Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • Please log in to reply
1 reply to this topic

#1 Dcasper

Dcasper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 February 2008 - 07:41 PM

Well, my computer is slow as balls. I don't know. I've followed all the instructions from the stickied thread and run Virus/Spyware scans and removed everything but it still isn't any faster. This is weird, because a couple weeks ago it was pretty fast and I havn't added/removed anything since then so I decided I'd try this and see if any of you guys can see something I don't. <3<3<3<3

Log created by WinPatrol version 14.0.2007.1:14.0.2007.1
Scan saved at 5:23:53 PM, on 2/28/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\Lavasoft\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\StarWind\STARWINDSERVICEAE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\MSN MESSENGER\usnsvc.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: - {B6A77E0A-FA3D-4E24-8E2D-DA9A90E131BA} -
O2 - BHO: - {BA974953-D2C5-8834-BB21-8B8A37822AC2} -
O2 - BHO: - {CEADB2EC-7AEA-4374-A769-5A78817A6107} -
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -
O4 - HKLM\..\Run: WinPatrolC:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: http://ctfmon.exeC:\WINDOWS\syst...#092;ctfmon.exe
O4 - HKCU\..\Run: msnmsgrC:\Program Files\MSN Messenger\msnmsgr.exe /background
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: Java (Sun) Java (Sun) - C:\Program Files\Java\jre1.6.0_02\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim) - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.gamehouse.com/games/dvcode/DVCControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: wbsys.dll

O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: ASP.NET State Service - - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Human Interface Device Access - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: StarWind AE Service - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: TuneUp Theme Extension - TuneUp Software GmbH - C:\WINDOWS\system32\uxtuneup.dll

*
o
+ Additional WinPatrol Info ---

Default Browser: Firefox - Firefox version 2.0.0.12
MSIE: Internet Explorer (7.00.6000.16608)
Firefox 2.0.0.12 installed in C:\Program Files\Mozilla Firefox.
17 IE Cookies in Folder: C:\Documents and Settings\Family\Cookies\
156 Mozilla Cookies in Folder: C:\Documents and Settings\Family\Application Data\Mozilla\FireFox\Profiles\60xi5v6t.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: http://AppleSoftwareUpdate.jobC:\Program Files\Apple Software Update\SoftwareUpdate.exe 11/22/2007 9:09 AM
WP31 - Scheduled Tasks: http://1-Click Maintenance.jobC:\Program Files\TuneUp Utilities 2008\OneClick.exe 02/22/2008 5:15 PM

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\sqmdata00.sqm
WP32 - Hidden File: C:\sqmdata01.sqm
WP32 - Hidden File: C:\sqmdata02.sqm
WP32 - Hidden File: C:\sqmdata03.sqm
WP32 - Hidden File: C:\sqmdata04.sqm
WP32 - Hidden File: C:\sqmdata05.sqm
WP32 - Hidden File: C:\sqmdata06.sqm
WP32 - Hidden File: C:\sqmdata07.sqm
WP32 - Hidden File: C:\sqmdata08.sqm
WP32 - Hidden File: C:\sqmdata09.sqm
WP32 - Hidden File: C:\sqmdata10.sqm
WP32 - Hidden File: C:\sqmnoopt00.sqm
WP32 - Hidden File: C:\sqmnoopt01.sqm
WP32 - Hidden File: C:\sqmnoopt02.sqm
WP32 - Hidden File: C:\sqmnoopt03.sqm
WP32 - Hidden File: C:\sqmnoopt04.sqm
WP32 - Hidden File: C:\sqmnoopt05.sqm
WP32 - Hidden File: C:\sqmnoopt06.sqm
WP32 - Hidden File: C:\sqmnoopt07.sqm
WP32 - Hidden File: C:\sqmnoopt08.sqm
WP32 - Hidden File: C:\sqmnoopt09.sqm
WP32 - Hidden File: C:\sqmnoopt10.sqm
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\DEFAULT.rrr.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\default_TU_24594.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM_TU_67958.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY_TU_46556.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SOFTWARE.rrr.LOG

WP33 - File Type .AVI: Winamp media fileC:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .BAT: MS-DOS Batch File%1 %*
WP33 - File Type .CAT: Security Catalogrundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: Compiled HTML Help fileC:\WINDOWS\hh.exe %1
WP33 - File Type .COM: MS-DOS Application%1 %*
WP33 - File Type .CMD: Windows NT Command Script%1 %*
WP33 - File Type .EML: Internet E-Mail MessageC:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: Application%1 %*
WP33 - File Type .INF: Setup InformationC:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: JScript Script FileC:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: Text DocumentC:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: Windows Installer PackageC:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: Winamp media fileC:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .MP3: Winamp media fileC:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .PIF: Shortcut to MS-DOS Program%1 %*
WP33 - File Type .REG: Registration Entriesregedit.exe %1
WP33 - File Type .SBS: Spyware supplemental fileC:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: Screen Saver%1 /S
WP33 - File Type .TXT: Text DocumentC:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: Internet Shortcutrundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: VBScript Script FileC:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: VBScript Encoded Script FileC:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: Windows Script FileC:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: Windows Script Host Settings FileC:\WINDOWS\System32\WScript.exe %1 %*

Memory currently in use: 69%
Physical Memory Free: 118,532 KB
Paging File Free: 629,380 KB
Virtual Memory Free: 2,055,460 KB

--
End of file

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:39 AM

Posted 17 March 2008 - 03:26 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users