Mom's computer slowed down...here are the combofix files

Status
Not open for further replies.
S

soarwitheagles

Lookin' for higher ground
Messages
1,111
Location
Sacramento
Hi again Osiris,

By the way, you sure have improved your guide big time! Before it was 6 pages long, and now it is 106 pages long with incredibly clear instructions and screen shots. Thanks a lot again!

Here are the ComboFix files you requested:

ComboFix 09-05-23.04 - Owner 05/23/2009 17:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1021 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\syspvm-03.dll
c:\windows\system32\tmp.reg
c:\windows\winhelp.ini
D:\Desktop.ini

----- BITS: Possible infected sites -----

hxxp://foxforum.files.wordpress.com
.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 22:41 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 22:41 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:41 . 2009-05-23 22:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:02 . 2009-05-23 22:02 -------- d-----w C:\VundoFix Backups
2009-05-23 18:35 . 2009-05-23 18:38 -------- d-----w c:\program files\CleanUp!
2009-05-22 08:09 . 2009-05-22 08:09 34056 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll
2009-05-22 08:09 . 2009-05-22 08:09 192512 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-05-22 08:09 . 2009-05-22 08:09 861448 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-05-22 08:09 . 2009-05-22 08:09 38664 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-05-22 08:07 . 2009-05-22 08:07 869664 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-05-22 08:07 . 2009-05-22 08:06 499712 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2009-05-22 08:07 . 2009-05-22 08:06 348160 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2009-05-21 17:24 . 2009-05-22 17:04 2284 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-05-21 17:03 . 2007-06-28 21:09 1843200 ----a-w c:\windows\system32\acXMLParser.dll
2009-05-21 17:03 . 2007-07-30 21:44 3518464 ----a-w c:\windows\system32\cdintf300.dll
2009-05-21 16:53 . 2009-05-21 17:06 -------- d-----w c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-05-19 16:20 . 2009-05-07 15:35 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 16:20 . 2009-05-07 15:35 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 16:20 . 2009-05-07 15:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 16:20 . 2009-05-07 15:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 16:20 . 2009-05-07 15:35 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 16:20 . 2009-05-07 15:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 16:20 . 2009-05-07 15:35 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 16:20 . 2009-05-07 15:35 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-19 16:20 . 2009-05-07 15:35 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-17 15:27 . 2009-05-07 15:35 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-17 15:27 . 2009-05-07 15:35 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-09 14:59 . 2009-05-09 14:59 14 ----a-w c:\windows\popcinfo.dat
2009-05-08 20:31 . 2009-05-08 20:31 -------- d-----w c:\documents and settings\Owner\Application Data\iWin
2009-05-08 20:30 . 2009-05-23 18:12 -------- d-----w c:\documents and settings\Owner\Application Data\ComcastToolbar
2009-05-08 20:30 . 2009-05-08 20:30 -------- d-----w c:\program files\ComcastToolbar
2009-05-08 20:30 . 2009-05-10 01:43 -------- d-----w c:\program files\Oberon Media
2009-05-08 20:30 . 2009-05-08 20:30 -------- d-----w c:\program files\Common Files\Oberon Media
2009-05-08 20:30 . 2009-05-09 14:50 -------- d-----w c:\program files\Chill

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 18:54 . 2005-08-26 03:37 -------- d-----w c:\program files\Google
2009-05-23 18:40 . 2008-06-23 06:37 -------- d-----w c:\program files\CCleaner
2009-05-23 18:29 . 2008-06-23 06:42 -------- d-----w c:\program files\MSConfig CleanUp
2009-05-23 04:11 . 2008-06-23 17:21 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-22 17:58 . 2008-06-02 20:09 -------- d-----w c:\program files\MVP Software
2009-05-21 17:00 . 2003-07-24 09:47 -------- d-----w c:\program files\Common Files\Intuit
2009-05-21 16:58 . 2007-03-25 22:21 -------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-05-21 02:41 . 2007-03-30 04:10 7627 ----a-w c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2009-05-19 02:25 . 2008-03-24 04:32 -------- d-----w c:\program files\CrossLoop
2009-05-17 04:43 . 2008-06-23 06:24 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-08 20:30 . 2005-07-30 16:20 -------- d-----w c:\program files\Common Files\Scanner
2009-05-07 15:35 . 2008-06-23 06:24 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-07 15:35 . 2008-06-23 06:24 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-07 15:35 . 2008-06-23 06:24 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 15:35 . 2008-06-23 06:24 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-29 10:02 . 2006-12-08 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-19 04:33 . 2003-12-26 18:00 -------- d-----w c:\program files\Java
2009-04-19 04:32 . 2009-04-19 04:32 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-16 15:49 . 2008-07-16 14:29 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-16 15:49 . 2008-07-16 14:29 -------- d-----w c:\program files\NOS
2009-04-15 02:46 . 2009-04-15 02:46 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-15 02:45 . 2003-07-24 09:32 -------- d-----w c:\program files\Common Files\Adobe
2009-04-12 20:40 . 2009-04-12 20:40 2722752 ----a-w c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\CA30013201cupd.exe
2009-04-12 20:40 . 2009-04-12 20:39 29813256 ----a-w c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US53017101cupd.exe
2009-03-23 15:13 . 2009-03-23 15:13 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 12:19 . 2008-12-16 21:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2003-08-26 15:02 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-02-07 01:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-05-21 17:03 . 2009-05-21 17:03 135680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
1999-03-07 22:33 . 2003-08-26 15:04 87952 --sh--w c:\windows\twain.dll
1999-03-07 20:00 . 2003-08-26 15:04 102400 --sh--w c:\windows\twain_32.dll
2004-08-20 06:26 . 2004-08-20 06:26 1216 --sh--w c:\windows\Twunk_16.dll
2004-08-20 06:26 . 2004-08-20 06:26 1216 --sh--w c:\windows\Twunk_32.dll
2004-01-18 00:12 . 2004-01-18 00:12 0 --sha-w c:\windows\SMINST\HPCD.sys
2008-04-14 00:11 . 2003-08-26 15:40 1028096 --sh--w c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2003-08-26 15:02 57344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2003-08-26 15:02 413696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2003-08-26 15:02 343040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2003-08-26 15:02 551936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2003-08-26 15:02 84992 --sha-w c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2003-08-26 15:02 11776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-07 1947928]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\QBDataServiceUser17\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-07 15:35 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqwrg.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/22/2008 11:24 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/22/2008 11:24 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2008 8:42 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 8:42 AM 298776]
S0 black;black;c:\windows\system32\drivers\BlackDrv.sys --> c:\windows\system32\drivers\BlackDrv.sys [?]
S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [3/14/2005 8:24 PM 20160]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [8/30/2004 10:34 AM 6016]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [7/17/2006 11:58 PM 36644]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [7/17/2006 11:58 PM 24344]
S3 STV673;WebCam II;c:\windows\system32\drivers\stv673.sys [7/31/2000 11:58 AM 103548]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [5/24/2005 7:38 PM 899884]
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);c:\windows\system32\drivers\ZD1211BU.sys [6/27/2008 12:11 PM 450560]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://ra.intuit.com/sdccommon/download/ssrc.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vn5lfis.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-23 17:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\fxssvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-05-24 17:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 00:29

Pre-Run: 75,555,672,064 bytes free
Post-Run: 75,424,616,448 bytes free

205 --- E O F --- 2009-05-13 10:08
 
Status
Not open for further replies.

Similar threads

G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
J
Freezing up
Replies
5
Views
3K
jetsmell
J
C
Moms laptop running slow Please check
Replies
4
Views
4K
chublake
C
Back
Top Bottom