Thread: Computer Running Slow and Glitchy
View Single Post
Old 11-15-2008, 11:30 PM   #10 (permalink)
cadriemir
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Ok I did this. I did see a window and clicked ok but nothing happened. =(
I have attached combowfix2.txt.

I tried to run combofix again to try and get the box thing to work but the second time I ran it it didn't really do anything but post a log. Sorry if I shouldn't have ran it again. I saved it as combofix3.txt.

Please let me know what to do next.

ComboFix 08-11-14.01 - Owner 2008-11-16 0:54:14.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1308 [GMT -5:00]
Running from: c:\documents and settings\Owner.Jezebelle\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.Jezebelle\Desktop\CFScript..txt
* Created a new restore point

FILE ::
C:\-925240183
c:\windows\system32\winwp.bmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-925240183
c:\windows\Qzifijolo.dll
c:\windows\system32\mkrnl.exe
c:\windows\system32\winwp.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_1d1615c3


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 22:07 . 2008-11-15 22:07 7,680 --ahs---- c:\windows\Thumbs.db
2008-11-11 15:46 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 15:46 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 11:42 . 2008-11-10 11:42 <DIR> d-------- C:\rsit
2008-11-10 11:42 . 2008-11-10 12:27 <DIR> d-------- c:\program files\trend micro
2008-11-10 09:39 . 2008-11-10 13:49 250 --a------ c:\windows\gmer.ini
2008-11-08 18:37 . 2008-11-13 17:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-08 16:19 . 2008-11-08 16:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-08 16:19 . 2008-11-08 16:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-08 16:18 . 2008-11-15 21:26 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\program files\AVG
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-08 16:18 . 2008-11-08 16:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-08 07:46 . 2008-11-08 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-08 07:31 . 2008-11-08 07:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-08 07:20 . 2008-11-08 07:20 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-11-08 01:23 . 2008-11-08 01:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2008-11-08 01:08 . 2008-11-08 01:08 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\AVGTOOLBAR
2008-11-06 05:19 . 2008-11-06 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 05:10 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-06 03:50 . 2008-11-06 03:50 141 --a------ c:\windows\wininit.ini
2008-11-06 02:25 . 2008-11-06 02:33 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 02:25 . 2008-11-06 02:25 <DIR> d-------- c:\temp\NT32
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ\LOCALS~1
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner_Jezebelle
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\pdf995
2008-10-20 10:17 . 2008-10-20 10:17 28 --a------ c:\windows\pdf995.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 06:08 --------- d-----w c:\program files\Steam
2008-11-14 03:05 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\OpenOffice.org2
2008-11-10 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 13:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 04:27 --------- d-----w c:\program files\CyberLink
2008-11-09 04:19 --------- d-----w c:\program files\Winamp
2008-11-06 10:19 --------- d-----w c:\program files\Lavasoft
2008-11-03 16:46 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\TaxCut
2008-11-03 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Printer Info Cache
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Image Zone Express
2008-10-09 07:37 --------- d-----w c:\program files\LimeWire
2008-10-09 07:00 --------- d-----w c:\program files\Java
2008-09-16 00:33 --------- d--h--w c:\documents and settings\Owner.Jezebelle\Application Data\Move Networks
2008-02-28 13:30 274 ----a-w c:\documents and settings\Owner.Jezebelle\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\temp\NT32 ----


---- Directory of c:\windows\system32\QI19 ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-08-17 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-08 648504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-08 1234712]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\desolece\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\WOWoW\\Repair.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-08 97928]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R2 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-08 76040]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-04-18 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-03-01 24652]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 0158
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\java.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-16 1:16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 06:16:25
ComboFix2.txt 2007-11-18 15:38:10

Pre-Run: 161,179,136,000 bytes free
Post-Run: 161,156,911,104 bytes free

174 --- E O F --- 2008-11-13 04:28:40
Attached Files
File Type: txt combofix2.txt (11.0 KB, 2 views)
File Type: txt combofix3.txt (10.9 KB, 2 views)
cadriemir is offline