1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Plz Help..PC getting to slow in between ,,,plus its take 10mins to boot

Discussion in 'Virus & Other Malware Removal' started by prithvi, Nov 6, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    just from 2 weeks my pc behaveing weird,,,i have scan for malware,spyware,virus,trojan etc but no negative report...few days back i got a virus,somehow i removed it but after that all these thing happeing,like pc take lots of time to start,and when opening 4/5 tabs in firefox v7 its just make my comp very slow same goes with Iexplorer 8.

    Btw is this comboFix is malware ? as my comodo antivirus was not allowing me to download and run this app..so i have to disabled it to make it run
    well,Below attachment of comboFix log file
     

    Attached Files:

  2. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:39:57 PM, on 11/6/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{301B83ED-6B5B-4FD6-A0D8-D5B26BDC6726}: NameServer = 202.149.208.92,202.149.208.11
    O17 - HKLM\System\CS1\Services\Tcpip\..\{301B83ED-6B5B-4FD6-A0D8-D5B26BDC6726}: NameServer = 202.149.208.92,202.149.208.11
    O17 - HKLM\System\CS2\Services\Tcpip\..\{301B83ED-6B5B-4FD6-A0D8-D5B26BDC6726}: NameServer = 202.149.208.92,202.149.208.11
    O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    --
    End of file - 5034 bytes
     
  3. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    any one..........
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    I think that if you uninstall comodo all your problems will go away
    I have always found Comodo to be over intrusive & bogs down any computer I have ever tried to run it on
     
  5. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    ^^ yea my friend i think you right,even i was thinking to remove comodo internet security,,and then check my pc performance...Tomorrow i will uninstal it.

    Btw which anti-virus u used or which the best one that eats less memory and dont make pc slow while scanning
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Microsoft Security Essentials Antivirus
     
  7. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    hey dvk01 i have removed comodo and installed microsoft security essential..but still same problem..actualy now its getting more hanged in between,,, if i open notepad and dont type for few seconds, it get stuck then have to do ctrl alt delete,,then suddenly it start getting normal...same thing goes with others apps/program too..worst happen when i run firefox or internet explorer
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    in that case lets see what this shows us

    follow advice here and post the logs those programs make
     
  9. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    Ok here it goes......


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:59:33 PM, on 11/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Documents and Settings\Hari Om\Desktop\HijackThis 2.0.4.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{301B83ED-6B5B-4FD6-A0D8-D5B26BDC6726}: NameServer = 202.149.208.92,202.149.208.11
    O17 - HKLM\System\CS1\Services\Tcpip\..\{301B83ED-6B5B-4FD6-A0D8-D5B26BDC6726}: NameServer = 202.149.208.92,202.149.208.11
    O17 - HKLM\System\CS2\Services\Tcpip\..\{301B83ED-6B5B-4FD6-A0D8-D5B26BDC6726}: NameServer = 202.149.208.92,202.149.208.11
    O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    --
    End of file - 4773 bytes


    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Hari Om at 17:00:04 on 2011-11-11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2625 [GMT 5.5:30]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.microsoft.com
    mWindow Title = Microsoft Internet Explorer
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dPolicies-explorer: EditLevel = 0 (0x0)
    dPolicies-explorer: NoCommonGroups = 0 (0x0)
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1318237618328
    TCP: Interfaces\{301B83ED-6B5B-4FD6-A0D8-D5B26BDC6726} : NameServer = 202.149.208.92,202.149.208.11
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\common files\binarysense\hlAPP.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hari om\application data\mozilla\firefox\profiles\yryhjc65.default\
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2011-10-7 22312]
    R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-10-25 101616]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl9f5633ad;MpKsl9f5633ad;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{242396e7-e538-4707-9223-0eb2089b6786}\MpKsl9f5633ad.sys [2011-11-11 28752]
    R1 MpKslcd97b3c3;MpKslcd97b3c3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{242396e7-e538-4707-9223-0eb2089b6786}\MpKslcd97b3c3.sys [2011-11-11 28752]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2011-2-18 841544]
    S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-11-2 233472]
    .
    =============== Created Last 30 ================
    .
    2011-11-11 11:26:44 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{242396e7-e538-4707-9223-0eb2089b6786}\MpKsl9f5633ad.sys
    2011-11-11 06:57:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-11 06:37:58 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{242396e7-e538-4707-9223-0eb2089b6786}\MpKslcd97b3c3.sys
    2011-11-11 06:37:45 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{242396e7-e538-4707-9223-0eb2089b6786}\offreg.dll
    2011-11-10 18:59:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-11-10 18:59:45 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-10 06:24:19 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-11-10 06:23:11 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{242396e7-e538-4707-9223-0eb2089b6786}\mpengine.dll
    2011-11-10 06:06:44 -------- d-----w- c:\program files\Microsoft Security Client
    2011-11-10 05:55:01 -------- d-----w- c:\documents and settings\hari om\application data\Uninstaller Tool(Comodo Forums)
    2011-11-09 08:14:45 -------- d-----w- c:\program files\SpeedFan
    2011-11-08 07:06:29 -------- d-----w- c:\documents and settings\hari om\local settings\application data\Home_Bussiness
    2011-11-07 19:47:00 -------- d-----w- c:\windows\XSxS
    2011-11-07 17:39:58 1563952 ----a-w- C:\TDSSKiller 2.6.16.0 Rootkit removing tool.exe
    2011-11-06 11:07:57 388096 ----a-r- c:\documents and settings\hari om\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-06 11:07:55 -------- d-----w- c:\program files\Trend Micro
    2011-11-06 10:06:46 -------- d-sha-r- C:\cmdcons
    2011-11-06 10:01:54 98816 ----a-w- c:\windows\sed.exe
    2011-11-06 10:01:54 518144 ----a-w- c:\windows\SWREG.exe
    2011-11-06 10:01:54 256000 ----a-w- c:\windows\PEV.exe
    2011-11-06 10:01:54 208896 ----a-w- c:\windows\MBR.exe
    2011-11-03 15:41:59 -------- d-----w- c:\documents and settings\all users\application data\Norton
    2011-11-03 15:41:46 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
    2011-11-03 12:30:09 -------- d-----w- c:\documents and settings\hari om\application data\Zbshareware Lab
    2011-11-03 12:30:09 -------- d-----w- c:\documents and settings\all users\application data\Zbshareware Lab
    2011-11-03 12:29:58 -------- d-----w- c:\program files\USB Disk Security
    2011-11-03 12:08:11 2412 ----a-w- c:\windows\system32\ASOROSet.bin
    2011-11-03 08:34:24 -------- d-----w- c:\documents and settings\all users\application data\Systweak
    2011-11-03 08:30:31 -------- d-----w- c:\documents and settings\hari om\application data\Systweak
    2011-11-03 08:21:27 -------- d-----w- c:\program files\Advanced System Optimizer 3
    2011-11-03 08:10:46 -------- d-----w- c:\program files\Intel Corporation
    2011-11-02 14:34:32 233472 ----a-w- c:\windows\system32\PuranDefragS.exe
    2011-11-02 14:34:32 229376 ----a-w- c:\windows\system32\PuranDC.exe
    2011-11-02 14:34:32 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
    2011-11-02 14:34:32 1114112 ----a-w- c:\windows\system32\PuranFD.exe
    2011-11-02 14:34:32 109056 ----a-w- c:\windows\system32\PuranDefragBT.exe
    2011-11-02 14:34:29 -------- d-----w- c:\program files\Puran Defrag
    2011-11-02 14:03:05 -------- d-----w- c:\documents and settings\hari om\application data\GlarySoft
    2011-11-02 13:06:54 -------- d-----w- c:\documents and settings\hari om\application data\Uniblue
    2011-11-02 12:39:51 -------- d-----w- c:\windows\system32\appmgmt
    2011-11-01 09:56:18 2469248 ----a-w- c:\windows\system32\BootMan.exe
    2011-11-01 09:56:18 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2011-11-01 08:53:18 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-11-01 08:53:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-11-01 08:53:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-11-01 08:53:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-11-01 08:53:17 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-11-01 08:53:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-11-01 08:36:08 -------- d-----w- c:\windows\ie8updates
    2011-11-01 08:12:21 -------- d-sh--w- c:\documents and settings\hari om\IECompatCache
    2011-11-01 08:07:28 -------- d-sh--w- c:\documents and settings\hari om\PrivacIE
    2011-11-01 08:06:08 -------- d-sh--w- c:\documents and settings\hari om\IETldCache
    2011-11-01 07:58:54 -------- dc-h--w- c:\windows\ie8
    2011-10-31 06:46:52 -------- d-----w- c:\documents and settings\hari om\application data\mkvtoolnix
    2011-10-31 06:45:12 -------- d-----w- c:\program files\MKVtoolnix
    2011-10-30 05:53:08 172032 ----a-w- c:\windows\system32\igfxres.dll
    2011-10-29 17:53:42 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
    2011-10-29 08:39:52 -------- d-----w- c:\program files\AnyToISO
    2011-10-26 07:54:25 -------- d--h--w- c:\windows\PIF
    2011-10-25 08:22:14 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
    2011-10-24 17:30:01 713560 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2011-10-24 17:30:00 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-10-24 17:30:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-10-24 17:30:00 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2011-10-24 17:30:00 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    2011-10-23 12:50:14 -------- d-----w- c:\program files\Kroll Ontrack
    2011-10-22 15:31:35 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2011-10-22 13:00:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-10-22 12:59:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-10-22 12:59:30 -------- d-----w- c:\documents and settings\all users\Microsoft
    2011-10-22 12:58:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2011-10-22 12:57:39 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-10-22 12:57:32 -------- d-----w- c:\windows\SHELLNEW
    2011-10-22 12:57:14 -------- d-----w- c:\documents and settings\hari om\local settings\application data\Microsoft Help
    2011-10-20 08:00:42 -------- d-----w- c:\documents and settings\hari om\application data\QuickScan
    2011-10-20 06:40:46 -------- d-----w- c:\documents and settings\hari om\application data\KillSwitch
    2011-10-20 06:40:46 -------- d-----w- c:\documents and settings\hari om\application data\CCE
    2011-10-20 06:40:41 -------- d-----w- c:\documents and settings\hari om\application data\Autorun Analyzer
    2011-10-20 06:37:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-10-20 06:37:15 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2011-10-20 06:37:14 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2011-10-18 17:12:41 -------- d-----w- c:\program files\UltraISO
    2011-10-18 17:12:41 -------- d-----w- c:\program files\common files\EZB Systems
    2011-10-18 12:40:33 -------- d-----w- c:\program files\Western Digital Corporation
    2011-10-18 12:40:30 64616 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-10-18 11:58:05 -------- d-----w- c:\documents and settings\hari om\application data\HD Tune Pro
    2011-10-18 11:50:16 -------- d-----w- c:\documents and settings\all users\application data\AltrixSoft
    2011-10-17 12:03:15 -------- d-----w- c:\windows\system32\LogFiles
    2011-10-17 11:54:54 404256 ----a-r- c:\windows\system32\drivers\SRS_AE_i386.sys
    2011-10-17 11:54:38 -------- d-----w- c:\program files\common files\SRS Labs
    2011-10-16 04:59:04 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-10-15 13:51:24 -------- d--h--w- c:\windows\msdownld.tmp
    2011-10-15 13:40:06 28992 ----a-w- c:\windows\system32\uxtuneup.dll
    2011-10-15 08:26:33 -------- d-----w- c:\windows\pss
    2011-10-15 07:35:37 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-15 07:35:37 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-10-15 07:35:37 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-10-15 07:03:46 -------- d-----w- c:\documents and settings\hari om\local settings\application data\PCHealth
    2011-10-15 07:02:52 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2011-10-15 07:02:52 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2011-10-15 07:02:26 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2011-10-15 06:54:02 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-14 13:28:12 20064872 ----a-w- c:\windows\SET63.tmp
    2011-10-14 07:09:42 1292288 ----a-w- c:\windows\is-3S76H.exe
    2011-10-13 17:58:58 175616 ----a-w- c:\windows\system32\unrar.dll
    2011-10-13 17:58:57 74752 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-10-13 17:58:57 650752 ----a-w- c:\windows\system32\xvidcore.dll
    2011-10-13 17:58:57 243200 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-10-13 17:58:57 232448 ----a-w- c:\windows\system32\mp3fhg.acm
    2011-10-13 17:58:57 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2011-10-13 17:58:55 -------- d-----w- c:\program files\K-Lite Codec Pack
    2011-10-13 14:33:00 16836 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
    2011-10-13 08:32:22 -------- d-----w- c:\program files\WinASO
    .
    ==================== Find3M ====================
    .
    2011-10-18 14:23:14 6439528 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
    2011-10-13 08:01:39 253952 ------w- c:\windows\Setup1.exe
    2011-10-13 08:01:38 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-05 05:29:07 315392 ----a-w- c:\windows\HideWin.exe
    2011-09-26 06:11:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 06:11:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 06:11:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 15:20:52 53248 ----a-w- c:\windows\system32\CSVer.dll
    2011-08-29 10:50:00 1493608 ----a-w- c:\windows\RtlUpd.exe
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 17:00:31.60 ===============
     

