Thread: Computer Running Slow and Glitchy
View Single Post
Old 11-15-2008, 08:14 PM   #6 (permalink)
cadriemir
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Hello Tetonbob,
Thank you so much for your help!! Ok, I did the steps so far and here are the logs. I attached the Combofix.txt log because it was so long but if you would rather have it posted in the forum I can do that too. Thanks again for all of your help and I await your next instructions!!


ComboFix 08-11-13.02 - Owner 2008-11-15 21:47:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1391 [GMT -5:00]
Running from: c:\documents and settings\Owner.Jezebelle\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.Jezebelle\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Microsoft Common
c:\windows\system32\alog.txt
c:\windows\system32\fhkmp.ini
c:\windows\system32\fhkmp.ini2
c:\windows\system32\kaxs.dat
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\pac.txt
c:\windows\system32\tb.dr
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_restore


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-11 15:46 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 15:46 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 11:42 . 2008-11-10 11:42 <DIR> d-------- C:\rsit
2008-11-10 11:42 . 2008-11-10 12:27 <DIR> d-------- c:\program files\trend micro
2008-11-10 09:39 . 2008-11-10 13:49 250 --a------ c:\windows\gmer.ini
2008-11-08 18:37 . 2008-11-13 17:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-08 16:19 . 2008-11-08 16:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-08 16:19 . 2008-11-08 16:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-08 16:18 . 2008-11-15 21:26 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\program files\AVG
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-08 16:18 . 2008-11-08 16:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-08 07:46 . 2008-11-08 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-08 07:31 . 2008-11-08 07:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-08 07:20 . 2008-11-08 07:20 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-11-08 01:23 . 2008-11-08 01:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2008-11-08 01:08 . 2008-11-08 01:08 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\AVGTOOLBAR
2008-11-06 05:19 . 2008-11-06 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 05:10 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-06 03:50 . 2008-11-06 03:50 141 --a------ c:\windows\wininit.ini
2008-11-06 02:31 . 2008-11-06 03:04 58 --a------ c:\windows\system32\winwp.bmp
2008-11-06 02:26 . 2008-11-06 02:26 144,896 --a------ c:\windows\system32\mkrnl.exe
2008-11-06 02:26 . 2008-11-06 02:26 24,576 --a------ c:\windows\Qzifijolo.dll
2008-11-06 02:25 . 2008-11-06 02:33 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 02:25 . 2008-11-06 02:25 <DIR> d-------- c:\temp\NT32
2008-11-06 02:25 . 2008-11-06 02:25 2 --a------ C:\-925240183
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ\LOCALS~1
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner_Jezebelle
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\pdf995
2008-10-20 10:17 . 2008-10-20 10:17 28 --a------ c:\windows\pdf995.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 02:50 --------- d-----w c:\program files\Steam
2008-11-14 03:05 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\OpenOffice.org2
2008-11-10 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 13:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 04:27 --------- d-----w c:\program files\CyberLink
2008-11-09 04:19 --------- d-----w c:\program files\Winamp
2008-11-06 10:19 --------- d-----w c:\program files\Lavasoft
2008-11-03 16:46 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\TaxCut
2008-11-03 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Printer Info Cache
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Image Zone Express
2008-10-09 07:37 --------- d-----w c:\program files\LimeWire
2008-10-09 07:00 --------- d-----w c:\program files\Java
2008-09-16 00:33 --------- d--h--w c:\documents and settings\Owner.Jezebelle\Application Data\Move Networks
2008-02-28 13:30 274 ----a-w c:\documents and settings\Owner.Jezebelle\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot_2007-11-16_22.57.08.89 )))))))))))))))))))))))))))))))))))))))))
.

<snipped to fit>
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-08-17 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-08 648504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-08 1234712]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\desolece\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\WOWoW\\Repair.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-08 97928]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R2 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-08 76040]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-04-18 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-03-01 24652]
S1 1d1615c3;1d1615c3;c:\windows\system32\drivers\1d1615c3.sys []
.
- - - - ORPHANS REMOVED - - - -

BHO-{2BF8B4D3-5ED9-4979-AE5D-F7CECAA7997E} - c:\windows\system32\pmkhf.dll
BHO-{9142EAD4-C950-42A4-8287-2DA9AD69CF67} - c:\program files\Messenger\laguri81.dll
BHO-{9FB07BE0-2CBC-4C92-99C8-D6886BBC5DD6} - c:\program files\Windows Plus\hote83122.dll
BHO-{c31b845d-5734-467b-8219-01a1828db0eb} - c:\windows\system32\iqvvrilm.dll
HKCU-Run-Ealb - c:\docume~1\OWNER~1.JEZ\APPLIC~1\FNTS~1\chkdsk.exe
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Aim6 - (no file)
Notify-opnooon - opnooon.dll
SafeBoot-ati0jkxx.sys


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner.Jezebelle\Application Data\Mozilla\Firefox\Profiles\ie8eqf4u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:51:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehSched.exe
c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\java.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-15 22:01:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 03:01:40
ComboFix2.txt 2007-11-18 15:38:10

Pre-Run: 161,236,717,568 bytes free
Post-Run: 161,232,158,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

8262 --- E O F --- 2008-11-13 04:28:40
Attached Files
File Type: txt ComboFix.txt (676.6 KB, 2 views)
File Type: txt hijackthis.txt (9.2 KB, 1 views)
Last edited by cadriemir; 11-15-2008 at 08:17 PM.
cadriemir is offline