Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet explorer using large amounts of memory and hangs


  • This topic is locked This topic is locked

#1
gigi1444

gigi1444

    Member

  • Member
  • PipPip
  • 60 posts
Im not sure if this is the proper place to post this but here goes. I have been having major issues within the past month with internet explorer using really large amounts of memory, sometimes as much at 1,000,000in virtual memory. I cant figure out what is causing it. I have run my viruas scan, cccleaner and malwarebytes. Hoping you can help me figure this out as it is so frustrating to have to shut down when everything just hangs up due to large CPU usage. Thanks in advance for any and all help.

Here is the OTL log ( I did notice in this log that there are several plug ins for mozilla and I dont use firefox...Is this a problem?)


OTL logfile created on: 10/10/2011 11:39:49 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 27.98 Mb Available Physical Memory | 6.25% Memory free
1.03 Gb Paging File | 0.44 Gb Available in Paging File | 43.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.99 Gb Total Space | 53.49 Gb Free Space | 83.59% Space Free | Partition Type: NTFS
Drive D: | 10.52 Gb Total Space | 6.15 Gb Free Space | 58.44% Space Free | Partition Type: FAT32

Computer Name: GENEVIEVE | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 11:39:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/08/17 15:45:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/08/17 15:45:43 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/08/17 15:45:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/17 15:45:43 | 000,223,912 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2005/08/10 13:02:11 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2005/04/23 20:45:56 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\WIN2PDFM.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (aawservice)
SRV - [2011/08/17 15:45:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/08/17 15:45:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/08/17 15:45:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/17 15:45:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/15 06:34:00 | 000,519,168 | R--- | M] (Atheros Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanGZXP.sys -- (ZG760_XP)
DRV - [2008/04/15 12:45:46 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2008/04/15 12:45:44 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/01 19:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/30 00:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/25 08:00:02 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/09/24 12:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/11 01:39:38 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/05/03 15:56:24 | 000,024,528 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2010/07/19 07:33:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1110593032968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136908535343 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zone...canner37470.cab (ICSScanner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FB374C0-F6AB-4139-BBB5-798CD62F80E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FB374C0-F6AB-4139-BBB5-798CD62F80E6}: NameServer = 67.90.152.122,67.107.71.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE403B41-DC12-48E4-A1A2-74C611672312}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/20 08:13:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{5af8c160-b5ee-11df-9b70-404a03053973}\Shell - "" = AutoRun
O33 - MountPoints2\{5af8c160-b5ee-11df-9b70-404a03053973}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.e)
O34 - HKLM BootExecute: (SsiEfr.e)
O34 - HKLM BootExecute: (SsiEfr.e)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 11:39:09 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/10/03 23:56:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2011/10/02 14:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Cals fall mystery
[2011/09/20 00:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\FixItCenter
[2011/09/20 00:26:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2011/09/20 00:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/09/20 00:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\ElevatedDiagnostics
[2011/09/20 00:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/09/20 00:24:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

========== Files - Modified Within 30 Days ==========

[2011/10/10 11:39:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/10/10 08:33:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/10/09 00:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/07 14:28:35 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/10/07 14:27:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/07 14:26:00 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 14:26:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/04 00:05:22 | 000,018,212 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20111004_000512.reg
[2011/10/03 23:53:52 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/03 08:20:22 | 000,472,326 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\FreePatternDL - Hexigon quilt.pdf
[2011/10/02 22:00:04 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/10/02 14:12:32 | 000,428,026 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Snowball and Nine Patch Swap Guidelines.pdf
[2011/10/02 12:30:01 | 002,405,090 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\FonsPorter_QuickGifts.pdf
[2011/10/02 11:26:04 | 001,130,783 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\LOQ_BlockBuster.pdf
[2011/09/30 20:07:40 | 000,954,217 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\houseinthehamptons-maywood-studio.pdf
[2011/09/29 09:27:39 | 000,647,410 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\twisted-happy-blocks-quilt.pdf
[2011/09/28 11:31:28 | 001,709,795 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-152[1].pdf
[2011/09/28 11:30:51 | 000,236,270 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-162[1].pdf
[2011/09/28 11:30:15 | 002,108,888 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-166[1].pdf
[2011/09/28 11:28:30 | 000,979,377 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-176[1].pdf
[2011/09/28 11:27:58 | 000,127,215 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-179[1].pdf
[2011/09/28 11:27:35 | 000,130,244 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-178[1].pdf
[2011/09/28 11:27:01 | 000,096,534 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-186[1].pdf
[2011/09/28 11:23:43 | 000,125,479 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-209[1].pdf
[2011/09/28 11:23:15 | 000,340,140 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-208[1].pdf
[2011/09/23 11:14:45 | 001,515,487 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Riley_Blake_All_Wrapped_Up_Quilt.pdf
[2011/09/23 10:34:07 | 000,066,266 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CSB-Gen.pdf
[2011/09/23 10:33:39 | 000,058,886 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CSB-1.pdf
[2011/09/23 10:03:21 | 091,440,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\archive.pst
[2011/09/20 00:47:27 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/09/19 10:09:47 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 09:57:22 | 000,000,059 | ---- | M] () -- C:\WINDOWS\ANS2000.INI
[2011/09/19 09:57:21 | 000,000,020 | -H-- | M] () -- C:\WINDOWS\akebook.ini
[2011/09/19 09:57:21 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\a3kebook.ini
[2011/09/19 09:40:59 | 000,012,908 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/09/14 09:57:24 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/10/04 00:05:15 | 000,018,212 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20111004_000512.reg
[2011/10/03 08:20:22 | 000,472,326 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\FreePatternDL - Hexigon quilt.pdf
[2011/10/02 14:12:32 | 000,428,026 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Snowball and Nine Patch Swap Guidelines.pdf
[2011/10/02 12:30:01 | 002,405,090 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\FonsPorter_QuickGifts.pdf
[2011/10/02 11:26:04 | 001,130,783 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\LOQ_BlockBuster.pdf
[2011/09/30 20:07:40 | 000,954,217 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\houseinthehamptons-maywood-studio.pdf
[2011/09/29 09:27:39 | 000,647,410 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\twisted-happy-blocks-quilt.pdf
[2011/09/28 11:31:28 | 001,709,795 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-152[1].pdf
[2011/09/28 11:30:51 | 000,236,270 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-162[1].pdf
[2011/09/28 11:30:15 | 002,108,888 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-166[1].pdf
[2011/09/28 11:28:30 | 000,979,377 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-176[1].pdf
[2011/09/28 11:27:58 | 000,127,215 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-179[1].pdf
[2011/09/28 11:27:35 | 000,130,244 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-178[1].pdf
[2011/09/28 11:27:01 | 000,096,534 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-186[1].pdf
[2011/09/28 11:23:43 | 000,125,479 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-209[1].pdf
[2011/09/28 11:23:15 | 000,340,140 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQS-pattern-208[1].pdf
[2011/09/23 11:14:45 | 001,515,487 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Riley_Blake_All_Wrapped_Up_Quilt.pdf
[2011/09/23 10:34:07 | 000,066,266 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CSB-Gen.pdf
[2011/09/23 10:33:39 | 000,058,886 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CSB-1.pdf
[2011/09/20 00:33:11 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/09/20 00:33:10 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/09/20 00:26:29 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011/09/20 00:26:29 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/09/19 09:57:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2011/09/19 09:57:21 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2011/09/19 09:57:21 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2011/08/17 10:22:14 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/13 14:51:03 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/09/16 11:03:52 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/05/16 07:28:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/05/30 20:50:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2007/05/11 15:39:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2007/03/28 18:50:39 | 000,000,209 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007/01/27 22:19:37 | 000,454,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2007/01/23 16:15:22 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/05 10:10:20 | 000,000,246 | ---- | C] () -- C:\WINDOWS\Chores.INI
[2006/08/03 23:07:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xwsindex.exe
[2006/07/07 16:54:05 | 000,001,079 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/07/07 16:48:55 | 000,001,151 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2006/06/10 11:51:53 | 000,036,646 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Comma Separated Values (Windows).ADR
[2006/06/02 23:36:01 | 000,000,239 | ---- | C] () -- C:\WINDOWS\ActiveActG.INI
[2006/06/02 22:27:11 | 000,000,239 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2006/05/30 18:41:44 | 000,027,217 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Personal Address Book.ADR
[2006/05/25 01:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2006/04/29 00:12:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/04/06 19:59:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2006/04/04 14:22:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\thxcfg.ini
[2005/12/23 11:23:04 | 000,032,430 | ---- | C] () -- C:\WINDOWS\m_uninstall.exe
[2005/12/19 15:00:11 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2005/12/10 03:15:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/11/15 22:33:38 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/15 22:33:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/10/14 19:19:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/09/21 21:56:14 | 000,000,068 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/08/24 19:26:59 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/08/24 19:26:58 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/08/24 17:49:42 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/08/17 18:50:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\l5teuiui.dat
[2005/08/17 18:50:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gr2630q9.dat
[2005/08/17 18:50:27 | 000,003,523 | ---- | C] () -- C:\WINDOWS\System32\44q8snl1.ini
[2005/08/17 18:45:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\FJEIMFHN.ini
[2005/08/10 13:05:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2005/06/04 11:39:34 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/27 11:52:39 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2005/04/27 11:52:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/04/26 15:41:11 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2005/04/23 20:45:56 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2005/03/22 15:33:19 | 000,012,908 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/19 21:47:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2005/03/19 21:34:04 | 000,000,641 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2005/03/16 14:55:02 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/03/11 22:07:42 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/11 19:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/11 19:19:13 | 000,005,768 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/11 16:39:59 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/06 18:46:30 | 000,044,600 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2004/12/03 03:57:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mwigacc32.dll
[2004/12/03 03:56:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/03 03:56:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/03 03:56:16 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/03 03:56:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/03 03:56:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/03 03:55:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/03 03:55:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/12/03 03:55:41 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/12/03 03:55:41 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/12/03 03:55:41 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/12/03 03:55:41 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/12/03 03:55:41 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/12/03 03:55:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/12/03 03:55:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/22 00:57:31 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/22 00:57:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/10/21 05:36:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 00:59:42 | 000,013,949 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 00:59:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/20 09:43:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/20 09:30:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/20 09:30:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/20 09:30:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/20 09:30:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/20 09:30:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/20 09:30:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/20 09:13:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/20 09:02:17 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/20 08:58:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/20 08:58:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/20 08:58:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/20 08:29:01 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/20 08:29:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/20 08:27:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/20 08:17:13 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/20 08:15:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/20 08:11:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/20 07:59:37 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/20 07:59:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/20 07:58:59 | 000,463,974 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/20 07:58:59 | 000,080,502 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/20 01:06:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/20 01:05:16 | 000,359,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/14 01:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/03/12 20:32:15 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mstraps.dll
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2008/12/09 01:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2010/08/27 20:00:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/27 20:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/08/27 20:18:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/08/27 20:18:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/08/27 20:08:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/10/07 15:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/08/27 20:14:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/08/27 20:13:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2011/08/17 10:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2004/10/20 09:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2007/06/06 14:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/08/24 09:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2007/10/15 09:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/04/30 18:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/08/27 23:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/06/26 21:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2005/05/07 18:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/07/12 09:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2006/05/06 21:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/27 17:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/05 20:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2005/08/28 20:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/04/14 14:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEK Software
[2010/07/11 15:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/04/22 16:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Aim
[2010/08/27 20:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Canon
[2011/09/20 00:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ElevatedDiagnostics
[2008/06/19 18:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Elluminate
[2005/05/21 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Interact Commerce
[2005/03/17 08:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2011/08/17 13:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
[2007/06/06 14:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\iolo
[2005/11/21 08:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Jasc
[2005/03/11 16:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/09/21 13:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp
[2005/03/28 12:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nvu
[2009/08/13 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2005/08/10 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\pdf995
[2011/08/21 22:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PopCapv1006
[2006/04/28 23:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Registry Booster
[2004/10/21 01:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2010/06/04 12:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SupportSoft
[2005/03/16 14:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2011/09/02 22:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
[2007/06/17 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol
[2011/10/09 00:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/10/07 14:28:35 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/10/10 08:33:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2011/10/02 22:00:04 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Here is the extra OTL file ( dont know if you needed that as well.)

OTL Extras logfile created on: 10/10/2011 11:39:49 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 27.98 Mb Available Physical Memory | 6.25% Memory free
1.03 Gb Paging File | 0.44 Gb Available in Paging File | 43.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.99 Gb Total Space | 53.49 Gb Free Space | 83.59% Space Free | Partition Type: NTFS
Drive D: | 10.52 Gb Total Space | 6.15 Gb Free Space | 58.44% Space Free | Partition Type: FAT32

Computer Name: GENEVIEVE | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5060:UDP" = 5060:UDP:*:Enabled:magicjack1
"5070:TCP" = 5070:TCP:*:Enabled:magicjack2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 21
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v4.0 ActiveX Control
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{675F65BF-F58A-44DD-9555-6F439759C4E4}" = SOAP3 and XML4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BC27061D-FFCE-4931-A05F-AC964CC026CA}" = Registry Reviver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Accessibility Toolbar_is1" = Accessibility Toolbar Uninstall
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Amazing Adventures The Lost Tomb" = Amazing Adventures The Lost Tomb
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FreeAccounting_1.0" = Free Accounting 1.0.0.7
"ie8" = Windows Internet Explorer 8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Pdf995" = Pdf995
"prodegetoolbar680" = Swag Bucks Toolbar
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"S3" = VIA/S3G Display Driver
"ST5UNST #1" = Typing Tutor
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WIC" = Windows Imaging Component
"Win2PDF_is1" = Win2PDF 2.80
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2010 10:20:43 AM | Computer Name = GENEVIEVE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/28/2010 12:30:15 AM | Computer Name = GENEVIEVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2010 12:30:45 AM | Computer Name = GENEVIEVE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/29/2010 4:09:06 AM | Computer Name = GENEVIEVE | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <ThreadInit> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0x18

