Windows XP SP3 VM for paging 2100 MB
Starting 1 March, whenever I attempt to logon to Pogo.com, my CPU Usage spikes to 100% then freezes. Other sites the usage will spike and slow down but not freeze the PC. Few days ago got the BSOD so restored system from 1 week ago.
I also recently noticed that a Purple Peace symbol shows in the address window (prior to the URL) when I access Ebay.com. Other pages on Ebay shows the Ebay icon. When I go to Blingo.com (search engine), GMX shows before the URL (I use GM's free email service)
Tried Malwarebytes, SuperAntiSpyware, AVG 2012 and a few online AV programs. Besides that I use KeyScrambler and Sandboxie. Any assistance getting this PC functioning normally would be greatly appreciated.
OTL Log:
OTL logfile created on: 3/1/2012 10:27:43 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.16% Memory free
3.84 Gb Paging File | 3.32 Gb Available in Paging File | 86.50% Paging File free
Paging file location(s): C:\pagefile.sys 2100 2100 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.53 Gb Total Space | 122.26 Gb Free Space | 85.78% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.38% Space Free | Partition Type: FAT32
Computer Name: YOUR-27E1513D96 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/01 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 08:17:14 | 000,018,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
PRC - [2011/11/23 08:17:14 | 000,015,632 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieCrypto.exe
PRC - [2011/11/23 08:17:12 | 000,024,336 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieRpcSs.exe
PRC - [2011/11/23 08:17:10 | 000,442,640 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/11/23 08:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/10 03:28:57 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2005/01/24 04:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
========== Modules (No Company Name) ==========
MOD - [2005/01/24 05:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2005/01/24 05:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2005/01/24 05:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2005/01/24 05:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2005/01/24 05:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2005/01/24 05:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2005/01/24 05:05:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2005/01/24 05:05:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2005/01/24 05:05:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/23 08:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
========== Driver Services (SafeList) ==========
DRV - [2011/11/23 08:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/14 08:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2005/07/04 02:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/08 00:44:36 | 001,235,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 13:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/14 23:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/25 08:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 17:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/02 19:52:06 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1322197803203 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F7B9D08-69C1-4D83-80B5-84E8CD5F9A73}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/25 00:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/01 22:25:58 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/02/29 00:04:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/02/02 20:52:42 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/02 19:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
[2012/02/02 19:52:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/02 19:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/02 19:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/02 19:51:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/02/02 19:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/02 19:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/01 22:27:51 | 000,002,086 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/01 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/03/01 22:19:22 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/03/01 22:17:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/01 22:17:41 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 22:07:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/03/01 18:08:38 | 090,531,853 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/29 17:42:58 | 000,079,618 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/28 13:23:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/19 05:13:02 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\AthenaPasswords.rtf
[2012/02/12 18:24:59 | 001,128,597 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\10-free-blocks.pdf
[2012/02/07 23:31:53 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 20:10:19 | 000,013,060 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20120202_200956.reg
[2012/02/02 19:52:06 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/01 18:08:38 | 090,531,853 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/29 17:42:58 | 000,079,618 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/15 16:46:02 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/12 18:24:55 | 001,128,597 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\10-free-blocks.pdf
[2012/02/02 20:10:17 | 000,013,060 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20120202_200956.reg
[2012/02/02 19:52:06 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/17 11:18:04 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/17 00:54:38 | 000,002,086 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/08/08 12:19:28 | 000,068,899 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2011/08/08 12:19:28 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2011/06/19 10:51:22 | 000,005,486 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ux28k8k70xg6ehd13ev2e
[2011/03/23 17:50:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/23 17:50:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/23 17:50:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/23 17:50:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/23 17:50:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/09 00:22:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010/12/19 13:17:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/16 14:36:59 | 000,104,560 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/12/16 14:36:59 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
========== LOP Check ==========
[2012/02/02 20:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/02 19:52:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/01 18:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/04 18:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/06/02 15:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/02 19:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
[2011/11/25 01:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\QFX Software
[2005/11/10 03:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:157E1AD3
< End of report >
Extras Log:
OTL Extras logfile created on: 3/1/2012 10:27:43 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.16% Memory free
3.84 Gb Paging File | 3.32 Gb Available in Paging File | 86.50% Paging File free
Paging file location(s): C:\pagefile.sys 2100 2100 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.53 Gb Total Space | 122.26 Gb Free Space | 85.78% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.38% Space Free | Partition Type: FAT32
Computer Name: YOUR-27E1513D96 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"Defraggler" = Defraggler
"ie8" = Windows Internet Explorer 8
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"Sandboxie" = Sandboxie 3.62 (32-bit)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/1/2012 6:49:36 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 6:49:37 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 6:49:39 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 6:49:39 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 7:08:11 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 7:08:12 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 11:13:38 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 11:13:38 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2012 11:13:42 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
Error - 3/1/2012 11:13:42 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
[ System Events ]
Error - 2/28/2012 1:33:50 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 2/28/2012 2:24:15 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 2/29/2012 12:37:13 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 2/29/2012 3:49:04 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 3/1/2012 4:59:26 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 3/1/2012 6:47:08 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 3/1/2012 7:04:02 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 3/1/2012 7:23:07 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 3/1/2012 11:11:31 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
Error - 3/1/2012 11:18:03 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058
< End of report >
Edited by Nekkochan, 01 March 2012 - 10:25 PM.