Tech Support Forum - View Single Post - Very slow computer, pop-ups

griffy · 01-28-2008, 06:14 AM

See attached for combofix log. Still getting the error message (see attached "screenshot.doc" in previous posting) when I run combofix.

ComboFix 08-01-28.2 - User 2008-01-28 12:51:46.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.599 [GMT 0:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-27 13:16 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-27 13:15 . 2008-01-27 13:15 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-27 09:28 . 2008-01-27 09:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-27 09:28 . 2008-01-27 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-26 08:18 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-26 08:18 . 2008-01-26 10:30 212 --a------ C:\Boot.bak
2008-01-21 19:31 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-21 19:31 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-21 19:31 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-21 19:31 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-19 11:45 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-19 10:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\uydvpvblrknu.sys
2008-01-15 23:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\sersjuqvkujg.sys
2008-01-15 23:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-01-15 21:47 . 2008-01-15 21:47 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-13 19:05 . 2008-01-13 19:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 23:16 . 2008-01-12 23:16 <DIR> d-------- C:\Deckard
2008-01-12 22:28 . 2008-01-12 22:28 <DIR> d-------- C:\ie-spyad_zo
2008-01-12 20:52 . 2008-01-19 10:43 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-10 20:50 . 2008-01-10 20:50 <DIR> d-------- C:\Program Files\AML Products
2008-01-10 20:50 . 2000-05-22 16:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-01-08 19:21 . 2008-01-24 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 09:44 . 2008-01-05 10:19 1,814 --a------ C:\WINDOWS\system32\SBRC.dat
2008-01-04 12:22 . 2008-01-05 10:21 5,446,681 --a------ C:\WINDOWS\system32\SBSP.dat
2008-01-04 12:22 . 2008-01-05 10:21 443,765 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-01 16:16 . 2008-01-01 16:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sunbelt Software
2008-01-01 16:16 . 2008-01-01 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 08:05 --------- d-----w C:\Program Files\QuickTime
2008-01-28 08:05 --------- d-----w C:\Program Files\iTunes
2008-01-27 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-27 16:58 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-01-27 13:16 --------- d-----w C:\Program Files\Java
2008-01-24 19:59 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-01-24 19:59 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-01-24 19:59 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-19 13:55 --------- d-----w C:\Program Files\Google
2008-01-08 19:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-04 02:08 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-04 02:08 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-04 02:08 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-04 02:08 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-04 02:08 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-04 02:08 118,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-02 18:09 --------- d-----w C:\Documents and Settings\User\Application Data\Snapfish
2007-11-30 21:19 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-25 23:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 07:07 44,632 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 19:59 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2008-01-24 19:59 472632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2008-01-24 19:59 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2008-01-24 19:59 69632]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-24 19:59 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-24 19:59 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-24 19:59 114688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-24 19:59 39792]
"WD Button Manager"="WDBtnMgr.exe" [2007-08-11 08:59 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-24 19:22 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-24 19:59 267064]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2008-01-24 19:59 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 19:59 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-07 19:26:34 124912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-08-11 09:00:57 98304]

S3 CamAv;SAMSUNG Video Capture;C:\WINDOWS\system32\Drivers\CamAv.sys []
S3 CAMFLT;%CAMFLT.SvcDesc%;C:\WINDOWS\system32\drivers\CAMFLT.sys []
S3 kwwalpgr;kwwalpgr;C:\DOCUME~1\User\LOCALS~1\Temp\kwwalpgr.sys []
S3 PolarUSB;Polar USB Interface;C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 15:49]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 10:27:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 12:54:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-28 12:56:16
ComboFix-quarantined-files.txt 2008-01-28 12:56:13
ComboFix2.txt 2008-01-27 09:20:21
ComboFix3.txt 2008-01-26 13:41:13
.
2008-01-10 08:31:01 --- E O F ---