Error - 8/2/2010 11:41:26 PM | Computer Name = GENEVIEVE | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <ThreadInit> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0x18

Error - 8/3/2010 8:16:30 AM | Computer Name = GENEVIEVE | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/12/2010 2:23:41 AM | Computer Name = GENEVIEVE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/12/2010 5:17:58 PM | Computer Name = GENEVIEVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/12/2010 5:17:58 PM | Computer Name = GENEVIEVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/13/2010 1:58:12 AM | Computer Name = GENEVIEVE | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

[ System Events ]
Error - 9/4/2011 9:36:31 AM | Computer Name = GENEVIEVE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 9/5/2011 2:13:21 AM | Computer Name = GENEVIEVE | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 9/5/2011 2:13:24 AM | Computer Name = GENEVIEVE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/5/2011 2:13:24 AM | Computer Name = GENEVIEVE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 9/8/2011 6:55:10 PM | Computer Name = GENEVIEVE | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 9/8/2011 6:55:27 PM | Computer Name = GENEVIEVE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/8/2011 6:55:27 PM | Computer Name = GENEVIEVE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 9/8/2011 7:17:36 PM | Computer Name = GENEVIEVE | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 9/8/2011 7:17:37 PM | Computer Name = GENEVIEVE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/8/2011 7:17:37 PM | Computer Name = GENEVIEVE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello gigi1444 and welcome to GeeksToGo :)

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
gigi1444

gigi1444

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Thank you, I look forward to your help.

Genevieve
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi, your computer looks like cleaned. The amount of RAM in your computer is very low (447 MB) and this is one factor that contributes to the slowness of the windows and the applications running.


-
Please, Do an online scan with Eset Online Scan.

Acess the website using Internet Explorer.

Disable your antivirus software
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
  • Post that log.

  • 0

#5
gigi1444

gigi1444

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is the eset log

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=64456a6e896b6a47ade8b0c49a6607f9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-12 12:54:59
# local_time=2011-10-11 07:54:59 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 93 270498 53962244 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76215
# found=5
# cleaned=5
# scan_time=8435
C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Desktop\PlayBryte_Setup.exe a variant of Win32/Adware.iBryte.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MKT3VGW5\PlayBryte_Setup[1].exe a variant of Win32/Adware.iBryte.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\WN1O57A5\mock-emily-watson-mcpherson[1].htm JS/Redirector.NID trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Utilities\nailfix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
  • 0

#6
gigi1444

gigi1444

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Just wondering what else I should do for my computer. It has been three days now since I posted the log requested. Thanks for any help.
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Sorry for delay.

As I told you, I'm in training and I need all my posts are approved.
At the moment, I'm waiting for that.

Please, wait.

Edited by GLeobas, 14 October 2011 - 07:28 PM.

  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
As I said to you, your computer has very little memory (only 447 MB), which is not enough to run an operating system (Windows XP) with efficiency. I suggest that you increase the RAM on your computer.

Please go to Crucial.com and download the small system scanner and let it run. On completion of the scan it will let you know how much RAM, what type and the cost. But the main data you will require is the RAM type , you can then shop around to suit your pocket

A.GIF

Your log looks clean :)


1) We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

2) Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.[/list]System Restore will now be active again.

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore.

3) Below I've included a few advices on how to avoid being reinfected:

Be aware of unknown sites, links and specially programs you download:
Installing unknown softwares on your computer is perhaps the best way to get reinfected. Stay away from P2P programs, since these often offer bad programs. If you don't know certain software, be sure to get some information about it and try to find some feedback that looks real.

Updates:
It is recommended that you do set Windows to check, download and install your updates automatically.
  • Click Start > Control Panel > Automatic Updates
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.

Firewall:

A firewall is a very important security program, which can stop malware activity and avoids invasions from someone who may try to access your computer. I recommend you to install one of these:
Comodo Firewall Pro
Zone Alarm Firewall
Sunbelt Personal Firewall

AntiSpywares:
Having one resident protection antispyware is also an effective way to make your computer safer. Here are a few of them:
MalwareBytes' Anti-Malware
SUPERAntiSpyware Free Edition

To help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

Edited by GLeobas, 15 October 2011 - 05:47 PM.

  • 0

#9
gigi1444

gigi1444

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Thank you very much for your help. I will check into upgrading my RAM. I downloaded a firewall, which I did not have. I appreciate your time very much!
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP