Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running slow


  • Please log in to reply

#1
mnstrbuck

mnstrbuck

    Member

  • Member
  • PipPip
  • 36 posts
My Question is about my computer I recently had my computer in for a new hard drive install and since getting my computer back it has been running way to slow

when I visit my sites these pesky pop-up ad show up, and also when on youtube the video keep shaking and doesn't keep up the words that are being sung and loading the websites are even slow can some please take a look I did a OTL scan and here are the results

OTL logfile created on: 9/19/2013 7:02:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 39.42% Memory free
3.72 Gb Paging File | 2.51 Gb Available in Paging File | 67.48% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 465.75 Gb Total Space | 387.46 Gb Free Space | 83.19% Space Free | Partition Type: NTFS

Computer Name: ADMIN-6F9FC3320 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/19 19:02:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2013/09/15 15:56:46 | 001,164,328 | ---- | M] (iolo technologies, LLC) -- H:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/08/30 02:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- H:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- H:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/29 20:57:08 | 000,206,624 | ---- | M] (BrowseFox) -- H:\Program Files\BrowseFox\updateBrowseFox.exe
PRC - [2013/08/13 16:54:32 | 004,225,288 | ---- | M] (Eyeo GmbH) -- H:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
PRC - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) -- H:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/14 13:18:02 | 000,235,072 | ---- | M] (Internet Helper) -- H:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- H:\WINDOWS\mixer.exe
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- H:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/19 11:23:37 | 002,103,296 | ---- | M] () -- H:\Program Files\AVAST Software\Avast\defs\13091902\algo.dll
MOD - [2013/09/02 22:28:10 | 000,153,432 | ---- | M] () -- H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll
MOD - [2013/08/19 12:05:06 | 000,212,992 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/19 12:04:55 | 000,141,312 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2013/08/19 11:17:56 | 000,978,944 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013/08/19 10:31:49 | 005,462,016 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/19 10:23:49 | 007,977,984 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/08/03 13:56:45 | 011,497,984 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/06/12 21:44:43 | 000,016,808 | ---- | M] () -- H:\Program Files\Java\jre7\bin\jp2native.dll
MOD - [2013/06/12 21:44:34 | 000,197,032 | ---- | M] () -- H:\Program Files\Java\jre7\bin\jp2iexp.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- H:\WINDOWS\system32\quartz.dll
MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/26 17:41:20 | 000,305,664 | ---- | M] () -- H:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- H:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- H:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/15 15:56:46 | 001,164,328 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- H:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/09/13 22:18:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- H:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/08/29 20:57:08 | 000,206,624 | ---- | M] (BrowseFox) [Auto | Running] -- H:\Program Files\BrowseFox\updateBrowseFox.exe -- (Update BrowseFox)
SRV - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- H:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/15 15:50:02 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV - [2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 02:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- H:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- H:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 02:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- H:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- H:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/01/22 08:54:58 | 005,408,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/12/03 14:49:36 | 000,011,944 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2012/08/29 08:47:56 | 000,190,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 02:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/12 12:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DB942941-2B74-4888-9187-71F72491DD87}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 4D E9 14 12 B2 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {DB942941-2B74-4888-9187-71F72491DD87}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{DB942941-2B74-4888-9187-71F72491DD87}: "URL" = http://search.condui...2412724236&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/AuthorwarePlayer: H:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll (Macromedia, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: H:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: H:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: H:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/09/02 22:28:11 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - Extension: Docs = H:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: TopArcadeHits = H:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - H:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (BrowseFox) - {b9507101-e464-4b3b-a4cb-291aaedd94f2} - H:\Program Files\BrowseFox\BrowseFoxBHO.dll (Browse Fox)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - H:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - H:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] H:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [C-Media Mixer] H:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Internet Helper Anti-phishing] H:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing\internetHelper_antiphishing.exe (Internet Helper)
O4 - HKLM..\Run: [QuickTime Task] H:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1373552159031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1371599671109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254 142.161.130.155
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C0C52D9-4F8E-4DEC-9ECE-19B8070B5165}: DhcpNameServer = 192.168.100.254 142.161.130.155
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: H:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - H:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 19:02:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/09/19 10:04:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Local Settings\Application Data\Adblock Plus for IE
[2013/09/19 09:30:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\Adblock Plus for IE
[2013/09/19 09:30:22 | 000,000,000 | ---D | C] -- H:\Program Files\Adblock Plus for IE
[2013/09/18 13:28:46 | 000,000,000 | RH-D | C] -- H:\Documents and Settings\Admin\Recent
[2013/09/18 13:04:43 | 000,029,816 | ---- | C] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/09/18 13:04:43 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/09/18 13:04:42 | 000,369,584 | ---- | C] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswSP.sys
[2013/09/18 13:04:41 | 000,770,344 | ---- | C] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswSnx.sys
[2013/09/18 13:04:41 | 000,056,080 | ---- | C] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswTdi.sys
[2013/09/18 13:04:41 | 000,049,760 | ---- | C] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswRdr.sys
[2013/09/18 13:04:40 | 000,066,336 | ---- | C] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/09/18 12:59:24 | 000,041,664 | ---- | C] (AVAST Software) -- H:\WINDOWS\avastSS.scr
[2013/09/18 12:37:33 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\iolo
[2013/09/18 12:36:46 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2013/09/18 12:36:41 | 002,097,984 | ---- | C] (iolo technologies, LLC) -- H:\WINDOWS\System32\Incinerator32.dll
[2013/09/18 12:36:22 | 000,068,464 | ---- | C] (Raxco Software, Inc.) -- H:\WINDOWS\System32\drivers\PDFsFilter.sys
[2013/09/18 12:36:21 | 000,041,616 | ---- | C] (iolo technologies, LLC) -- H:\WINDOWS\System32\iolobtdfg.exe
[2013/09/18 12:36:21 | 000,023,568 | ---- | C] (iolo technologies, LLC) -- H:\WINDOWS\System32\smrgdf.exe
[2013/09/18 12:36:20 | 000,056,200 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\offreg.dll
[2013/09/18 12:36:13 | 000,000,000 | ---D | C] -- H:\Program Files\iolo
[2013/09/18 12:15:50 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\iolo
[2013/09/18 12:15:50 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\iolo
[2013/09/15 07:48:40 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Tracing
[2013/09/15 07:48:16 | 000,054,760 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2013/09/15 07:47:27 | 000,000,000 | ---D | C] -- H:\Program Files\Microsoft SQL Server Compact Edition
[2013/09/15 07:46:17 | 000,000,000 | ---D | C] -- H:\Program Files\Microsoft
[2013/09/15 07:46:06 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Documents\microsoft
[2013/09/15 07:45:59 | 000,000,000 | ---D | C] -- H:\Program Files\Windows Live SkyDrive
[2013/09/15 07:45:53 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/09/15 07:45:35 | 000,000,000 | ---D | C] -- H:\Program Files\Windows Live
[2013/09/15 07:42:29 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Windows Live
[2013/09/02 23:18:03 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\My Documents\Image-Line
[2013/09/02 23:18:03 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\Image-Line
[2013/09/02 23:18:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Start Menu\Programs\Image-Line
[2013/09/02 23:17:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Image-Line
[2013/09/02 23:17:25 | 001,554,944 | ---- | C] (HMS http://hp.vector.co....thors/VA012897/) -- H:\WINDOWS\System32\vorbis.acm
[2013/09/02 23:16:38 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\FlowStone
[2013/09/02 23:16:35 | 000,000,000 | ---D | C] -- H:\Program Files\DSPRobotics
[2013/09/02 23:03:08 | 000,000,000 | ---D | C] -- H:\Program Files\Image-Line
[2013/09/02 22:34:01 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\TEMP
[2013/09/02 22:28:13 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Start Menu\Programs\TopArcadeHits
[2013/09/02 22:28:11 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\Mozilla
[2013/09/02 22:28:08 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits
[2013/09/02 22:28:06 | 000,000,000 | ---D | C] -- H:\Program Files\BrowseFox

========== Files - Modified Within 30 Days ==========

[2013/09/19 19:02:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/09/19 19:01:00 | 000,000,412 | ---- | M] () -- H:\WINDOWS\tasks\At1.job
[2013/09/19 18:42:55 | 000,000,334 | ---- | M] () -- H:\WINDOWS\tasks\TopArcadeHits.job
[2013/09/19 18:18:00 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/19 14:57:56 | 000,000,422 | -H-- | M] () -- H:\WINDOWS\tasks\User_Feed_Synchronization-{DF9EFA9C-B7BF-454B-B084-7916D2DE3D37}.job
[2013/09/19 13:04:00 | 000,000,314 | -H-- | M] () -- H:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/18 13:22:01 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2013/09/18 13:13:48 | 000,001,945 | ---- | M] () -- H:\WINDOWS\epplauncher.mif
[2013/09/18 13:04:43 | 000,001,689 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/18 13:04:40 | 000,002,577 | ---- | M] () -- H:\WINDOWS\System32\CONFIG.NT
[2013/09/18 12:39:19 | 000,000,406 | ---- | M] () -- H:\WINDOWS\System32\ioloBootDefrag.cfg
[2013/09/18 12:36:57 | 000,001,689 | ---- | M] () -- H:\Documents and Settings\Admin\Desktop\System Mechanic.lnk
[2013/09/18 12:24:18 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2013/09/18 12:17:01 | 000,074,703 | ---- | M] () -- H:\WINDOWS\System32\mfc45.dat
[2013/09/18 12:15:50 | 000,074,703 | ---- | M] () -- H:\WINDOWS\System32\mfc45.dll
[2013/09/16 03:21:44 | 000,524,218 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2013/09/16 03:21:44 | 000,096,024 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2013/09/16 03:17:17 | 000,098,256 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/15 16:18:10 | 000,041,616 | ---- | M] (iolo technologies, LLC) -- H:\WINDOWS\System32\iolobtdfg.exe
[2013/09/15 16:18:00 | 000,023,568 | ---- | M] (iolo technologies, LLC) -- H:\WINDOWS\System32\smrgdf.exe
[2013/09/15 15:59:12 | 002,097,984 | ---- | M] (iolo technologies, LLC) -- H:\WINDOWS\System32\Incinerator32.dll
[2013/09/15 15:50:02 | 000,068,464 | ---- | M] (Raxco Software, Inc.) -- H:\WINDOWS\System32\drivers\PDFsFilter.sys
[2013/09/15 15:50:02 | 000,056,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\offreg.dll
[2013/09/15 03:33:00 | 000,000,354 | ---- | M] () -- H:\WINDOWS\tasks\Driver Robot.job
[2013/09/14 20:23:17 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/13 22:18:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/13 22:18:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/30 02:48:13 | 000,177,864 | ---- | M] () -- H:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/30 02:48:12 | 000,049,376 | ---- | M] () -- H:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- H:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/30 02:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- H:\WINDOWS\avastSS.scr
[2013/08/30 02:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- H:\WINDOWS\System32\aswBoot.exe
[2013/08/29 22:50:13 | 000,000,505 | ---- | M] () -- H:\Documents and Settings\Admin\Desktop\New Briefcase.zip
[2013/08/27 18:40:18 | 000,000,623 | ---- | M] () -- H:\Documents and Settings\Admin\My Documents\just reason i hate you.rtf

========== Files Created - No Company Name ==========

[2013/09/18 13:04:43 | 000,001,689 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/18 13:04:41 | 000,000,314 | -H-- | C] () -- H:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/18 13:04:40 | 000,177,864 | ---- | C] () -- H:\WINDOWS\System32\drivers\aswVmm.sys
[2013/09/18 13:04:40 | 000,049,376 | ---- | C] () -- H:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/09/18 12:39:19 | 000,000,406 | ---- | C] () -- H:\WINDOWS\System32\ioloBootDefrag.cfg
[2013/09/18 12:36:57 | 000,001,689 | ---- | C] () -- H:\Documents and Settings\Admin\Desktop\System Mechanic.lnk
[2013/09/18 12:17:01 | 000,074,703 | ---- | C] () -- H:\WINDOWS\System32\mfc45.dat
[2013/09/18 12:15:50 | 000,074,703 | ---- | C] () -- H:\WINDOWS\System32\mfc45.dll
[2013/09/02 22:28:08 | 000,000,334 | ---- | C] () -- H:\WINDOWS\tasks\TopArcadeHits.job
[2013/08/29 22:50:13 | 000,000,505 | ---- | C] () -- H:\Documents and Settings\Admin\Desktop\New Briefcase.zip
[2013/08/24 01:07:33 | 000,000,623 | ---- | C] () -- H:\Documents and Settings\Admin\My Documents\just reason i hate you.rtf
[2013/08/10 22:48:54 | 000,000,175 | ---- | C] () -- H:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/08/10 22:48:54 | 000,000,175 | ---- | C] () -- H:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/08/10 22:48:54 | 000,000,175 | ---- | C] () -- H:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/01 11:37:30 | 000,010,240 | ---- | C] () -- H:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/24 14:25:49 | 000,000,025 | ---- | C] () -- H:\WINDOWS\mixerdef.ini
[2013/06/24 12:19:39 | 000,025,816 | ---- | C] () -- H:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\y.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\x.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\UYKKK.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\UYJ.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\su.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\s.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\q.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\olo.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\ik.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\hy.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\hukyium.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\gt.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\GFG.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\[bleep]en strong.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\ed.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\dill.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\daws.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\daws is buff.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\d.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\charlie.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\bull.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\bull hunt.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\bn.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\bigbull.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\azd.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\a.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\2343 street.bmp
[2013/04/22 11:26:18 | 000,230,454 | ---- | C] () -- H:\Documents and Settings\Admin\;p.bmp
[2013/04/19 14:59:52 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2013/04/19 13:33:22 | 000,650,752 | ---- | C] () -- H:\WINDOWS\System32\xvidcore.dll
[2013/04/19 13:33:22 | 000,243,200 | ---- | C] () -- H:\WINDOWS\System32\xvidvfw.dll
[2013/04/19 13:33:19 | 000,715,038 | ---- | C] () -- H:\WINDOWS\unins000.exe
[2013/04/19 13:33:19 | 000,216,064 | ---- | C] ( ) -- H:\WINDOWS\System32\lagarith.dll
[2013/04/19 13:33:19 | 000,155,648 | ---- | C] () -- H:\WINDOWS\System32\utv_core.dll
[2013/04/19 13:33:19 | 000,069,632 | ---- | C] () -- H:\WINDOWS\System32\utv_vcm.dll
[2013/04/19 13:33:19 | 000,001,794 | ---- | C] () -- H:\WINDOWS\unins000.dat
[2013/04/19 13:31:49 | 000,271,264 | ---- | C] () -- H:\WINDOWS\System32\vbrun100.dll
[2013/04/19 13:31:49 | 000,210,944 | ---- | C] () -- H:\WINDOWS\System32\msvcrt10.dll
[2013/04/19 13:31:13 | 000,000,000 | ---- | C] () -- H:\WINDOWS\ativpsrm.bin
[2013/04/19 13:30:12 | 003,107,788 | ---- | C] () -- H:\WINDOWS\System32\ativva5x.dat
[2013/04/19 13:30:12 | 000,887,724 | ---- | C] () -- H:\WINDOWS\System32\ativva6x.dat
[2013/04/19 13:30:07 | 000,189,051 | ---- | C] () -- H:\WINDOWS\System32\atiicdxx.dat
[2013/04/19 13:10:26 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat
[2013/04/19 13:06:30 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat
[2013/04/19 06:25:53 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2013/04/19 06:23:11 | 000,098,256 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/13 11:49:46 | 000,112,640 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll
[2013/02/07 07:22:00 | 000,050,330 | ---- | C] () -- H:\Program Files\AntiDust.exe
[2012/05/21 09:28:58 | 000,155,648 | ---- | C] () -- H:\WINDOWS\System32\mlc.dll

========== ZeroAccess Check ==========

[2013/04/19 14:00:03 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = H:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = H:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >
  • 0

Advertisements


#2
mnstrbuck

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
this also show up on the scan


OTL Extras logfile created on: 9/19/2013 7:02:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 39.42% Memory free
3.72 Gb Paging File | 2.51 Gb Available in Paging File | 67.48% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 465.75 Gb Total Space | 387.46 Gb Free Space | 83.19% Space Free | Partition Type: NTFS

Computer Name: ADMIN-6F9FC3320 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
"{1ce01891-839b-4ad1-b629-2e608ba0c6ba}" = Adblock Plus for IE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java™ 7
"{26A24AE4-039D-4CA4-87B4-2F83217007F0}" = Java 7 Update 7
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4653FE0D-2762-41B6-A757-8C4F00B790C3}" = Adblock Plus for IE (32-bit)
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4920103-09F6-4AD2-B150-CFC4474D2DDC}" = Simple Adblock
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe Shockwave Player + Authorware Web Player" = Adobe Shockwave Player + Authorware Web Player
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BrowseFox" = BrowseFox 3.0.0
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"IL Shared Libraries" = IL Shared Libraries
"Internet Helper Anti-phishing" = Internet Helper Anti-phishing
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PCI Audio Driver" = PCI Audio Driver
"PokerStars" = PokerStars
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"SAM CoDeC Pack" = SAM CoDeC Pack
"TeraCopy_is1" = TeraCopy 2.27
"utvideo_is1" = Ut Video Codec Suite
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid_is1" = Xvid MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C1C3E833-420E-4D78-9BA7-86AEBB272384}" = TopArcadeHits

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2013 8:17:43 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2013 8:17:43 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2013 8:17:43 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2013 8:17:43 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2013 8:17:44 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2013 4:17:55 AM | Computer Name = ADMIN-6F9FC3320 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 9/16/2013 4:43:16 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2013 5:34:09 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/18/2013 6:27:51 PM | Computer Name = ADMIN-6F9FC3320 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23520, fault address 0x002b9a48.

Error - 9/19/2013 9:41:24 AM | Computer Name = ADMIN-6F9FC3320 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/19/2013 11:01:00 AM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 12:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 1:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 2:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 3:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 4:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 5:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 6:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 7:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403

Error - 9/19/2013 8:01:00 PM | Computer Name = ADMIN-6F9FC3320 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942403


< End of report >
  • 0

#3
mnstrbuck

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
My computer I think has a virus that my virus protection can't pick up need help

Thanks guy
  • 0

#4
mnstrbuck

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
here is a malwarebytes log from this morning

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.21.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: ADMIN-6F9FC3320 [administrator]

9/21/2013 7:29:04 AM
mbam-log-2013-09-21 (07-29-04).txt

Scan type: Full scan (H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256650
Time elapsed: 1 hour(s), 31 minute(s), 59 second(s)

Memory Processes Detected: 1
H:\Program Files\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> 2060 -> Delete on reboot.

Memory Modules Detected: 3
H:\Program Files\BrowseFox\BrowseFoxBHO.dll (PUP.Optional.BrowseFox.A) -> Delete on reboot.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Delete on reboot.
H:\Program Files\BrowseFox\BrowseFox.Common.dll (PUP.Optional.BrowseFox.A) -> Delete on reboot.

Registry Keys Detected: 26
HKCR\CLSID\{b9507101-e464-4b3b-a4cb-291aaedd94f2} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{006232f7-dbd6-4631-84e8-66ea161b43c4} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\Interface\{BB9817CA-9B43-41EB-8706-44847957338D} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseFox (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseFox (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Data: airi -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits (Adware.GameVance) -> Delete on reboot.
H:\Documents and Settings\Admin\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> Delete on reboot.
H:\Documents and Settings\Admin\Start Menu\Programs\DealPly (PUP.OPtional.Dealply.A) -> Quarantined and deleted successfully.
H:\Program Files\BrowseFox (PUP.Optional.BrowseFox.A) -> Delete on reboot.
H:\Documents and Settings\Admin\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 57
H:\Program Files\BrowseFox\BrowseFoxBHO.dll (PUP.Optional.BrowseFox.A) -> Delete on reboot.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Delete on reboot.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\updater.exe (Adware.GameVance) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{B30DBC99-95F3-420D-82ED-EA8A16D031BB}\RP255\A0041937.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{B30DBC99-95F3-420D-82ED-EA8A16D031BB}\RP145\A0010402.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\tah.config (Adware.GameVance) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll (Adware.GameVance) -> Delete on reboot.
H:\Documents and Settings\Admin\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Local Settings\Application Data\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\WINDOWS\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Start Menu\Programs\DealPly\DealPly Help.url (PUP.OPtional.Dealply.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Start Menu\Programs\DealPly\DealPly.url (PUP.OPtional.Dealply.A) -> Quarantined and deleted successfully.
H:\Program Files\BrowseFox\updateBrowseFox.InstallState (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
H:\Program Files\BrowseFox\BrowseFox.Common.dll (PUP.Optional.BrowseFox.A) -> Delete on reboot.
H:\Program Files\BrowseFox\BrowseFox.ico (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
H:\Program Files\BrowseFox\BrowseFoxUninstall.exe (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
H:\Program Files\BrowseFox\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
H:\Program Files\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> Delete on reboot.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
H:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP