Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Slow Win XP ALL OF A SUDDEN


  • Please log in to reply

#1
amstuart

amstuart

    Member

  • Member
  • PipPipPip
  • 102 posts
Hi:

Running Win XP Home on an Office PC. The receptionist has not downloaded anything or changed programs recently. We run AVG 9, Spyware Blaster, WinPatrol, SpyBot S & D, and we keep Windows definitions and updates current.

Attached are my Logs. OTL "Exra" report would not appear after the OTL scans despite COPYING nad PASTING the script twice.

Thanks.

Adam

Malwarebytes' Anti-Malware 1.44
Database version: 3633
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/25/2010 7:08:59 AM
mbam-log-2010-01-25 (07-08-59).txt

Scan type: Quick Scan
Objects scanned: 118864
Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 09:32:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 1/25/2010 11:43:21 AM - Run 4
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 46.00% Memory free
625.00 Mb Paging File | 299.00 Mb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 23.14 Gb Free Space | 62.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESI
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/25 11:42:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/01/11 09:55:44 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/11 09:45:12 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/11 09:45:12 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/11 09:45:11 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/11 09:45:11 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/11 09:44:37 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/11 07:52:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/10 16:07:08 | 00,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/04/05 10:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2002/08/06 15:24:14 | 00,090,112 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe
PRC - [2000/08/08 10:32:54 | 00,067,848 | ---- | M] (Seiko Instruments USA, Inc.) -- C:\WINNT\system32\slpmonx.exe
PRC - [2000/03/21 19:24:00 | 00,032,256 | ---- | M] (ProdEx Technologies) -- C:\WINNT\system32\slpservice.exe
PRC - [1999/09/17 13:33:48 | 00,049,152 | ---- | M] (Seiko Instruments USA Inc.) -- C:\WINNT\Seiko\slpcap.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 11:42:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/11/21 10:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\AppPatch\aclayers.dll
MOD - [2008/04/13 19:12:05 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shimeng.dll
MOD - [2007/03/26 13:03:20 | 00,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/11 09:44:37 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/11 07:52:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/04/05 10:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2002/12/04 03:24:20 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 12:36:24 | 01,118,208 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2000/03/21 19:24:00 | 00,032,256 | ---- | M] (ProdEx Technologies) [Auto | Running] -- C:\WINNT\system32\slpservice.exe -- (SLPMONX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1



O1 HOSTS File: ([2010/01/07 10:07:04 | 00,372,393 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 12837 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartCapture.lnk = C:\WINNT\Seiko\slpcap.exe (Seiko Instruments USA Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 66 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3B5E6F50-41B3-4DAA-8BC7-8155DDC7810C} http://install.spywa...r3801040702.EXE (Reg Error: Key error.)
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262898629328 (MUWebControl Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci...6.1.7_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINNT\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2003/01/09 08:37:10 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINNT\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55735438412873728)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/25 11:42:00 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/25 11:39:32 | 00,000,000 | ---D | C] -- C:\WINNT\LastGood
[2010/01/21 17:01:05 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/21 16:59:48 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup42.exe
[2010/01/21 06:41:00 | 00,000,000 | ---D | C] -- C:\WINNT\Sun
[2010/01/21 05:49:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/01/20 16:17:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/01/20 16:17:48 | 00,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/01/19 12:26:00 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/01/11 13:37:07 | 00,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/01/11 09:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/11 09:30:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/11 09:30:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/11 09:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/11 09:21:11 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_40_cnet.exe
[2010/01/11 07:51:26 | 00,800,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u17-rv.exe
[2010/01/11 06:05:47 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB936929-SP3-x86-ENU.exe
[2010/01/07 14:48:17 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2010/01/06 16:38:32 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/01/06 14:45:27 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup227.exe
[2010/01/06 14:41:30 | 00,999,160 | ---- | C] (BillP Studios) -- C:\Program Files\wpsetup.exe
[2010/01/06 14:10:04 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/29 02:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/10/26 10:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/07/31 13:32:48 | 48,367,896 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_138a1332.exe
[2008/07/31 13:25:47 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2005/08/02 08:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2003/05/01 12:09:08 | 00,751,560 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\CMWSetup.exe
[1996/11/18 21:15:46 | 00,018,944 | ---- | C] ( ) -- C:\WINNT\System32\implode.dll

========== Files - Modified Within 14 Days ==========

[2010/01/25 11:42:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/25 11:36:24 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/01/25 11:05:36 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/01/25 11:05:26 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/01/25 11:05:22 | 26,619,4944 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/25 11:04:18 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/25 11:03:58 | 00,000,731 | ---- | M] () -- C:\WINNT\win.ini
[2010/01/25 11:03:54 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/25 11:03:21 | 04,303,960 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/25 09:00:20 | 00,000,382 | -H-- | M] () -- C:\WINNT\tasks\{F751E295-159B-4D08-850F-83B473E17C7A}_DESI_Owner.job
[2010/01/25 06:42:49 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/01/21 17:01:15 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/01/21 17:00:53 | 03,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup42.exe
[2010/01/21 16:00:06 | 00,000,382 | -H-- | M] () -- C:\WINNT\tasks\{92087109-E8FF-4CC3-93C1-72A3675397A5}_DESI_Owner.job
[2010/01/21 08:45:03 | 54,461,828 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2010/01/20 16:26:29 | 00,015,944 | ---- | M] () -- C:\WINNT\System32\drivers\hitmanpro35.sys
[2010/01/19 18:24:54 | 00,142,495 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2010/01/19 12:26:22 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/01/15 16:00:23 | 00,000,382 | -H-- | M] () -- C:\WINNT\tasks\{A553A9B0-86B9-472F-B3A5-4778491F6735}_DESI_Owner.job
[2010/01/14 10:05:21 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\medicaid sign in .url
[2010/01/11 13:36:56 | 00,798,000 | ---- | M] () -- C:\Program Files\RegpairSetup.exe

========== Files Created - No Company Name ==========

[2010/01/25 07:30:57 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/01/25 06:42:47 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/01/20 16:26:29 | 00,015,944 | ---- | C] () -- C:\WINNT\System32\drivers\hitmanpro35.sys
[2010/01/20 16:21:59 | 26,619,4944 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/11 13:35:29 | 00,798,000 | ---- | C] () -- C:\Program Files\RegpairSetup.exe
[2010/01/06 12:49:37 | 07,451,168 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/10/26 10:03:55 | 16,597,504 | ---- | C] () -- C:\Program Files\LogMeIn.msi
[2008/08/20 13:12:32 | 00,120,205 | ---- | C] () -- C:\Program Files\Referral Request Details.pdf
[2008/05/05 11:59:07 | 00,040,448 | R--- | C] () -- C:\WINNT\System32\Regobj.dll
[2008/05/05 11:59:06 | 00,070,656 | ---- | C] () -- C:\WINNT\System32\u2lesbse.dll
[2008/05/05 11:59:06 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\u2lbar.dll
[2008/05/05 11:59:06 | 00,038,400 | ---- | C] () -- C:\WINNT\System32\u2ldts.dll
[2008/05/05 11:59:06 | 00,036,864 | ---- | C] () -- C:\WINNT\System32\u2lexch.dll
[2008/05/05 11:59:06 | 00,027,136 | ---- | C] () -- C:\WINNT\System32\u2lsamp1.dll
[2008/05/05 11:59:06 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\u2lfinra.dll
[2008/05/05 11:59:04 | 00,061,440 | ---- | C] () -- C:\WINNT\System32\u25store.dll
[2008/05/05 11:59:04 | 00,059,904 | ---- | C] () -- C:\WINNT\System32\u25total.dll
[2008/05/05 11:59:04 | 00,044,544 | ---- | C] () -- C:\WINNT\System32\u25dts.dll
[2008/05/05 11:59:03 | 00,306,176 | ---- | C] () -- C:\WINNT\System32\p2smcube.dll
[2008/05/05 11:59:03 | 00,239,616 | ---- | C] () -- C:\WINNT\System32\p2solap.dll
[2008/05/05 11:59:00 | 00,300,544 | ---- | C] () -- C:\WINNT\System32\p2molap.dll
[2007/02/16 08:42:24 | 19,170,000 | ---- | C] () -- C:\Program Files\avg75free_441a944.exe
[2007/01/03 07:35:27 | 18,257,616 | ---- | C] () -- C:\Program Files\avg75free_432a904.exe
[2007/01/03 07:34:57 | 05,186,048 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
[2006/10/21 09:49:17 | 06,469,352 | ---- | C] () -- C:\Program Files\avgas-setup-7.5.0.50.exe
[2006/06/13 13:27:30 | 02,855,080 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2006/06/13 09:50:21 | 17,093,296 | ---- | C] () -- C:\Program Files\avg71free_394a757.exe
[2005/11/11 09:03:33 | 00,000,000 | ---- | C] () -- C:\WINNT\ka.ini
[2005/05/04 08:58:36 | 00,000,358 | ---- | C] () -- C:\WINNT\farmmext.ini
[2005/05/04 08:58:28 | 00,000,045 | ---- | C] () -- C:\WINNT\FBCDJMKN.ini
[2005/03/04 15:48:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2005/03/04 15:48:10 | 00,001,596 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2004/05/21 10:12:23 | 00,000,021 | ---- | C] () -- C:\WINNT\PI_setup.ini
[2004/05/21 10:04:41 | 00,000,029 | ---- | C] () -- C:\WINNT\DEBUGSM.INI
[2004/04/27 11:03:39 | 00,000,400 | ---- | C] () -- C:\WINNT\Belt.ini
[2004/04/22 12:01:27 | 00,000,017 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/02/05 09:56:11 | 00,000,111 | ---- | C] () -- C:\WINNT\EPSON Stylus CX5400.ini
[2004/01/12 11:52:40 | 00,036,864 | ---- | C] () -- C:\WINNT\System32\SlpApi42.dll
[2004/01/07 16:31:54 | 00,012,288 | ---- | C] () -- C:\WINNT\impborl.dll
[2004/01/06 14:33:39 | 00,000,004 | ---- | C] () -- C:\WINNT\msoffice.ini
[2004/01/06 08:31:09 | 00,015,576 | R--- | C] () -- C:\WINNT\System32\drivers\usbbc.sys
[2004/01/06 08:25:44 | 00,000,264 | ---- | C] () -- C:\WINNT\System32\winsusrm.dll
[2003/09/16 13:07:23 | 00,000,074 | ---- | C] () -- C:\WINNT\TwainUI.INI
[2003/08/28 15:25:50 | 00,000,026 | ---- | C] () -- C:\WINNT\UP9ASP.INI
[2003/07/15 15:30:01 | 00,044,659 | ---- | C] () -- C:\Program Files\WarnerBros-Thirt.jpg
[2003/05/01 11:53:34 | 00,007,711 | ---- | C] () -- C:\Program Files\SETUP.INI
[2003/04/03 11:34:00 | 00,000,054 | ---- | C] () -- C:\WINNT\TwUI215.INI
[2003/03/14 14:48:13 | 00,000,235 | ---- | C] () -- C:\WINNT\qwimp.ini
[2003/03/14 10:53:22 | 00,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/03/06 23:33:24 | 00,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/03/06 23:18:58 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\CTPdeSrvps.dll
[2003/03/06 23:16:28 | 00,000,540 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/03/06 23:14:36 | 00,001,262 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/03/06 23:14:36 | 00,000,372 | ---- | C] () -- C:\WINNT\intuprof.ini
[2003/03/06 23:13:16 | 00,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2003/03/06 23:13:16 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2003/03/06 23:12:01 | 00,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI
[2003/03/06 23:11:59 | 00,000,701 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/01/09 09:22:56 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/01/09 09:04:29 | 00,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2002/12/04 03:24:26 | 00,561,152 | ---- | C] () -- C:\WINNT\System32\hpotscl.dll
[2002/11/14 12:58:04 | 00,200,192 | ---- | C] () -- C:\WINNT\System32\ir50_qc.dll
[2002/11/14 12:58:04 | 00,183,808 | ---- | C] () -- C:\WINNT\System32\ir50_qcx.dll
[2002/11/14 12:58:02 | 00,755,200 | ---- | C] () -- C:\WINNT\System32\ir50_32.dll
[2002/11/14 12:58:02 | 00,338,432 | ---- | C] () -- C:\WINNT\System32\ir41_qcx.dll
[2002/11/14 12:58:02 | 00,120,320 | ---- | C] () -- C:\WINNT\System32\ir41_qc.dll
[1998/05/30 23:00:00 | 00,748,160 | ---- | C] () -- C:\WINNT\System32\CO2C40EN.DLL

========== LOP Check ==========

[2010/01/11 09:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/21 05:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/07/31 16:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/01/20 16:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/01/21 17:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2003/08/28 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/13 09:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2003/03/06 23:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/02/05 10:05:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/04/26 07:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lycos
[2010/01/06 14:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2010/01/21 16:00:06 | 00,000,382 | -H-- | M] () -- C:\WINNT\Tasks\{92087109-E8FF-4CC3-93C1-72A3675397A5}_DESI_Owner.job
[2010/01/15 16:00:23 | 00,000,382 | -H-- | M] () -- C:\WINNT\Tasks\{A553A9B0-86B9-472F-B3A5-4778491F6735}_DESI_Owner.job
[2010/01/25 09:00:20 | 00,000,382 | -H-- | M] () -- C:\WINNT\Tasks\{F751E295-159B-4D08-850F-83B473E17C7A}_DESI_Owner.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/11/09 08:00:22 | 22,245,337 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/11/09 08:00:22 | 22,245,337 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/09/22 07:33:44 | 23,852,652 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 07:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys
[2004/11/09 08:00:22 | 22,245,337 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2004/11/09 08:00:22 | 22,245,337 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/09/22 07:33:44 | 23,852,652 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\system32\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/10/29 02:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtmsft.dll
[2009/10/29 02:46:51 | 00,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP