Thread: computer running very slow
View Single Post
Old 11-05-2008, 05:17 AM   #8 (permalink)
kru1992
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: Windows XP


Re: computer running very slow
Sure here it is

ComboFix 08-11-04.02 - Fabiola Kelly 2008-11-04 21:09:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.157 [GMT -6:00]
Running from: c:\documents and settings\Fabiola Kelly\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fabiola Kelly\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\povyjek.vbs
c:\documents and settings\Fabiola Kelly\Application Data\erutyxyzi.bin
c:\documents and settings\Fabiola Kelly\Application Data\irodyt.pif
c:\program files\Common Files\afirarovuv.db
c:\program files\Common Files\axiwi.pif
c:\program files\Common Files\obirolan.dat
c:\program files\Common Files\ymazoxu.dll
c:\windows\cose.scr
c:\windows\naxez._sy
c:\windows\ogekyb.reg
c:\windows\system32\byfulyj.bat
c:\windows\system32\ybatadylug._sy
c:\windows\system32\yvyvyvaqag.bin
c:\windows\Tasks\At1.job
c:\windows\tidixyw._sy
c:\windows\ytisinyg._dl
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\nqrslypg
c:\documents and settings\All Users\Application Data\povyjek.vbs
c:\documents and settings\Fabiola Kelly\Application Data\erutyxyzi.bin
c:\documents and settings\Fabiola Kelly\Application Data\irodyt.pif
c:\program files\Common Files\afirarovuv.db
c:\program files\Common Files\axiwi.pif
c:\program files\Common Files\obirolan.dat
c:\program files\Common Files\ymazoxu.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\yzivowb
c:\program files\yzivowb\SysMon.dll
c:\windows\cose.scr
c:\windows\naxez._sy
c:\windows\ogekyb.reg
c:\windows\system32\byfulyj.bat
c:\windows\system32\ybatadylug._sy
c:\windows\system32\yvyvyvaqag.bin
c:\windows\Tasks\At1.job
c:\windows\tidixyw._sy
c:\windows\ytisinyg._dl

.
((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-04 12:56 . 2008-11-04 14:36 <DIR> d-------- c:\documents and settings\Fabiola Kelly\Application Data\Winferno
2008-11-04 12:53 . 2008-11-04 12:53 <DIR> d-------- c:\program files\Winferno
2008-11-04 12:53 . 2008-03-11 14:25 835,584 --a------ c:\windows\system32\WINCTL4.ocx
2008-11-04 12:53 . 2008-03-11 14:25 585,728 --a------ c:\windows\system32\RDSHELL2004.BZT
2008-11-04 12:53 . 2008-03-11 14:25 495,616 --a------ c:\windows\system32\WINUTIL5.dll
2008-11-04 12:53 . 2008-02-13 16:08 492,768 --a------ c:\windows\system32\IGToolBars50.ocx
2008-11-04 12:53 . 2008-03-11 14:25 393,216 --a------ c:\windows\system32\WINLCTL5.dll
2008-11-04 12:53 . 2008-02-13 16:09 381,712 --a------ c:\windows\system32\mswless.ocx
2008-11-04 12:53 . 2008-02-13 16:08 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2008-11-04 12:53 . 2008-02-13 16:08 148,480 --a------ c:\windows\system32\TLBINF32.DLL
2008-11-04 12:53 . 2008-02-13 16:09 140,488 --a------ c:\windows\system32\comdlg32.ocx
2008-11-04 12:53 . 2008-02-13 16:08 109,248 --a------ c:\windows\system32\mswinsck.ocx
2008-11-04 12:48 . 2008-11-04 12:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-04 11:49 . 2008-11-04 11:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-04 11:46 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-04 11:46 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-04 11:46 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-04 11:38 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-04 11:24 . 2008-11-04 14:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-11-01 04:57 . 2008-11-01 05:28 <DIR> d-------- C:\rsit
2008-11-01 04:57 . 2008-11-01 04:57 <DIR> d-------- c:\program files\trend micro
2008-10-31 08:11 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-10-30 19:25 . 2008-10-30 19:25 <DIR> d-------- c:\documents and settings\Fabiola Kelly\Application Data\Creative
2008-10-29 20:53 . 2006-10-05 16:17 53,248 --------- c:\windows\Ctregrun.exe
2008-10-29 20:52 . 2008-10-29 22:03 <DIR> d-------- c:\program files\Audible
2008-10-29 20:52 . 2008-10-29 20:52 417,792 --a------ c:\windows\system32\awrdscdc.ax
2008-10-29 20:50 . 2008-10-29 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-10-29 20:48 . 1999-12-12 11:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-29 20:48 . 1999-11-17 11:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-10-29 20:47 . 2008-10-29 20:49 <DIR> d--h----- c:\program files\Creative Installation Information
2008-10-29 20:47 . 2008-10-29 20:53 <DIR> d-------- c:\program files\Creative
2008-10-29 20:47 . 2008-10-29 20:47 <DIR> d-------- c:\program files\Common Files\Creative
2008-10-28 22:06 . 2008-10-28 22:06 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{AFD61B9C-946C-4129-B53C-E1C5D51A536D}
2008-10-28 22:05 . 2008-10-28 22:05 <DIR> d-------- c:\program files\Transparent
2008-10-28 22:05 . 2008-10-28 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Transparent
2008-10-23 14:02 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 20:55 . 2008-10-21 21:02 <DIR> d-------- c:\program files\Rhapsody
2008-10-21 13:50 . 2008-11-01 21:34 <DIR> d-------- c:\documents and settings\Fabiola Kelly\Application Data\Canon
2008-10-16 04:50 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 04:50 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 04:50 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 04:50 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 04:50 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 04:49 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-13 11:16 . 2008-10-13 11:16 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-10 07:43 . 2008-10-10 07:43 <DIR> d-------- c:\program files\Bonjour
2008-10-10 07:36 . 2008-10-10 07:40 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 03:04 --------- d-----w c:\program files\FrostWire
2008-11-04 20:42 --------- d-----w c:\program files\McAfee.com
2008-11-04 17:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-31 14:09 --------- d-----w c:\program files\Panda Security
2008-10-30 23:45 --------- d-----w c:\documents and settings\Fabiola Kelly\Application Data\FrostWire
2008-10-30 13:14 --------- d-----w c:\documents and settings\Fabiola Kelly\Application Data\Tenderfoot Games
2008-10-30 12:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-25 02:19 --------- d-----w c:\program files\Java
2008-10-22 02:56 --------- d-----w c:\program files\Real
2008-10-20 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2008-10-13 17:15 --------- d-----w c:\program files\Common Files\Real
2008-10-10 14:00 --------- d-----w c:\program files\Apple Software Update
2008-10-10 13:37 --------- d-----w c:\program files\Common Files\Apple
2008-09-21 00:37 --------- d-----w c:\program files\RealArcade
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-29 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-10-07 02:34 774,144 ----a-w c:\program files\RngInterstitial.dll
2007-05-10 21:53 658 ---ha-w c:\documents and settings\All Users\hpothb07.dat
2007-04-28 15:35 90,112 ----a-w c:\program files\AboutBuster.exe
2007-02-13 13:28 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-09-09 23:25 20,560 ----a-w c:\documents and settings\Fabiola Kelly\Application Data\GDIPFONTCACHEV1.DAT
2006-08-16 01:31 0 ---ha-w c:\documents and settings\Default User\hpothb07.dat
2006-08-16 01:31 0 ---ha-w c:\documents and settings\Administrator\hpothb07.dat
2004-01-21 23:01 98,304 ----a-w c:\program files\miniremoval_coolwebsearch_smartkiller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"CyberPatrolNew"="c:\program files\SurfControl\CyberPatrol\cphq.exe" [2006-04-23 1445888]
"KEMailKb"="c:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 401408]
"KPDrv4XP"="c:\progra~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 40960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-13 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

SSODL-SysMon-{67F9BDC6-37C5-9C7A-5F55-0328DB96EE19} - c:\program files\yzivowb\SysMon.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 21:11:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-04 21:14:26
ComboFix-quarantined-files.txt 2008-11-05 03:13:23
ComboFix2.txt 2008-11-04 21:13:55

Pre-Run: 86,834,606,080 bytes free
Post-Run: 86,832,107,520 bytes free

195 --- E O F --- 2008-10-24 08:01:05
kru1992 is offline