Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Running Slow


  • Please log in to reply

#1
lintakoc

lintakoc

    Member

  • Member
  • PipPip
  • 15 posts
Can't seem to figure out what is wrong with this laptop. It is a friend of mine and runs extremely slow. Ran the requested programs and have attached the logs. If you could please glance through them and see if there are any obvious issues. Thanks!

MBAM:

Malwarebytes' Anti-Malware 1.42
Database version: 3435
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2009 3:44:31 PM
mbam-log-2009-12-26 (15-44-31).txt

Scan type: Quick Scan
Objects scanned: 106364
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL:


OTL logfile created on: 12/26/2009 3:21:40 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Mary Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.04 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive D: | 18.17 Gb Total Space | 14.41 Gb Free Space | 79.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARY-DELL700M
Current User Name: Mary Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/26 14:01:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
PRC - [2009/12/11 11:11:21 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/12/09 17:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/25 16:53:20 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/25 16:53:20 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/25 16:53:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/12 03:55:56 | 00,038,464 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
PRC - [2007/03/12 02:29:16 | 00,106,128 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
PRC - [2006/12/22 11:33:10 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/12/22 11:31:28 | 00,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2006/12/22 11:28:26 | 00,756,248 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/12/22 11:27:28 | 00,497,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2006/12/22 11:26:54 | 00,173,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2006/11/01 12:48:12 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2006/11/01 12:48:10 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2006/09/15 16:54:22 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/09/15 16:50:22 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/05/19 17:11:46 | 18,577,448 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2005/12/03 02:23:08 | 00,217,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/11/18 17:46:00 | 01,724,416 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2005/08/17 09:59:34 | 00,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2005/08/16 22:11:28 | 00,065,536 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2004/04/11 11:43:44 | 00,053,248 | ---- | M] (CyberLink Corp.) -- D:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2002/09/10 21:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2001/12/07 02:00:00 | 00,028,672 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CAPM1RSK.EXE
PRC - [2001/10/17 17:29:20 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\Ofps.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 14:01:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
MOD - [2006/12/22 11:32:58 | 00,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/25 16:53:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2006/12/22 11:34:52 | 00,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/12/22 11:33:10 | 00,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/01 12:48:12 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2005/08/30 17:36:00 | 00,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2001/10/17 17:29:20 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Ofps.exe -- (OmniForm Printer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Program Files\AVG\AVG8\Firefox [2009/12/22 15:01:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/11/22 12:05:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/11/22 12:05:45 | 00,000,000 | ---D | M]

[2009/05/10 11:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Extensions
[2006/01/02 20:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\Mozilla\Firefox\Profiles\sgi8wrh9.default\extensions

O1 HOSTS File: (307407 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10582 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] D:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DVDLauncher] D:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Mary Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe ()
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D600 iR1200G Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: eyemedvisioncare.com. ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/02 16:18:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a1601b0-ca51-11dd-8d81-00164109b17d}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{0a1601b0-ca51-11dd-8d81-00164109b17d}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/02 16:17:32 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454953249374208)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/26 14:01:49 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2009/12/26 12:35:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mary Smith\Application Data\Malwarebytes
[2009/12/26 12:34:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 12:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/26 12:34:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/25 16:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/10/10 07:13:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/03/03 22:19:37 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2004/11/02 19:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/11/02 16:17:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/02 16:17:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/26 15:27:03 | 00,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1606980848-1343024091-1003UA.job
[2009/12/26 15:08:12 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/26 15:07:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 15:07:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/26 14:01:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Smith\Desktop\OTL.exe
[2009/12/26 13:57:25 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Mary Smith\NTUSER.DAT
[2009/12/26 13:57:08 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Mary Smith\ntuser.ini
[2009/12/26 13:55:00 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\gmer.zip
[2009/12/26 12:35:00 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 12:32:51 | 47,065,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/26 12:32:51 | 00,127,917 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/23 16:27:00 | 00,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1606980848-1343024091-1003Core.job
[2009/12/17 13:28:09 | 00,002,406 | ---- | M] () -- C:\Documents and Settings\Mary Smith\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2009/12/26 13:54:57 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Desktop\gmer.zip
[2009/12/26 12:35:00 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/20 01:11:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/12/20 00:38:01 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/12/20 00:37:59 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/12/14 20:44:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008/03/21 11:12:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/08/21 21:00:20 | 00,048,205 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/22 11:32:48 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/12/22 11:30:42 | 01,683,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/01/02 20:31:34 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2005/09/01 21:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/10 21:03:22 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Mary Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/03 23:21:22 | 00,001,129 | ---- | C] () -- C:\WINDOWS\Omate32.ini
[2005/03/03 23:21:14 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\u2lexch.dll
[2005/03/03 23:21:14 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\u2lsamp1.dll
[2005/03/03 23:21:14 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\u2lfinra.dll
[2005/03/03 23:21:13 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\u25dts.dll
[2005/03/03 23:21:13 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\u2lbar.dll
[2005/03/03 23:21:13 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\u2ldts.dll
[2005/03/03 23:21:11 | 00,000,108 | ---- | C] () -- C:\WINDOWS\HIGHEDIT.INI
[2005/03/03 22:19:42 | 00,000,994 | ---- | C] () -- C:\WINDOWS\System32\Azspell.ini
[2005/03/03 22:19:41 | 00,005,536 | ---- | C] () -- C:\WINDOWS\System32\WRAPPER.DLL
[2005/03/03 22:19:37 | 00,382,464 | ---- | C] () -- C:\WINDOWS\System32\HTKRNL32.DLL
[2005/03/03 22:08:59 | 00,000,000 | RH-- | C] () -- C:\WINDOWS\Reshaion.dll
[2005/02/17 11:08:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/04 20:29:57 | 00,007,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\flash.sys
[2004/11/14 22:36:21 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\CNCOAF.DLL
[2004/11/12 11:17:53 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2004/11/12 11:16:49 | 00,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2004/11/12 11:16:49 | 00,000,793 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2004/11/12 11:16:48 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[2004/11/12 11:16:45 | 00,002,959 | ---- | C] () -- C:\WINDOWS\pcw90.ini
[2004/11/02 21:03:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/02 17:25:35 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/03/18 12:01:24 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2006/08/20 21:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/08/20 21:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/05/08 21:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/02 07:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/03/10 21:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\Aim
[2007/02/02 07:57:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Smith\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/23 06:00:00 | 00,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-26 15:06:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MARYLI~1\LOCALS~1\Temp\awliqaow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164109b17d
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164109b17d (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\x2039\x2039T\x20ac` 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\x2039\x2039\x201c\x008feQ 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@czz<h 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ah\x8d\x8f\x2013 1

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP