BleepingComputer.com: System slow response

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

System slow response Combofix log

#1 User is offline   andrewfrancis 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 19-September 11

Posted 19 September 2011 - 03:21 PM

Hi,

Can someone have a look at the below log and tell me if everything is OK.

ComboFix 11-09-14.01 - Andrew 09/20/2011 1:26.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1609 [GMT 5.5:30]
Running from: c:\documents and settings\Andrew\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-19 19:01 . 2011-09-19 19:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-19 14:41 . 2011-09-19 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-09-16 16:10 . 2011-09-16 16:44 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-09-12 15:49 . 2011-09-18 15:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-12 15:49 . 2011-09-18 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-09-08 19:21 . 2011-09-08 19:23 -------- d-----w- c:\documents and settings\Andrew\Application Data\Yahoo!
2011-09-08 19:21 . 2011-09-08 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-09-08 19:16 . 2011-09-13 14:00 -------- d-----w- c:\program files\Yahoo!
2011-09-04 17:19 . 2011-09-04 17:19 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2011-09-04 13:42 . 2009-08-06 13:53 215920 -c--a-w- c:\windows\system32\muweb.dll
2011-09-04 13:42 . 2009-08-06 13:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-03 16:54 . 2011-09-03 16:54 -------- d-----w- c:\program files\SofStuf
2011-09-03 10:17 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 20:53 . 2011-09-02 20:54 -------- d-----w- c:\program files\Microsoft Silverlight
2011-09-02 19:03 . 2011-09-02 19:03 -------- d-----w- c:\program files\Recover Data for FAT & NTFS
2011-09-02 19:03 . 2011-09-02 19:03 -------- d-----w- c:\windows\Recover Data for FAT & NTFS
2011-09-02 19:03 . 2011-09-02 19:03 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-29 17:47 . 2011-09-02 19:00 -------- d-----w- c:\program files\COMODO
2011-08-29 17:46 . 2011-09-19 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-08-24 14:55 . 2011-08-24 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2011-08-24 14:50 . 2011-08-24 14:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-08-22 18:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-22 17:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-08 19:21 . 2011-06-27 05:23 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 11:50 . 2011-06-26 07:24 16384 -c--a-w- c:\windows\system32\lgfwunis.exe
2011-07-27 19:49 . 2011-07-27 19:49 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29 . 2007-07-27 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2007-07-27 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-06-29 13:21 40112 -c--a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-29 13:21 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-29 13:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-29 13:22 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-29 13:22 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-06-29 13:22 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-06-29 13:22 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-06-29 13:22 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-29 13:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-06-29 13:22 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-30 04:07 . 2011-06-30 04:07 285256 -c--a-w- c:\windows\system32\guard32(2)(2).dll
2011-06-24 14:10 . 2011-06-24 03:50 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2007-07-27 12:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2007-07-27 12:00 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2007-07-27 12:00 385024 -c--a-w- c:\windows\system32\html.iec
2011-09-07 19:18 . 2011-06-27 05:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-19_13.50.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-02 18:27 . 2011-09-19 19:02 29384 c:\windows\system32\Restore\rstrlog.dat
+ 2011-09-19 14:42 . 2011-09-19 14:42 34485248 c:\windows\Installer\81729c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^Adobe Gamma.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 07:25 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2011-07-04 11:43 3493720 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 -c--a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 06:14 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-21 03:20 166912 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-21 03:20 134656 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 17:25 54832 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2011-08-05 11:49 557056 -c--a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-21 19:48 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-21 03:18 134656 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 09:40 56928 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-04-14 05:36 20053608 -c--a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/29/2011 6:52 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/29/2011 6:52 PM 309848]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [7/22/2011 12:28 AM 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [7/22/2011 12:28 AM 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2011 6:52 PM 19544]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [7/24/2011 5:44 PM 632792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/29/2011 6:52 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2011 1:53 PM 1691480]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/22/2011 12:10 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/22/2011 12:10 AM 8456]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [8/6/2011 1:33 AM 16896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/29/2011 6:52 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-29 13:22]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-29 13:22]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ltb9ifn5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://portal.beamtele.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-20 01:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CC58AF4-2AA1-9280-B4CE-72C54D837C6F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-20 01:31:13
ComboFix-quarantined-files.txt 2011-09-19 20:01
ComboFix2.txt 2011-09-19 13:53
ComboFix3.txt 2011-09-15 14:16
ComboFix4.txt 2011-09-15 13:54
ComboFix5.txt 2011-09-19 19:55
.
Pre-Run: 9,598,160,896 bytes free
Post-Run: 9,583,759,360 bytes free
.
Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 240BF7B5A3C2A609598D82266D7C0100
Attached File  ComboFix.txt (12.19K)
Number of downloads: 0

#2 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 24 September 2011 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

  • Save both reports to your desktop.


Please just paste the contents of the DDS.txt log in your next post.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

Please post the logs and let me know what problem persists.

#3 User is offline   nasdaq 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,053
  • Joined: 16-June 06
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 29 September 2011 - 07:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users