Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Is Running REALLY Slow

Started by npatel , Dec 23 2009 07:05 PM

  • Please log in to reply

#1
npatel
Posted 23 December 2009 - 07:05 PM

npatel

    New Member

  • Member
  • Pip
  • 8 posts
Here is the logfile from HijackThis.

I recently used HouseCall and it found a bunch of stuff, I ran the "fixer" on it and now nothing pops up when I scan again but I have a feeling something isn't being detected as my computer is still running really slow

Like when I use an application (any) my CPU usage goes to 100% for a awhile (like longer than the usual increase in cpu usage).

Malware Bytes detects nothing, I shall scan again.

EDIT: I am doing a OTL log as I seen is the post procedure I should include one.

OTL Log
OTL logfile created on: 12/23/2009 8:25:52 PM - Run 2
OTL by OldTimer - Version 3.1.19.0	 Folder = C:\Documents and Settings\Patels\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 49.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2524 2524 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.38 Gb Free Space | 41.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PATEL
Current User Name: Patels
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/12/23 20:07:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patels\Desktop\OTL.exe
PRC - [2009/12/17 12:39:13 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 12:36:16 | 01,287,440 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/07 14:48:44 | 00,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 00,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2008/10/24 10:12:52 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 07:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2009/12/23 20:07:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patels\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/07/07 14:48:44 | 00,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/05/30 02:03:25 | 00,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/08/27 13:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) [Disabled | Stopped] -- C:\Program Files\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/05/03 10:57:00 | 00,520,192 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 12:39:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 12:39:17 | 00,000,000 | ---D | M]
 
[2008/12/05 14:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\Mozilla\Extensions
[2009/06/19 15:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\Mozilla\Firefox\Profiles\xyck4z78.default\extensions
[2009/12/23 11:58:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/ocis/SiSAutodetectNT.cab (SiS_OCX Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader2.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190597078671 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Patels/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62a3d3e2-75c2-11dc-94a9-000d61306a09}\Shell\AutoRun\command - "" = F:\abk.bat -- File not found
O33 - MountPoints2\{62a3d3e2-75c2-11dc-94a9-000d61306a09}\Shell\explore\Command - "" = F:\abk.bat -- File not found
O33 - MountPoints2\{62a3d3e2-75c2-11dc-94a9-000d61306a09}\Shell\open\Command - "" = F:\abk.bat -- File not found
O33 - MountPoints2\{79d97ae4-6dd4-11dc-948e-000d61306a09}\Shell\AutoRun\command - "" = F:\mrsne.bat -- File not found
O33 - MountPoints2\{79d97ae4-6dd4-11dc-948e-000d61306a09}\Shell\explore\Command - "" = F:\mrsne.bat -- File not found
O33 - MountPoints2\{79d97ae4-6dd4-11dc-948e-000d61306a09}\Shell\open\Command - "" = F:\mrsne.bat -- File not found
O33 - MountPoints2\{b8763442-a9ff-11dc-9546-000d61306a09}\Shell\AutoRun\command - "" = F:\ekf6dbg0.com -- File not found
O33 - MountPoints2\{b8763442-a9ff-11dc-9546-000d61306a09}\Shell\explore\Command - "" = F:\ekf6dbg0.com -- File not found
O33 - MountPoints2\{b8763442-a9ff-11dc-9546-000d61306a09}\Shell\open\Command - "" = F:\ekf6dbg0.com -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/23 19:47:11 | 00,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)
 
[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]
 
[2009/12/23 20:07:03 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patels\Desktop\OTL.exe
[2009/12/23 20:04:40 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/23 19:31:54 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Patels\Recent
[2009/12/23 18:57:10 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/23 18:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/12/23 18:40:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/23 17:28:53 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Patels\Desktop\HousecallLauncher.exe
[2009/12/23 14:42:17 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2009/12/23 14:41:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2009/12/23 14:37:38 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys
[2009/12/23 14:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\WebEx
[2009/12/23 14:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/12/11 00:36:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patels\Tracing
[2009/12/11 00:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/11 00:35:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/12/11 00:34:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/11 00:34:36 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/11 00:33:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/08 02:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/12 16:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/09/24 08:37:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/09/23 19:51:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[259 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]
 
[2009/12/23 20:07:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patels\Desktop\OTL.exe
[2009/12/23 20:04:40 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Patels\Desktop\HiJackThis.lnk
[2009/12/23 19:59:36 | 15,728,640 | ---- | M] () -- C:\Documents and Settings\Patels\ntuser.dat
[2009/12/23 19:59:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/23 19:48:29 | 00,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/23 19:48:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/23 19:48:24 | 10,732,74880 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/23 19:47:23 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Patels\ntuser.ini
[2009/12/23 19:47:18 | 06,892,876 | -H-- | M] () -- C:\Documents and Settings\Patels\Local Settings\Application Data\IconCache.db
[2009/12/23 18:57:11 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Patels\Desktop\CCleaner.lnk
[2009/12/23 18:53:06 | 00,000,440 | RHS- | M] () -- C:\Documents and Settings\Patels\ntuser.pol
[2009/12/23 18:47:57 | 00,220,454 | ---- | M] () -- C:\Documents and Settings\Patels\Desktop\unlocker1.8.8.exe
[2009/12/23 18:46:37 | 00,002,269 | ---- | M] () -- C:\Documents and Settings\Patels\Desktop\drivefix.reg
[2009/12/23 18:02:34 | 00,000,712 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/23 18:02:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/23 18:02:34 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/23 17:28:59 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Patels\Local Settings\Application Data\housecall.guid.cache
[2009/12/23 17:28:54 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Patels\Desktop\HousecallLauncher.exe
[2009/12/23 17:16:25 | 00,068,904 | ---- | M] () -- C:\Documents and Settings\Patels\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/23 16:57:55 | 00,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/23 14:42:22 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2009/12/23 14:41:48 | 08,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/22 03:54:51 | 00,428,949 | ---- | M] () -- C:\Documents and Settings\Patels\My Documents\Something Blue.jpg
[2009/12/21 06:34:32 | 00,000,526 | ---- | M] () -- C:\hpfr3420.xml
[2009/12/11 00:37:21 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\Patels\Desktop\Windows Live Messenger .lnk
[2009/12/11 00:35:55 | 00,000,904 | ---- | M] () -- C:\Documents and Settings\Patels\My Documents\My Sharing Folders.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[259 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2009/12/23 18:57:11 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Patels\Desktop\CCleaner.lnk
[2009/12/23 18:56:33 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Patels\Desktop\HiJackThis.lnk
[2009/12/23 18:53:06 | 00,000,440 | RHS- | C] () -- C:\Documents and Settings\Patels\ntuser.pol
[2009/12/23 18:47:51 | 00,220,454 | ---- | C] () -- C:\Documents and Settings\Patels\Desktop\unlocker1.8.8.exe
[2009/12/23 18:46:37 | 00,002,269 | ---- | C] () -- C:\Documents and Settings\Patels\Desktop\drivefix.reg
[2009/12/23 17:28:59 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Patels\Local Settings\Application Data\housecall.guid.cache
[2009/12/23 14:25:35 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2009/12/23 14:24:57 | 08,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/22 03:54:50 | 00,428,949 | ---- | C] () -- C:\Documents and Settings\Patels\My Documents\Something Blue.jpg
[2009/12/11 00:37:21 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\Patels\Desktop\Windows Live Messenger .lnk
[2008/12/27 22:39:15 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/04 10:55:10 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/04 10:55:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/04 16:04:25 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/18 19:39:17 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Patels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 01:21:39 | 00,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2007/09/26 21:19:32 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/09/26 16:39:52 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2007/09/26 00:19:17 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/25 23:40:08 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Patels\Local Settings\Application Data\fusioncache.dat
[2007/09/25 23:35:41 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/09/25 23:35:31 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/09/25 23:12:55 | 00,000,126 | ---- | C] () -- C:\WINDOWS\SiSAudioRack.ini
[2007/09/25 21:46:39 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2007/09/23 23:19:00 | 00,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/08/04 07:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/29 13:47:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2003/03/09 15:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/19 00:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/01/08 02:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/10/09 01:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2007/09/23 20:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2007/11/17 14:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2007/10/17 17:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/10/17 17:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\acccore
[2009/12/23 19:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\Azureus
[2007/09/24 08:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\F-Secure
[2009/09/05 22:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\FileZilla
[2009/08/03 17:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\HLSW
[2008/05/07 17:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patels\Application Data\Leadertech
[2008/05/04 13:40:04 | 00,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1190640508.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2009/03/10 17:19:18 | 01,083,392 | ---- | M] () -- C:\euox.exe
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
< End of report >



HijackThis! Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:55 PM, on 12/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190597078671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Patels/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 5796 bytes

Edited by npatel, 23 December 2009 - 07:43 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP