Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Sick and Acting Strange!

Started by susan spencer , Oct 06 2008 07:35 PM

  • Please log in to reply

#1
susan spencer
Posted 06 October 2008 - 07:35 PM

susan spencer

    Member

  • Member
  • PipPip
  • 33 posts
I ran Combofix log as my system is running slow and unusual. I ran Adaware log that showed 78 infections however would not complete scan. Please let me know problem. Thank you.

Combo Fix Log
ComboFix 08-10-06.05 - 007 2008-10-06 18:15:03.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.147 [GMT -7:00]
Running from: C:\Documents and Settings\007\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 00:58 --------- d-----w C:\Program Files\Lavasoft
2008-10-07 00:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 18:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-05 18:05 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-14 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-14 00:31 --------- d-----w C:\Program Files\Google
2008-08-29 15:11 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-17 03:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-27 00:06 1,658 ------w C:\Documents and Settings\007\Application Data\wklnhst.dat
2007-07-31 20:06 622,928 ------w C:\Documents and Settings\Spybot - Search & Destroy\Tools.dll
2007-05-23 20:13 693,848 ------w C:\Documents and Settings\Spybot - Search & Destroy\advcheck.dll
2005-08-14 02:34 12,635 ------w C:\Documents and Settings\Spybot - Search & Destroy\unins000.dat
2005-08-14 02:33 649,378 ------w C:\Documents and Settings\Spybot - Search & Destroy\unins000.exe
2005-05-31 08:04 853,672 ------w C:\Documents and Settings\Spybot - Search & Destroy\SDHelper.dll
2005-05-31 08:04 47,256 ------w C:\Documents and Settings\Spybot - Search & Destroy\blindman.exe
2005-05-31 08:04 417,408 ------w C:\Documents and Settings\Spybot - Search & Destroy\Update.exe
2005-05-31 08:04 4,393,096 ------w C:\Documents and Settings\Spybot - Search & Destroy\SpybotSD.exe
2005-05-31 08:04 28,672 ------w C:\Documents and Settings\Spybot - Search & Destroy\aports.dll
2005-05-31 08:04 22,528 ------w C:\Documents and Settings\Spybot - Search & Destroy\borlndmm.dll
2005-05-31 08:04 15,872 ------w C:\Documents and Settings\Spybot - Search & Destroy\delphimm.dll
2005-05-31 08:04 139,776 ------w C:\Documents and Settings\Spybot - Search & Destroy\ZipDll.dll
2005-05-31 08:04 122,368 ------w C:\Documents and Settings\Spybot - Search & Destroy\UnzDll.dll
2005-05-31 08:04 1,415,824 ------w C:\Documents and Settings\Spybot - Search & Destroy\TeaTimer.exe
2003-08-27 21:19 36,963 ------r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( snapshot_2008-09-13_16.57.55.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-19 20:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
- 2008-08-14 14:21:58 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-14 00:42:27 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-14 14:21:58 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2008-09-14 00:42:27 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
- 2008-08-14 14:34:08 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-14 00:43:19 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-14 14:34:08 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-14 00:43:19 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-14 14:34:09 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-14 00:43:19 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-14 14:34:09 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-14 00:43:19 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-14 14:34:09 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-14 00:43:20 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-14 14:34:09 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-09-14 00:43:20 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-14 14:34:08 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-09-14 00:43:19 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-14 14:34:09 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-14 00:43:20 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-14 14:34:08 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-14 00:43:19 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-14 14:34:08 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-14 00:43:19 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-07-11 21:37:26 6,272 ------w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2008-04-29 18:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
- 2007-08-07 20:58:08 8,320 ------w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2008-04-29 18:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
- 2007-08-07 20:56:58 9,344 ------w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2008-04-29 18:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2007-12-14 19:32:52 12,632 ------w C:\WINDOWS\system32\lsdelete.exe
+ 2008-05-16 18:58:04 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
- 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-07-27 17:41:40 16,760 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-10-19 04:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2008-06-25 01:12:58 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-23 98304]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-01 155648]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 28672]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-01 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoomingHook"="ZoomingHook.exe" [2004-04-30 C:\WINDOWS\system32\ZoomingHook.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 C:\WINDOWS\system32\TPSMain.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 C:\WINDOWS\system32\TCtrlIOHook.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 C:\WINDOWS\agrsmmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-05-23 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040]

*Newly Created Service* - AAWSERVICE
.
Contents of the 'Scheduled Tasks' folder

2008-10-06 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

2005-08-13 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-13 17:12]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = https://login.yahoo....erify2?&.src=ym
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 18:20:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-06 18:23:19
ComboFix-quarantined-files.txt 2008-10-07 01:23:13
ComboFix2.txt 2008-09-13 23:58:32
ComboFix3.txt 2008-08-17 03:21:02
ComboFix4.txt 2008-07-06 02:45:35

Pre-Run: 23,523,438,592 bytes free
Post-Run: 23,791,144,960 bytes free

184 --- E O F --- 2008-10-06 01:14:33
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP