Thread: Slow to respond to clicks, disconnects from dialup, lot of programs not responding
View Single Post
Old 11-15-2008, 06:21 PM   #9 (permalink)
seal123
Registered User
 
Join Date: Nov 2008
Posts: 29
OS: XP Pro SP2


Re: Slow to respond to clicks, disconnects from dialup, lot of programs not respondin
Thanks again AngelFire,
Sorry! My bad about ther system restore before/after misunderstanding.
I did as requested, got a log, did system restore. Not sure if this is normal
or relevant, but Spybot S&D Resident pops back into the tray next to the clock each time Combofix gives me the log.

Thanks again. Deb


ComboFix 08-11-13.02 - Deb 2008-11-16 10:54:31.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.795 [GMT 10:00]
Running from: c:\documents and settings\Deb\Desktop\Malware detection\ComboFix.exe
Command switches used :: c:\documents and settings\Deb\Desktop\Malware detection\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-09 13:11 . 2008-11-16 10:27 <DIR> d-------- c:\documents and settings\Deb\Application Data\Free Download Manager
2008-11-09 13:11 . 2008-11-09 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-09 13:10 . 2008-11-09 13:11 <DIR> d-------- c:\program files\Free Download Manager
2008-11-07 11:50 . 2008-11-15 20:54 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-07 11:50 . 2008-11-07 11:50 1,409 --a------ c:\windows\QTFont.for
2008-10-29 11:24 . 2008-10-29 11:26 <DIR> d-------- c:\program files\SEO Elite 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 03:22 --------- d-----w c:\program files\Reply Email Automator Setup
2008-11-13 03:22 --------- d-----w c:\program files\Real Link Finder
2008-11-13 03:22 --------- d-----w c:\program files\PopCap Games
2008-11-13 03:00 --------- d-----w c:\program files\LimeWire
2008-11-12 08:56 --------- d-----w c:\program files\Keyword Elite
2008-11-12 00:56 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-12 00:56 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-12 00:55 143,096 ----a-w c:\windows\system32\guard32.dll
2008-11-10 12:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-09 02:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 00:20 --------- d-----w c:\program files\SpywareGuard
2008-10-21 04:42 --------- d-----w c:\program files\Java
2008-10-10 23:06 --------- d-----w c:\program files\FreeRIP3
2008-10-10 23:05 --------- d-----w c:\documents and settings\All Users\Application Data\FreeRIP
2008-10-05 22:02 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-05 11:22 --------- d-----w c:\documents and settings\Deb\Application Data\DataCast
2008-10-05 11:21 --------- d-----w c:\documents and settings\Deb\Application Data\InstallShield
2008-10-05 05:14 65,024 ----a-w c:\windows\IFinst26.exe
2008-10-05 05:14 --------- d-----w c:\program files\Lame MP3 Codec
2008-10-05 05:13 --------- d-----w c:\program files\XviD
2008-10-05 05:12 --------- d-----w c:\program files\Samsung
2008-10-05 05:12 --------- d-----w c:\program files\MarkAny
2008-10-03 02:31 4 ----a-w C:\results.bin
2008-10-02 03:12 --------- d-----w c:\documents and settings\Deb\Application Data\Lavasoft
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\win32k.sys
2008-08-30 20:31 91,712 ----a-w c:\documents and settings\Deb\Application Data\GDIPFONTCACHEV1.DAT
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-11 04:11 48,367,896 ----a-w c:\program files\avg_free_stf_en_8_138a1332.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-06 1797880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-06 1797880]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

c:\documents and settings\Deb\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\startupfolder\C:^Documents and Settings^Deb^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2007-12-31 23:05 2449455 c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Keyword Elite\\Keyword Elite.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-11 97928]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-07-10 99856]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-07-10 31504]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 875288]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-11 76040]
S2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\system32\drivers\ScFBPNT.SYS [2008-09-02 16288]
S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys []
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
S4 mswmf32;mswmf32; []
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\AB6923F99122D6D1.job
- c:\docume~1\deb\applic~1\byteho~1\data skip license.exe []

2008-11-15 c:\windows\Tasks\Ad-Aware SE Personal.job
- c:\progra~1\Lavasoft\AD-AWA~1\Ad-Aware.exe []

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-15 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2008-01-28 11:43]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
O8 -: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O8 -: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 -: Trusted Zone: www.linkshare.com

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
c:\windows\Downloaded Program Files\ewidoOnlineScan.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 10:57:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
Completion time: 2008-11-16 10:59:03
ComboFix-quarantined-files.txt 2008-11-16 00:58:41
ComboFix2.txt 2008-11-14 07:20:39

Pre-Run: 96,888,868,864 bytes free
Post-Run: 96,963,239,936 bytes free

146 --- E O F --- 2008-11-13 00:12:52
seal123 is offline