Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Running Slow - ComboFix Log Enclosed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Running Slow - ComboFix Log Enclosed

Unread postby rothschilda » June 4th, 2008, 5:25 pm

Hello. First, I want to thank you in advance for your help. I really do appreciate you taking the time to try and help me with my problem.

I have used Spybot S&D as well as Ad-Aware to disinfect my computer as best as possible. Then I used ComboFix and received a log file. I will paste the log below.

My main problem is that my computer is running significantly slower than usual. I don't really understand why. It takes time for programs to open and load, but typically, once they are open, they run smoothly. I have used the Disk Defragmenter tool, as well as the Disk Cleanup tool, but to no avail has it helped.

Thank you again...My log is below:



ComboFix 08-06-03.4 - Adam M. Rothschild 2008-06-04 15:55:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1619 [GMT -4:00]
Running from: C:\Documents and Settings\Adam M. Rothschild\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adam M. Rothschild\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cfggh.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-05-28 17:46 . 2008-05-28 17:46 <DIR> d-------- C:\Program Files\Movie Splitter and Joiner
2008-05-27 17:42 . 2008-05-27 17:42 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-27 17:42 . 2008-05-27 17:42 2,525 --a------ C:\WINDOWS\unins000.dat
2008-05-24 01:24 . 2008-05-24 01:24 <DIR> d-------- C:\Program Files\Protected Music Converter
2008-05-21 17:46 . 2008-05-21 17:46 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-15 15:24 . 2008-05-15 15:24 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 15:22 . 2008-05-15 15:22 <DIR> d-------- C:\Documents and Settings\Adam M. Rothschild\Application Data\Media Player Classic
2008-05-14 19:42 . 2008-05-14 19:42 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-14 19:42 . 2008-05-14 19:42 1,320 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-14 15:31 . 2008-05-14 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{861CC130-D2E3-49B2-91FB-3237C7FA9DCE}
2008-05-13 01:08 . 2008-05-13 01:37 <DIR> d-------- C:\Program Files\Hex Viewer
2008-05-13 01:08 . 2008-05-13 22:18 <DIR> d-------- C:\Documents and Settings\Adam M. Rothschild\dwhelper
2008-05-13 00:26 . 2008-05-13 00:28 <DIR> d-------- C:\Program Files\Save Flash
2008-05-13 00:10 . 2008-05-13 00:10 <DIR> d-------- C:\Downloads
2008-05-13 00:09 . 2008-05-13 00:20 <DIR> d-------- C:\Documents and Settings\Adam M. Rothschild\Application Data\Orbit
2008-05-05 20:32 . 2008-05-05 20:32 <DIR> d-------- C:\Documents and Settings\Adam M. Rothschild\Application Data\RTPlayer
2008-05-05 14:34 . 2008-05-06 00:00 <DIR> d-------- C:\Documents and Settings\Adam M. Rothschild\Application Data\Tunebite
2008-05-05 14:34 . 2008-02-20 13:47 27,936 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-05-05 14:32 . 2008-05-05 14:32 <DIR> d-------- C:\Program Files\RapidSolution
2008-05-05 14:32 . 2008-05-05 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-05 14:18 . 2008-05-05 14:18 <DIR> d-------- C:\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 20:21 --------- d-----w C:\Program Files\Music CD Burner
2008-05-28 12:38 --------- d-----w C:\Program Files\XoftSpySE
2008-05-27 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 21:47 --------- d-----w C:\Program Files\Spybot
2008-05-24 05:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 00:08 --------- d-----w C:\Program Files\DivX
2008-04-28 01:34 --------- d-----w C:\Program Files\Bodog Poker
2008-04-12 20:41 --------- d-----w C:\Documents and Settings\iTunes Folder\Application Data\Apple Computer
2008-04-12 20:39 --------- d-----w C:\Documents and Settings\iTunes Folder\Application Data\Logitech
2008-04-10 21:47 --------- d-----w C:\Program Files\Photo! Editor
2008-04-10 20:38 --------- d-----w C:\Documents and Settings\Adam M. Rothschild\Application Data\ZoomBrowser EX
2008-04-08 12:36 --------- d-----w C:\Program Files\iTunes
2008-04-08 12:36 --------- d-----w C:\Program Files\iPod
2008-04-08 12:33 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-06 03:36 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-10-11 15:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-12-17 01:56 67,896 -c--a-w C:\Documents and Settings\Adam M. Rothschild\Application Data\GDIPFONTCACHEV1.DAT
2006-01-11 03:39 784 -c--a-w C:\Documents and Settings\Adam M. Rothschild\Application Data\mpauth.dat
.

------- Sigcheck -------

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 07:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91DE1222-99BE-4063-899A-059B2D69B693}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe" [2003-09-10 13:45 507904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-16 01:03:34 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Adam M. Rothschild^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Adam M. Rothschild^Start Menu^Programs^Startup^StripSaver2.lnk]
backup=C:\WINDOWS\pss\StripSaver2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^msconfig.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-08-10 11:37 61440 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2005-09-27 21:25 144896 C:\Program Files\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a--c--- 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1127786640\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2000-12-12 09:30 192512 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
C:\WINDOWS\system32\blalblta.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2006-10-22 13:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rrzi]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDruid]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"iPodService"=3 (0x3)
"dmadmin"=3 (0x3)
"IDriverT"=3 (0x3)
"Crypkey License"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"SamSs"=2 (0x2)
"iPod Service"=3 (0x3)
"Pml Driver HPZ12"=4 (0x4)
"Avg7Alrt"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ADVService"=3 (0x3)
"bepldr"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Spooler"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 18:59]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys []
S3 CMAP_S3C;C-Map S3C Chart Plotter USB Driver (cmap_cp.sys);C:\WINDOWS\system32\Drivers\cmap_cp.sys [2005-06-27 07:28]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 15:05]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 15:03]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 15:05]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-15 15:07]
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2006-12-18 13:55]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 15:58:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-04 16:02:06
ComboFix-quarantined-files.txt 2008-06-04 20:01:04

Pre-Run: 24,140,922,880 bytes free
Post-Run: 25,024,679,936 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

211 --- E O F --- 2007-11-14 03:49:29
rothschilda
Active Member
 
Posts: 1
Joined: June 4th, 2008, 5:24 pm
Advertisement
Register to Remove

Re: Computer Running Slow - ComboFix Log Enclosed

Unread postby Shaba » June 7th, 2008, 5:12 am

Hi rothschilda

First of all, you are not supposed to run any tools like ComboFix unsupervised as it can cause damage.

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer Running Slow - ComboFix Log Enclosed

Unread postby Shaba » June 12th, 2008, 9:15 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware