Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Combo log for slow puter


  • Please log in to reply

#1
krismajerus

krismajerus

    Member

  • Member
  • PipPip
  • 18 posts
ComboFix 09-07-27.02 - Compaq_Owner 07/27/2009 18:50.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.191.76 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\Installer\1192a911.msi
c:\windows\Installer\12059144.msi
c:\windows\Installer\1205914a.msi
c:\windows\Installer\12059150.msi
c:\windows\Installer\12059156.msi
c:\windows\Installer\1205915c.msi
c:\windows\Installer\12059162.msi
c:\windows\Installer\12059168.msi
c:\windows\Installer\1205916f.msi
c:\windows\Installer\12059175.msi
c:\windows\Installer\12059183.msi
c:\windows\Installer\1205918a.msi
c:\windows\Installer\12059190.msi
c:\windows\Installer\12059196.msi
c:\windows\Installer\1205919d.msi
c:\windows\Installer\120a7333.msi
c:\windows\Installer\120a733d.msi
c:\windows\Installer\120a735d.msi
c:\windows\Installer\120a7363.msi
c:\windows\Installer\120a7369.msi
c:\windows\Installer\120a7370.msi
c:\windows\Installer\120a7377.msi
c:\windows\Installer\120a737d.msi
c:\windows\Installer\120a738a.msi
c:\windows\Installer\120a7391.msi
c:\windows\Installer\120a7466.msi
c:\windows\Installer\120a746d.msi
c:\windows\Installer\120a7474.msi
c:\windows\Installer\120ea9ff.msi
c:\windows\Installer\120eaa0b.msi
c:\windows\Installer\14d8530.msi
c:\windows\Installer\19148f9b.msi
c:\windows\Installer\193d83f7.msi
c:\windows\Installer\273ee0.msp
c:\windows\Installer\2b3b29.msi
c:\windows\Installer\2b3b30.msi
c:\windows\Installer\2b3b36.msi
c:\windows\Installer\2b3b3c.msi
c:\windows\Installer\2b3b4a.msi
c:\windows\Installer\2b3b51.msi
c:\windows\Installer\2b3b7b.msi
c:\windows\Installer\2b3b83.msi
c:\windows\Installer\2b3b89.msi
c:\windows\Installer\2b3b94.msi
c:\windows\Installer\2b3ba4.msi
c:\windows\Installer\2b3bac.msi
c:\windows\Installer\2b3bbc.msi
c:\windows\Installer\2b3bc4.msi
c:\windows\Installer\2ebe82.msi
c:\windows\Installer\2ebe8c.msi
c:\windows\Installer\2ec07c.msi
c:\windows\Installer\2ec08a.msi
c:\windows\Installer\2ec094.msi
c:\windows\Installer\2ec0ca.msi
c:\windows\Installer\2ec0d3.msi
c:\windows\Installer\2ec122.msi
c:\windows\Installer\2ec131.msi
c:\windows\Installer\2ec14a.msi
c:\windows\Installer\2ec229.msi
c:\windows\Installer\2ec232.msi
c:\windows\Installer\2ec23b.msi
c:\windows\Installer\320783.msi
c:\windows\Installer\32078f.msi
c:\windows\Installer\3ea37ca.msi
c:\windows\Installer\40d76d8.msi
c:\windows\Installer\53df1f9.msi
c:\windows\Installer\611e5ce.msi
c:\windows\Installer\699a164.msp
c:\windows\Installer\6ad7d7b.msp
c:\windows\Installer\782653.msi
c:\windows\Installer\782838.msi
c:\windows\Installer\7828be.msi
c:\windows\Installer\7f82721.msi
c:\windows\Installer\801812.msi
c:\windows\Installer\801818.msi
c:\windows\Installer\801843.msi
c:\windows\Installer\801851.msi
c:\windows\Installer\801866.msi
c:\windows\Installer\801871.msi
c:\windows\Installer\801889.msi
c:\windows\Installer\80188f.msi
c:\windows\Installer\80189b.msi
c:\windows\Installer\8018a2.msi
c:\windows\Installer\8018bc.msi
c:\windows\Installer\856fe6b.msi
c:\windows\Installer\856fe72.msi
c:\windows\Installer\856fe79.msi
c:\windows\Installer\999c4c.msi
c:\windows\Installer\9f57bd3.msi
c:\windows\Installer\9fe86.msi
c:\windows\Installer\c3e3237.msi
c:\windows\Installer\d37070.msi
c:\windows\Installer\d3707b.msi
c:\windows\Installer\d37081.msi
c:\windows\Installer\d37087.msi
c:\windows\Installer\d3708d.msi
c:\windows\Installer\d37093.msi
c:\windows\Installer\d37099.msi
c:\windows\Installer\d3709f.msi
c:\windows\Installer\d370a5.msi
c:\windows\Installer\d370ab.msi
c:\windows\Installer\d370b6.msi
c:\windows\Installer\d370bc.msi
c:\windows\Installer\d370c2.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-27 23:33 . 2009-07-27 23:33 -------- d-----w- C:\ERDNT
2009-07-27 23:33 . 2009-07-27 23:33 -------- d-----w- c:\windows\ERUNT
2009-07-27 23:32 . 2009-07-27 23:33 -------- d-----w- C:\!FixIEDef
2009-07-15 21:07 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 21:07 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 21:07 . 2009-07-15 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 17:36 . 2004-10-21 06:06 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-07-14 17:36 . 2004-10-20 14:47 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\system32\scripting
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\l2schemas
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\system32\en
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\system32\bits
2009-07-14 13:37 . 2009-07-14 13:41 -------- d-----w- c:\windows\ServicePackFiles
2009-07-14 13:27 . 2009-07-14 13:27 -------- d-----w- c:\windows\EHome
2009-07-12 05:29 . 2009-07-24 19:06 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Skype
2009-07-12 05:26 . 2009-07-12 05:26 -------- d-----w- c:\program files\Common Files\Skype
2009-07-12 05:26 . 2009-07-12 05:26 -------- d-----r- c:\program files\Skype
2009-07-10 02:15 . 2009-03-09 16:34 971776 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9uv3jpt3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 00:32 . 2009-01-26 03:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\skypePM
2009-07-24 18:34 . 2009-05-07 01:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-16 21:22 . 2007-05-01 14:03 40040 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 20:59 . 2009-05-22 02:46 -------- d-----w- c:\program files\Charter Security Suite
2009-07-14 13:45 . 2004-10-20 13:12 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-12 05:26 . 2009-01-26 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-10 02:19 . 2007-05-02 02:46 -------- d--h--w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2009-07-08 20:55 . 2009-05-22 02:50 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-16 14:36 . 2004-12-25 21:15 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-12-25 21:13 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2004-12-25 21:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 18:14 . 2007-05-01 03:46 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sonic
2009-05-31 18:12 . 2009-05-31 18:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Leadertech
2009-05-30 02:14 . 2007-07-19 02:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-05-25 22:17 . 2009-05-25 22:17 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-25 22:17 . 2009-05-25 22:17 17408 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-25 22:17 . 2009-05-25 22:17 18944 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-25 22:17 . 2009-05-25 22:17 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-25 22:17 . 2009-05-25 22:16 8192 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-20 05:11 . 2009-05-20 05:11 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2004-12-25 21:14 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-12-25 21:16 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2009-05-07 00:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-23 09:59 . 2009-01-12 17:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-02-25 19:55 . 2007-02-25 19:55 110592 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-02-19 182936]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-02-19 957024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-10-21 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-09-16 03:44 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [5/21/2009 9:50 PM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [5/21/2009 9:49 PM 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [5/21/2009 9:48 PM 67808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 32256]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [5/21/2009 9:47 PM 99960]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [5/13/2007 12:50 PM 29522]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [5/21/2009 9:47 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [5/21/2009 9:47 PM 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2009-05-22 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
mSearchURL = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 19:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2831273944-2216379091-841592017-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(720)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(1120)
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Common\FSMB32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Charter Security Suite\Common\FCH32.EXE
c:\program files\Charter Security Suite\Common\FAMEH32.EXE
c:\program files\Charter Security Suite\Anti-Virus\fsqh.exe
c:\program files\Charter Security Suite\FSPC\fspc.exe
c:\program files\Charter Security Suite\FWES\program\fsdfwd.exe
c:\program files\Charter Security Suite\FSAUA\program\fsaua.exe
c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe
c:\program files\Charter Security Suite\FSAUA\program\fsus.exe
c:\program files\Charter Security Suite\FSGUI\fsguidll.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-07-28 19:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 00:43
ComboFix2.txt 2008-11-14 06:08
ComboFix3.txt 2008-11-07 06:45
ComboFix4.txt 2008-11-06 05:46

Pre-Run: 38,502,273,024 bytes free
Post-Run: 39,012,413,440 bytes free

312 --- E O F --- 2009-07-22 08:03
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP