Frustrated1001
2007-10-20, 21:57
Hi there !!
I am helping my neighbour since his computer has started to behave strange and is beeing slower and slower.
When running SB it stops after 7 min. and splash up the blue screen. Just to be sure I ran several anti-spyware product and removed a lot of infections. Ran SB again but the event occured again. The event viewer gives me an error starting with "AMLI: ACPI BIOS ......I/O ....".
After reading the forum I ran combofix.exe and here is the log. Can some of you gurus please tell me whether the macine is ok now or not ?? Why does the SB stops any clues ???
Thanks in advance.
ComboFix 07-10-20.6 - Kristina 2007-10-20 20:35:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.49 [GMT 2:00]
Running from: C:\Documents and Settings\Kristina\Lokale innstillinger\Temporary Internet Files\Content.IE5\Y7QQ1U6Z\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.
2007-10-20 20:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 19:35 <DIR> d-------- C:\Documents and Settings\Kristina\Programdata\Grisoft
2007-10-20 19:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-20 13:17 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-20 13:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-10-20 12:46 <DIR> d-------- C:\Documents and Settings\Kristina\Programdata\AdwareAlert
2007-10-20 12:05 <DIR> d-------- C:\Documents and Settings\Kristina\.housecall6.6
2007-09-28 16:30 <DIR> d-------- C:\Documents and Settings\Anne\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 17:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft
2007-10-20 11:31 --------- d-----w C:\Documents and Settings\Kristina\Programdata\AVG7
2007-10-19 17:33 --------- d-----w C:\Programfiler\Google
2007-10-19 15:21 --------- d-----w C:\Programfiler\CyberScrub
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Avg7
2007-09-23 09:13 --------- d-----w C:\Programfiler\Microsoft Games
2007-09-15 20:10 --------- d-----w C:\Programfiler\Java
2007-09-13 20:22 --------- d-----w C:\Programfiler\MSN Messenger
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-11-06 18:49 165 ---ha-w C:\Documents and Settings\Kristina\hpothb07.dat
2006-11-06 18:49 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-11-06 18:49 0 ---ha-w C:\Documents and Settings\Anne\hpothb07.dat
2006-08-31 14:29 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2006-08-31 14:29 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2006-08-30 20:09 183 ---ha-w C:\Documents and Settings\All Users\Programdata\hpothb07.dat
2006-08-30 20:09 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-08-11 23:30]
"CamMonitor"="C:\Programfiler\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23]
"Share-to-Web Namespace Daemon"="C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50]
"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-04-12 05:48]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 16:52]
"RegSweep"="C:\Program Files\RegSweep\RegSweep.exe" []
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24]
"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:54]
Wireless Config.lnk - C:\Programfiler\Wireless Technology Corporation\Wireless LAN 802.11b USB\ZDConfig.exe [2006-08-11 22:07:45]
R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R3 ZD1201U(ZyDAS);ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1201u.sys
R3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ZDNDIS5.SYS
S1 lusbaudio;Logitech USB-mikrofon;C:\WINDOWS\system32\drivers\OVSound2.sys
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-20 10:47:05 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Programfiler\AdwareAlert\AdwareAlert.exe
"2007-09-09 01:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Programfiler\RegSweep\RegSweep.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 20:38:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-20 20:40:17
.
--- E O F ---
I am helping my neighbour since his computer has started to behave strange and is beeing slower and slower.
When running SB it stops after 7 min. and splash up the blue screen. Just to be sure I ran several anti-spyware product and removed a lot of infections. Ran SB again but the event occured again. The event viewer gives me an error starting with "AMLI: ACPI BIOS ......I/O ....".
After reading the forum I ran combofix.exe and here is the log. Can some of you gurus please tell me whether the macine is ok now or not ?? Why does the SB stops any clues ???
Thanks in advance.
ComboFix 07-10-20.6 - Kristina 2007-10-20 20:35:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.49 [GMT 2:00]
Running from: C:\Documents and Settings\Kristina\Lokale innstillinger\Temporary Internet Files\Content.IE5\Y7QQ1U6Z\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.
2007-10-20 20:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 19:35 <DIR> d-------- C:\Documents and Settings\Kristina\Programdata\Grisoft
2007-10-20 19:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-20 13:17 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-20 13:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-10-20 12:46 <DIR> d-------- C:\Documents and Settings\Kristina\Programdata\AdwareAlert
2007-10-20 12:05 <DIR> d-------- C:\Documents and Settings\Kristina\.housecall6.6
2007-09-28 16:30 <DIR> d-------- C:\Documents and Settings\Anne\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 17:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft
2007-10-20 11:31 --------- d-----w C:\Documents and Settings\Kristina\Programdata\AVG7
2007-10-19 17:33 --------- d-----w C:\Programfiler\Google
2007-10-19 15:21 --------- d-----w C:\Programfiler\CyberScrub
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Avg7
2007-09-23 09:13 --------- d-----w C:\Programfiler\Microsoft Games
2007-09-15 20:10 --------- d-----w C:\Programfiler\Java
2007-09-13 20:22 --------- d-----w C:\Programfiler\MSN Messenger
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-11-06 18:49 165 ---ha-w C:\Documents and Settings\Kristina\hpothb07.dat
2006-11-06 18:49 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-11-06 18:49 0 ---ha-w C:\Documents and Settings\Anne\hpothb07.dat
2006-08-31 14:29 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2006-08-31 14:29 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2006-08-30 20:09 183 ---ha-w C:\Documents and Settings\All Users\Programdata\hpothb07.dat
2006-08-30 20:09 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-08-11 23:30]
"CamMonitor"="C:\Programfiler\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23]
"Share-to-Web Namespace Daemon"="C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50]
"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-04-12 05:48]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 16:52]
"RegSweep"="C:\Program Files\RegSweep\RegSweep.exe" []
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24]
"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:54]
Wireless Config.lnk - C:\Programfiler\Wireless Technology Corporation\Wireless LAN 802.11b USB\ZDConfig.exe [2006-08-11 22:07:45]
R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R3 ZD1201U(ZyDAS);ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1201u.sys
R3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ZDNDIS5.SYS
S1 lusbaudio;Logitech USB-mikrofon;C:\WINDOWS\system32\drivers\OVSound2.sys
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-20 10:47:05 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Programfiler\AdwareAlert\AdwareAlert.exe
"2007-09-09 01:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Programfiler\RegSweep\RegSweep.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 20:38:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-20 20:40:17
.
--- E O F ---