16 01:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/10/02 19:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliant
[2008/11/10 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/05/20 21:03:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/03/26 20:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/14 04:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/03/26 20:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/13 04:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/13 05:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/02/14 05:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/25 12:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/03/03 20:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/01/08 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B6BEC960-6F93-4A64-B872-5B6395F74F89}
[2007/07/31 21:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2008/11/19 04:58:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
[2010/05/07 01:49:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2007/12/26 00:32:03 | 000,000,002 | RHS- | C] ()(C:\autorun.inf_?????) -- C:\autorun.inf_被屏蔽木马
[2007/04/02 09:54:24 | 000,000,002 | RHS- | M] ()(C:\autorun.inf_?????) -- C:\autorun.inf_被屏蔽木马

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

ComboFix 10-05-06.04 - HP_Owner 05/07/2010 12:54:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.631 [GMT -3:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\hal\Local Settings\Application Data\{C38840C1-46CF-4FC9-B618-9B6310628852}
c:\documents and settings\hal\Local Settings\Application Data\{C38840C1-46CF-4FC9-B618-9B6310628852}\chrome.manifest
c:\documents and settings\hal\Local Settings\Application Data\{C38840C1-46CF-4FC9-B618-9B6310628852}\chrome\content\_cfg.js
c:\documents and settings\hal\Local Settings\Application Data\{C38840C1-46CF-4FC9-B618-9B6310628852}\chrome\content\overlay.xul
c:\documents and settings\hal\Local Settings\Application Data\{C38840C1-46CF-4FC9-B618-9B6310628852}\install.rdf
c:\documents and settings\HP_Owner.YOUR-F78BF48CE2\Application Data\iniasd.txt
c:\documents and settings\HP_Owner\Recent\Thumbs.db
c:\recycler\S-1-5-21-1434685792-4252398506-2790927113-1003
c:\recycler\S-1-5-21-2590609553-85473663-1461681743-1009
c:\recycler\S-1-5-21-4226405625-2323376257-670251240-1009
c:\recycler\S-1-5-21-681659163-2066289770-2878625811-1009
c:\recycler\S-1-5-21-681659163-2066289770-2878625811-1010
c:\recycler\S-1-5-21-7529223648-8649673199-645189604-9839
c:\recycler\S-1-5-21-99288462-1366924499-1201901915-1009
c:\recycler\S-1-5-21-99288462-1366924499-1201901915-500
c:\recycler\S-1-5-21-99288462-1366924499-1201901915-501
C:\s
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\explorer(2).exe
c:\windows\Install.txt
c:\windows\system32\drivers\jcepxt.sys
c:\windows\system32\drivers\qgowsxop.sys
C:\xcrashdump.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_jcepxt
-------\Legacy_qgowsxop
-------\Service_jcepxt
-------\Service_qgowsxop


((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 07:10 . 2010-05-07 07:10 -------- d-----w- C:\_OTL
2010-05-06 04:16 . 2010-05-06 04:16 -------- d-----w- c:\program files\Trend Micro
2010-05-03 04:59 . 2010-05-03 04:59 -------- d-----w- c:\documents and settings\hallypoo\Application Data\DivX
2010-05-03 04:45 . 2010-05-03 05:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\hxksybgfe
2010-04-20 06:44 . 2010-04-20 06:44 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-20 06:44 . 2010-04-20 06:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 16:32 . 2008-05-17 23:38 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2010-05-06 07:08 . 2008-05-17 23:38 -------- d-----w- c:\program files\uTorrent
2010-05-03 04:55 . 2009-10-21 10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 04:55 . 2009-12-26 22:45 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 18:39 . 2010-01-23 20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 18:39 . 2010-01-23 20:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 10:16 . 2005-09-20 22:14 32426 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-04-15 01:58 . 2010-02-04 23:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype
2010-04-14 23:26 . 2010-02-04 23:34 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM
2010-04-03 09:43 . 2010-01-23 15:28 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-28 01:53 . 2010-03-28 01:53 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AccurateRip
2010-03-28 01:53 . 2010-03-28 01:53 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-03-28 01:52 . 2010-03-28 01:53 5652144 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-25 12:33 . 2010-03-25 12:33 16 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat
2010-03-20 16:14 . 2010-01-23 20:18 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-20 16:14 . 2010-01-23 20:18 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 09:57 . 2010-01-30 06:29 117760 ----a-w- c:\documents and settings\hallypoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-08-04 11:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-04 12:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 18:00 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-10-21 08:21 . 2009-10-21 08:21 19891 ----a-w- c:\program files\Common Files\mugulo.ban
2009-10-21 08:21 . 2009-10-21 08:21 19564 ----a-w- c:\program files\Common Files\becequ.inf
2009-10-21 08:21 . 2009-10-21 08:21 15431 ----a-w- c:\program files\Common Files\lizacov.db
2009-10-21 08:10 . 2009-10-21 08:10 14265 ----a-w- c:\program files\Common Files\nadyh.scr
2009-10-21 08:10 . 2009-10-21 08:10 13638 ----a-w- c:\program files\Common Files\ovawuq.sys
2009-10-21 08:10 . 2009-10-21 08:10 10872 ----a-w- c:\program files\Common Files\xatar.com
2009-10-21 07:57 . 2009-10-21 07:57 11122 ----a-w- c:\program files\Common Files\emumy.exe
2009-10-15 10:12 . 2009-10-15 10:12 13034 ----a-w- c:\program files\Common Files\hyhahir._sy
2009-08-13 07:53 . 2009-08-13 07:53 21312 ----a-w- c:\program files\wnebeqvk.txt
2009-08-13 06:54 . 2009-08-13 06:54 19444 ----a-w- c:\program files\Common Files\aqewymuvov.vbs
2009-08-13 06:54 . 2009-08-13 06:54 18715 ----a-w- c:\program files\Common Files\edowymu.vbs
2009-08-13 06:54 . 2009-08-13 06:54 18544 ----a-w- c:\program files\Common Files\ezyhife.reg
2009-08-13 06:54 . 2009-08-13 06:54 15608 ----a-w- c:\program files\Common Files\batytucyb.dll
2009-08-13 06:54 . 2009-08-13 06:54 11894 ----a-w- c:\program files\Common Files\fimiw.inf
2009-08-13 06:42 . 2009-08-13 06:42 18442 ----a-w- c:\program files\Common Files\ojasovu.db
2009-08-13 06:42 . 2009-08-13 06:42 11013 ----a-w- c:\program files\Common Files\tefuwunak.dat
2005-11-18 02:37 . 2005-11-17 23:37 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-23 2002160]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-06 319792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-01 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-06-01 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CandleWorks\\FXTS2\\FXTSpp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [8/19/2008 11:34 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/19/2008 11:34 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/19/2008 11:34 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 20:57]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 23:08]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 23:08]

2010-05-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Acrobat Connect Add-in - c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 13:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-05-07 13:36:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 16:36

Pre-Run: 36,868,333,568 bytes free
Post-Run: 42,140,090,368 bytes free

- - End Of File - - 9DB8D9F006A7462B1C1ACD91CFE0146B

0

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

File::
c:\documents and settings\HP_Owner\Local Settings\Application Data\hxksybgfe

Rootkit::
c:\windows\system32\drivers\jcepxt.sys
c:\windows\system32\drivers\qgowsxop.sys


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

==

Please run MBA-M again and post the log.

Edited by crunchie: n/a

Attachments CFScript.gif 27.09 KB
0

ComboFix 10-05-06.04 - HP_Owner 05/07/2010 21:09:36.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.617 [GMT -3:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\HP_Owner\Local Settings\Application Data\hxksybgfe"
.

((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-07 07:10 . 2010-05-07 07:10 -------- d-----w- C:\_OTL
2010-05-06 04:16 . 2010-05-06 04:16 -------- d-----w- c:\program files\Trend Micro
2010-05-03 04:59 . 2010-05-03 04:59 -------- d-----w- c:\documents and settings\hallypoo\Application Data\DivX
2010-05-03 04:45 . 2010-05-03 05:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\hxksybgfe
2010-04-20 06:44 . 2010-04-20 06:44 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-20 06:44 . 2010-04-20 06:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 00:17 . 2008-05-17 23:38 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2010-05-06 07:08 . 2008-05-17 23:38 -------- d-----w- c:\program files\uTorrent
2010-05-03 04:55 . 2009-10-21 10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 04:55 . 2009-12-26 22:45 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 18:39 . 2010-01-23 20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 18:39 . 2010-01-23 20:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 10:16 . 2005-09-20 22:14 32426 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-04-15 01:58 . 2010-02-04 23:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype
2010-04-14 23:26 . 2010-02-04 23:34 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM
2010-04-03 09:43 . 2010-01-23 15:28 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-28 01:53 . 2010-03-28 01:53 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AccurateRip
2010-03-28 01:53 . 2010-03-28 01:53 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-03-28 01:52 . 2010-03-28 01:53 5652144 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-25 12:33 . 2010-03-25 12:33 16 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat
2010-03-20 16:14 . 2010-01-23 20:18 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-20 16:14 . 2010-01-23 20:18 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 09:57 . 2010-01-30 06:29 117760 ----a-w- c:\documents and settings\hallypoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-08-04 11:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-04 12:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 18:00 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-10-21 08:21 . 2009-10-21 08:21 19891 ----a-w- c:\program files\Common Files\mugulo.ban
2009-10-21 08:21 . 2009-10-21 08:21 19564 ----a-w- c:\program files\Common Files\becequ.inf
2009-10-21 08:21 . 2009-10-21 08:21 15431 ----a-w- c:\program files\Common Files\lizacov.db
2009-10-21 08:10 . 2009-10-21 08:10 14265 ----a-w- c:\program files\Common Files\nadyh.scr
2009-10-21 08:10 . 2009-10-21 08:10 13638 ----a-w- c:\program files\Common Files\ovawuq.sys
2009-10-21 08:10 . 2009-10-21 08:10 10872 ----a-w- c:\program files\Common Files\xatar.com
2009-10-21 07:57 . 2009-10-21 07:57 11122 ----a-w- c:\program files\Common Files\emumy.exe
2009-10-15 10:12 . 2009-10-15 10:12 13034 ----a-w- c:\program files\Common Files\hyhahir._sy
2009-08-13 07:53 . 2009-08-13 07:53 21312 ----a-w- c:\program files\wnebeqvk.txt
2009-08-13 06:54 . 2009-08-13 06:54 19444 ----a-w- c:\program files\Common Files\aqewymuvov.vbs
2009-08-13 06:54 . 2009-08-13 06:54 18715 ----a-w- c:\program files\Common Files\edowymu.vbs
2009-08-13 06:54 . 2009-08-13 06:54 18544 ----a-w- c:\program files\Common Files\ezyhife.reg
2009-08-13 06:54 . 2009-08-13 06:54 15608 ----a-w- c:\program files\Common Files\batytucyb.dll
2009-08-13 06:54 . 2009-08-13 06:54 11894 ----a-w- c:\program files\Common Files\fimiw.inf
2009-08-13 06:42 . 2009-08-13 06:42 18442 ----a-w- c:\program files\Common Files\ojasovu.db
2009-08-13 06:42 . 2009-08-13 06:42 11013 ----a-w- c:\program files\Common Files\tefuwunak.dat
2005-11-18 02:37 . 2005-11-17 23:37 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-23 2002160]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-06 319792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-01 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-06-01 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CandleWorks\\FXTS2\\FXTSpp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [8/19/2008 11:34 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/19/2008 11:34 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/19/2008 11:34 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 20:57]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 23:08]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 23:08]

2010-05-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 21:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-05-07 21:22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-08 00:22
ComboFix2.txt 2010-05-07 16:36

Pre-Run: 40,299,417,600 bytes free
Post-Run: 40,277,323,776 bytes free

- - End Of File - - BA65A21F874C443F671840BFC2853414

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:21 PM, on 5/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264278931181
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264281872706
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7055 bytes

0

FYI, I believe your problems have come about due to your use of P2P program(s) installed on your pc.
Although the program itself might be safe, downloading shared files from unknown sources definitely is not.
I strongly advise you to uninstall them.
From our sticky at the top of the forum;

Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:
P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

=================

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\program files\Common Files\becequ.inf
c:\program files\Common Files\lizacov.db
c:\program files\Common Files\nadyh.scr
c:\program files\Common Files\ovawuq.sys
c:\program files\Common Files\xatar.com
c:\program files\Common Files\emumy.exe
c:\program files\Common Files\hyhahir._sy
c:\program files\Common Files\aqewymuvov.vbs
c:\program files\Common Files\edowymu.vbs
c:\program files\Common Files\ezyhife.reg
c:\program files\Common Files\batytucyb.dll
c:\program files\Common Files\fimiw.inf
c:\program files\Common Files\ojasovu.db
c:\program files\Common Files\tefuwunak.dat

0

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4075

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/7/2010 10:37:01 PM
mbam-log-2010-05-07 (22-37-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 281067
Time elapsed: 1 hour(s), 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\jcepxt.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\qgowsxop.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP108\A0011302.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP108\A0011303.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

0

the common files above all scanned with "nothing found".

so would I be correct in assuming that the p2p caused some problems on this computer which caused internet to move slow to not at all, which somehow affected all computers on router? (used up bandwidth or something). I am assuming this computer would be the problem since other computer is used only for work. So that is why I am running everything on this computer that you say. This is the one everyone uses for entertainment etc.... Last day or so internet speed seems to be good. I was able to work today on other computer. So waiting to see if there are more cleaning steps. Again thanks in advance. This is a great forum for people.

0

Not the P2P program itself, but what can be downloaded using it.
You have to realise that all the files are coming from anywhere in the world off someone like your self's computer. Those files may be clean, or they may be infected. You never know until it's too late.
Some people deliberately use P2P programs to transmit their malware around the globe.

0

I was lucky to get here, as im having a lot of trouble with my connection speed. Thats why im asking for your help. I've been having issues for some days now, and every speed test i do, offers different results. I am really lost here. cheers and thanks in advance.

Edited by crunchie: Snipped link.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.