    Attached Files:

  10. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    Note when i scan with that GMER at the point when it reached the files option scan,, suddenly after few seconds my pc restart...3 times this happen.So i unheck files option and then did the scan,as shown in below snapshot
    ( i have a month old 1 TB unpartional drive in which i have installed xp sp3 and some backups az my old 250gb hdd got some bad sectors)

    [​IMG]

    here the scan report after that

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-11 17:12:42
    Windows 5.1.2600 Service Pack 3
    Running: weplieu9.exe; Driver: C:\DOCUME~1\HARIOM~1\LOCALS~1\Temp\ugtdipod.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\Tcpip \Device\Tcp idmtdi.sys (Internet Download Manager TDI Driver/Tonec Inc.)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SOFTWARE\Classes\CLSID\{1070aba2-201f-4599-93bc-b720bfc867ae}@Model 308
    Reg HKLM\SOFTWARE\Classes\CLSID\{1070aba2-201f-4599-93bc-b720bfc867ae}@Therad 30
    Reg HKLM\SOFTWARE\Classes\CLSID\{1070aba2-201f-4599-93bc-b720bfc867ae}@MData 0x2B 0x8F 0x78 0x29 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x25 0xB4 0x93 0xC9 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EC72CC68-A29F-21A7-1E5F-B49972FD85E4}
    ---- EOF - GMER 1.0.15 ----
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    I can't see any sign of any malware there and suspect disc corruption from the various HD tuning/tweaking programs
    I think the only way you will solve this is format & reinstall windows without all the crud
     
  12. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    yes even i have scanned the pc with various malware & anti-virus apps all have shown positive results..its clean

    This problem started when i use Auslogics Disk Defrag 3.3.0.0 and in that i had done quick defrag without analyzeing,,then optimize disk..Just after that whole pc was like a dead.all program's start running slow including windows bootup time.

    This wat Hard Disk Sentinel shows....
     

    Attached Files:

    • hds.png
      hds.png
      File size:
      32.1 KB
      Views:
      2
  13. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    And this my boot startup/loader..... is its ok !

    [​IMG]
     

    Attached Files:

    • 1.png
      1.png
      File size:
      36.2 KB
      Views:
      8
  14. prithvi

    prithvi Thread Starter

    Joined:
    Oct 18, 2008
    Messages:
    18
    dvk01 ?
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    I have nothing further to say
    I have already given you my opinion in post #11
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025672

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice