Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix and Outlook problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 kaczi

kaczi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 07 April 2009 - 01:32 AM

Hello

After running Combofix My system just started to work very slow. I've got problems with closing it. t the main problem is with Microsoft Outlook. It starts fine, but when I try to write new message it hang's up. I,ve tried to fix PST file but it didn't help. Any Ideas ??
thx in advance

This is the log from combofix

ComboFix 09-04-04.01 - pawelb 2009-04-06  9:18:04.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1014.235 [GMT 2:00]Uruchomiony z: c:\documents and settings\pawelb\Pulpit\ComboFix.exeAV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)FW: Symantec Endpoint Protection *enabled* * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((   Pliki utworzone od 2009-03-06 do 2009-04-06  ))))))))))))))))))))))))))))))).2009-04-02 08:45 . 2009-04-02 08:45	<DIR>	d--------	c:\documents and settings\pawelb\Dane aplikacji\Thunderbird2009-04-01 08:18 . 2009-04-01 08:18	<DIR>	d--------	c:\program files\MSECache2009-03-27 17:47 . 2009-03-27 19:04	<DIR>	d--------	c:\program files\Spyware Doctor2009-03-27 17:47 . 2009-03-27 17:47	<DIR>	d--------	c:\documents and settings\pawelb\Dane aplikacji\PC Tools2009-03-27 17:47 . 2008-08-25 12:36	81,288	--a------	c:\windows\system32\drivers\iksyssec.sys2009-03-27 17:47 . 2008-08-25 12:36	66,952	--a------	c:\windows\system32\drivers\iksysflt.sys2009-03-27 17:47 . 2008-08-25 12:36	40,840	--a------	c:\windows\system32\drivers\ikfilesec.sys2009-03-27 17:47 . 2008-06-02 16:19	29,576	--a------	c:\windows\system32\drivers\kcom.sys2009-03-20 21:18 . 2009-03-20 21:18	<DIR>	d--------	c:\program files\Avira2009-03-20 20:57 . 2008-04-13 21:45	32,128	--a------	c:\windows\system32\drivers\usbccgp.sys2009-03-20 20:57 . 2008-04-13 21:45	32,128	--a------	c:\windows\system32\dllcache\usbccgp.sys2009-03-20 20:00 . 2009-03-20 20:00	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Ashampoo2009-03-14 18:36 . 2009-03-27 18:59	<DIR>	d-a------	c:\documents and settings\All Users\Dane aplikacji\TEMP2009-03-14 14:51 . 2009-03-14 14:51	<DIR>	d--------	c:\program files\Common Files\PCSuite2009-03-14 14:50 . 2009-03-14 14:50	<DIR>	d--------	c:\program files\PC Connectivity Solution2009-03-14 14:50 . 2008-08-26 10:26	18,816	--a------	c:\windows\system32\drivers\pccsmcfd.sys2009-03-14 09:21 . 2008-03-21 14:57	14,640	---------	c:\windows\system32\spmsgXP_2k3.dll2009-03-14 09:21 . 2009-03-14 09:21	0	--ah-----	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2009-03-14 09:21 . 2009-03-14 09:21	0	--ah-----	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf2009-03-14 09:20 . 2009-03-14 09:20	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Nokia2009-03-14 09:16 . 2008-09-15 08:29	1,112,288	--a------	c:\windows\system32\wdfcoinstaller01007.dll2009-03-14 09:16 . 2008-09-15 08:56	659,968	--a------	c:\windows\system32\nmwcdcocls.dll2009-03-14 09:16 . 2008-09-15 08:56	22,016	--a------	c:\windows\system32\drivers\ccdcmbo.sys2009-03-14 09:16 . 2008-09-15 08:56	17,664	--a------	c:\windows\system32\drivers\ccdcmb.sys2009-03-14 09:16 . 2008-09-15 08:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerfltj.sys2009-03-14 09:16 . 2008-09-15 08:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerflt.sys2009-03-14 09:15 . 2009-03-14 09:15	<DIR>	d--------	c:\program files\MSXML 6.02009-03-14 09:15 . 2008-02-01 16:17	138,112	--a------	c:\windows\system32\drivers\nmwcdnsu.sys2009-03-14 09:15 . 2008-02-01 16:17	8,320	--a------	c:\windows\system32\drivers\nmwcdnsuc.sys.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-27 15:53	---------	d-----w	c:\program files\Kliper2009-03-20 19:56	---------	d-----w	c:\program files\Ashampoo2009-03-14 16:08	---------	d-----w	c:\program files\Spybot - Search & Destroy2009-03-14 12:51	---------	d-----w	c:\program files\Nokia2009-03-14 12:51	---------	d-----w	c:\program files\Common Files\Nokia2009-03-14 12:49	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Installations2009-03-13 17:01	149,768	----a-w	c:\windows\system32\drivers\WpsHelper.sys2009-02-25 10:46	---------	d-----w	c:\documents and settings\pawelb\Dane aplikacji\Nowe Gadu-Gadu2009-02-20 14:46	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Electronic Arts2009-02-20 13:01	---------	d-----w	c:\documents and settings\pawelb\Dane aplikacji\temp2009-02-20 07:10	---------	d--h--w	c:\program files\InstallShield Installation Information2009-02-19 09:42	---------	d-----w	c:\program files\Programy Vive2009-02-15 17:25	---------	d-----w	c:\program files\SystemRequirementsLab2009-02-15 14:40	---------	d-----w	c:\program files\OSPS2008-10-16 07:16	32,768	--sha-w	c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008101620081017\index.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-04-13 115560]"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]"PMX Daemon"="ICO.EXE" [2006-11-08 c:\windows\system32\ico.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\pawelb\Menu Start\Programy\Autostart\Spyware Doctor Updater.exe [2008-12-13 30046]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-02-28 24576][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoWelcomeScreen"= 1 (0x1)"NoResolveTrack"= 0 (0x0)"NoFileAssociate"= 0 (0x0)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]--a------ 2006-01-08 19:26 118784 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]--------- 2005-12-09 22:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2005-11-10 15:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]--a------ 2006-01-08 19:26 1006938 c:\program files\Acronis\TrueImage\TrueImageMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-10-20 6016]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-07 101936]R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-04-14 122496]R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-04-14 8064]R3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-04-14 37120]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-04-13 23888]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-14 138112]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-14 8320]S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-03-07 18432]S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-03-07 14336]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-27 356920].Zawartość folderu 'Zaplanowane zadania'2009-04-03 c:\windows\Tasks\kopia flasha.job- c:\windows\system32\ntbackup.exe [2008-04-14 19:21].- - - - USUNIĘTO PUSTE WPISY - - - -SafeBoot-Symantec AntvirusMSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=bsdIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\pawelb\Dane aplikacji\Mozilla\Firefox\Profiles\lr6bg5o9.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll.**************************************************************************catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2009-04-06 09:23:49Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]"ImagePath"="a".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'lsass.exe'(1388)c:\windows\system32\relog_ap.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Intel\Wireless\Bin\WLKEEPER.exec:\program files\Symantec\Symantec Endpoint Protection\Smc.exec:\program files\Common Files\Symantec Shared\ccSvcHst.exec:\program files\Common Files\Acronis\Schedule2\schedul2.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Dell\QuickSet\NicConfigSvc.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exec:\windows\system32\wdfmgr.exec:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exec:\program files\Apoint\hidfind.exec:\program files\Apoint\ApntEx.exec:\program files\Intel\Wireless\Bin\Dot1XCfg.exec:\windows\system32\igfxsrvc.exec:\documents and settings\pawelb\Menu Start\Programy\Autostart\Spyware Doctor Updater.exec:\program files\PC Connectivity Solution\ServiceLayer.exec:\windows\system32\wscntfy.exec:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exec:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe.**************************************************************************.Czas ukończenia: 2009-04-06  9:26:16 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-04-06 07:26:11Przed: 23 914 020 864 bajtów wolnychPo: 23,841,312,768 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect214	--- E O F ---	2009-03-16 15:17:21


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:21 PM

Posted 07 April 2009 - 09:34 AM

Did someone recommend that you run Combofix?
As as now, you only have 1 post here at BC, so our malware team did not recommend it.

Please note the message text in blue
at the top of the Am I infected?
What do I do?
forum.

ComboFix It is an extremely powerful tool which should only be used when
instructed to do so by someone who has been properly trained in the use of the program.
ComboFix is intended by its creator to be "used under the guidance
and supervision of an expert
", NOT for private use.
Please read
Combofix's Disclaimer..
Using this tool incorrectly could
lead to disastrous problems with your operating system such as preventing
it from ever starting again.


(Papakid @ Mar 1 2009, 09:30 PM)
Running ComboFix by yourself is like performing open heart surgery on yourself--the
scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly
trained surgeon only in emergencies or dire circumstances. When the surgeon is
thru s/he leaves the room. So combofix should be removed from a system once it
has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you
had no malware removed and run the uninstall command, some things may be
different now on your system. I can tell you that one thing is that all
your restore points will be flushed out and a new one created. There is
a good reason to do that when you have a severe infection--but if you
aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason.
Stick to running and protecting yourself with a good AV and firewall
and an anti-malware scanner or two. If you feel you need a second opinion,
try running online scans. If you feel you might need surgery, come here to
BC and ask for help--that is what we're here for.


Edited by Queen-Evie, 07 April 2009 - 09:35 AM.


#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:21 PM

Posted 07 April 2009 - 12:40 PM

ComboFix logs should not to be posted or discussed outside the HijackThis forums and only then when instructed to do so by a HJT team member

Try uninstalling Combofix and see if that helps:

Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

Topic closed

Edited by garmanma, 07 April 2009 - 12:41 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users