1. High CPU usage.
2. Desktop icons slow to paint and display
3. delay loading for docs and spreadsheets
4. Commands in Applications take longer to execute.
5. PC freezes up while Google chrome is open (at times, not always).
Ran OLT and MBAM, logs follow.
Thank you in advance for your help.
OTL logfile created on: 12/28/2011 11:38:34 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ray\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.94 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 65.21% Memory free
6.09 Gb Paging File | 5.18 Gb Available in Paging File | 85.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 153.11 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.88% Space Free | Partition Type: NTFS
Drive E: | 211.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/28 11:26:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/20 18:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 18:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/01 22:43:50 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/07/01 22:43:46 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/04 02:22:40 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/05/04 02:22:40 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/01/20 18:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/29 01:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2000/03/06 03:15:30 | 000,056,320 | ---- | M] (Aironet Wireless Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcx500.sys -- (PCX500)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ray\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ray\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ray\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ray\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ray\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.2.0.7165_0\npSkypeChromePlugin.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Ray\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmartClock] C:\Program Files\SmartClock\SmartClock.exe (Pavel Chmelař)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mfglobal.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.go...7/uploader2.cab (UploadListView Class)
O16 - DPF: {56E4B9EB-4C79-4568-A19E-72794FA70060} http://mtradeprocf.m...sFiles/pats.cab (PatsShellOCX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://mtradeprocf.m...Man/default.cfm (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{542A7AAD-9EAD-4BFF-9C8F-BE7517055241}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ray\Pictures\metaphorical-journey-lg.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ray\Pictures\metaphorical-journey-lg.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/03/13 06:53:34 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a14b94a-7182-11de-b99b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4a14b94a-7182-11de-b99b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LAUNCH.EXE -- [2007/02/19 18:37:28 | 000,045,056 | R--- | M] (Eastman Kodak)
O33 - MountPoints2\{e2eaf624-9a39-11de-82eb-001aa05fab16}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{e2eaf624-9a39-11de-82eb-001aa05fab16}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/28 11:26:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
[2011/12/27 16:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/27 16:57:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/27 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/27 16:04:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/13 19:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CitrixLogs
[2011/12/13 19:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2011/12/13 19:11:23 | 011,881,936 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Ray\gosetup.exe
[2011/11/30 17:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/30 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/30 17:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/30 16:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/30 16:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
========== Files - Modified Within 30 Days ==========
[2011/12/28 11:26:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
[2011/12/28 11:26:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 11:26:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 11:08:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 10:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3895295513-1753604597-3892548563-1000UA.job
[2011/12/28 09:44:40 | 000,032,705 | ---- | M] () -- C:\Users\Ray\Desktop\20110921081154BARCOUNTDOWNTIMER (2).ELD
[2011/12/28 08:58:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3895295513-1753604597-3892548563-1000Core.job
[2011/12/28 07:33:25 | 009,609,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/28 07:33:25 | 003,259,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 07:28:29 | 000,000,043 | ---- | M] () -- C:\Windows\WALLSTRT.INI
[2011/12/28 07:27:32 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 07:25:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 07:25:54 | 3152,535,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 16:57:53 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 15:58:30 | 000,031,938 | ---- | M] () -- C:\Users\Ray\Desktop\Range.csv
[2011/12/22 15:58:30 | 000,026,760 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat
[2011/12/22 15:54:14 | 000,131,584 | ---- | M] () -- C:\Users\Ray\Desktop\Range.xlr
[2011/12/16 09:31:25 | 000,282,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/30 17:52:28 | 000,683,388 | ---- | M] () -- C:\Users\Ray\Desktop\Pullback System.pdf
[2011/11/30 16:20:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
========== Files Created - No Company Name ==========
[2011/12/28 09:44:55 | 000,032,705 | ---- | C] () -- C:\Users\Ray\Desktop\20110921081154BARCOUNTDOWNTIMER (2).ELD
[2011/12/27 16:57:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 15:58:28 | 000,031,938 | ---- | C] () -- C:\Users\Ray\Desktop\Range.csv
[2011/12/22 15:54:14 | 000,131,584 | ---- | C] () -- C:\Users\Ray\Desktop\Range.xlr
[2011/11/28 10:37:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/08/01 05:02:04 | 000,000,320 | ---- | C] () -- C:\Users\Ray\AppData\Roaming\SEC366121.trad
[2010/04/26 16:46:54 | 002,309,120 | ---- | C] () -- C:\Windows\System32\pdftk.exe
[2010/04/26 16:46:50 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2010/04/26 16:46:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\utility3.dll
[2010/04/26 16:46:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\Execute.dll
[2010/04/26 16:46:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009/09/10 17:11:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 17:11:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/09 09:59:44 | 000,026,760 | ---- | C] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat
[2009/08/20 06:53:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/15 11:45:16 | 000,006,944 | ---- | C] () -- C:\Users\Ray\AppData\Local\d3d9caps.dat
[2009/08/15 11:36:04 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 17:36:35 | 000,018,944 | ---- | C] () -- C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/28 16:55:00 | 000,290,816 | ---- | C] () -- C:\Windows\System32\drivers\WEPStat.exe
[2009/07/28 16:55:00 | 000,286,720 | ---- | C] () -- C:\Windows\System32\drivers\ACrd10SM.DLL
[2009/07/28 16:55:00 | 000,017,384 | ---- | C] () -- C:\Windows\System32\drivers\CINST16.dll
[2009/04/11 11:18:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 09:26:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/03/19 02:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 02:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 02:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 02:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/02 04:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:44:53 | 000,282,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 02:33:01 | 009,609,972 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 003,259,094 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/01/26 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\ATT Connect
[2010/10/08 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Bullzip
[2011/03/08 07:21:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Charles Schwab
[2010/11/03 13:43:18 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\DelTel, Inc
[2010/03/08 20:12:35 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\GetRightToGo
[2009/09/19 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\NetDrive
[2009/09/09 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Template
[2009/08/15 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\TradeStation Technologies
[2011/06/02 09:26:28 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\webex
[2011/12/27 18:14:13 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/01 16:47:52 | 000,000,566 | ---- | M] () -- C:\Windows\Tasks\TradeStation Backup - Monthly.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 1184 bytes -> C:\Users\Ray\Documents\L.A. says Deutsche Bank among city s largest slumlords.eml:OECustomProperty
< End of report >
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122705
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19170
12/27/2011 5:04:58 PM
mbam-log-2011-12-27 (17-04-58).txt
Scan type: Quick scan
Objects scanned: 163111
Time elapsed: 3 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Ray\downloads\pdfreader_setup.exe (Adware.Agent) -> Quarantined and deleted successfully.