MS removal tool

View previous topic View next topic Go down

MS removal tool

Post by bspinn07 on Sun 10 Apr 2011, 10:26 am

Hi,
I recently got this 'ever so popular' ms removal tool on my laptop. I am using my desktop right now because my laptop is ridiculously slow. I have looked through some of the forums recently and was going to try some on my laptop, but the majority of them call for booting in safe mode. Whenever I attempt to boot in safe mode my computer locks up and eventually shuts down. Whenever I try getting on this site on my laptop the window will freeze. I can browse other sites, but i can't get on here to download OTL. any assistance is appreciated and if there are any other questions about the problem, please don't hesitate to ask. I will be standing by . Thanks in advance for any help you can provide =)

bspinn07

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-04-10
Operating System : windowsxp

View user profile

Back to top Go down

Re: MS removal tool

Post by Belahzur on Mon 11 Apr 2011, 1:06 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS removal tool

Post by bspinn07 on Mon 11 Apr 2011, 5:42 am

OTL logfile created on: 4/10/2011 1:38:24 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 12.95 Gb Free Space | 26.53% Space Free | Partition Type: NTFS
Drive D: | 184.06 Gb Total Space | 173.71 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive E: | 649.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MISCHELLE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 13:37:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/26 14:59:19 | 000,027,648 | ---- | M] (Retrogamer) -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe
PRC - [2011/03/25 14:09:48 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/03/22 17:55:57 | 000,458,752 | ---- | M] () -- C:\Program Files\WCIA Personal Connection\liveonline_3858434.exe
PRC - [2010/11/22 11:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 17:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 06:00:00 | 000,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICKA.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/10 13:37:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/03/26 14:59:19 | 000,031,744 | ---- | M] (Retrogamer) -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrstub.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/26 14:59:19 | 000,036,864 | ---- | M] (Retrogamer) [Auto | Stopped] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
SRV - [2011/03/25 14:09:48 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)


========== Driver Services (SafeList) ==========

DRV - [2010/09/03 03:20:18 | 006,139,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/07/05 22:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/13 08:52:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2011/03/17 13:22:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/17 13:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin [2011/03/26 14:59:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (Retrogamer)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Toolbar BHO) - {fc1e426b-fa76-428f-b680-86ef1edb13c1} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O3 - HKCU\..\Toolbar\WebBrowser: (Retrogamer) - {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (Retrogamer)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer)
O4 - HKCU..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WCIA Personal Connection.lnk = C:\Program Files\WCIA Personal Connection\liveonline_3858434.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} [You must be registered and logged in to see this link.] (SOE Web Installer)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} [You must be registered and logged in to see this link.] (P3DActiveX Control)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} [You must be registered and logged in to see this link.] (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/01 22:56:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/03/21 07:18:36 | 000,282,560 | R--- | M] () - E:\AUTORUN.BMP -- [ CDFS ]
O32 - AutoRun File - [1998/06/30 11:56:08 | 000,607,232 | R--- | M] (Sierra On-Line, Inc.) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1998/01/26 05:12:42 | 000,000,201 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 13:37:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/01 22:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/04/01 22:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Unity
[2011/03/26 14:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player
[2011/03/26 14:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/03/26 14:59:39 | 000,819,200 | ---- | C] (Metaboli) -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.ocx
[2011/03/26 14:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2z
[2011/03/26 14:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2zEI
[2011/03/26 10:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2011/03/22 17:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\WCIA Personal Connection
[2011/03/22 17:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\WCIA Personal Connection
[2011/03/17 13:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/03/17 13:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2011/03/17 13:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2011/03/17 13:34:26 | 000,000,000 | ---D | C] -- C:\epson
[2011/03/17 13:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/03/17 13:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/03/17 13:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/17 13:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/17 13:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/03/17 13:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/03/17 13:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2011/03/17 13:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/03/17 13:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2011/03/12 12:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SIERRA
[2011/03/12 12:37:02 | 000,188,928 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\rdxmmx.dll
[2011/03/12 12:37:02 | 000,185,856 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\rdxp5.dll
[2011/03/12 12:37:02 | 000,137,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Rdxcom.dll
[2011/03/12 12:37:02 | 000,100,352 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dmix.dll
[2011/03/12 12:37:02 | 000,092,160 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dinoav.dll
[2011/03/12 12:37:02 | 000,078,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Dino2d.dll
[2011/03/12 12:37:02 | 000,062,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\rdxam.dll
[2011/03/12 12:37:02 | 000,055,296 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\rdxvid.ax
[2011/03/12 12:37:02 | 000,028,160 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ActiveRDX.ocx
[2011/03/12 12:36:46 | 001,053,184 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SierraNW.dll
[2011/03/12 12:36:46 | 000,231,936 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SNWValid.dll
[2011/03/12 12:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2011/03/12 12:34:33 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/03/12 12:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\WINDOWS
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 13:37:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/10 12:57:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1532298954-839522115-1003UA.job
[2011/04/10 09:03:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 09:03:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 15:57:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1532298954-839522115-1003Core.job
[2011/04/08 16:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/07 13:33:49 | 000,082,681 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\navy2.jpg
[2011/04/07 13:31:57 | 000,027,313 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\navy.jpg
[2011/04/07 11:49:48 | 000,031,152 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ups.class
[2011/04/02 21:03:24 | 000,219,432 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\gnc 4-2.jpg
[2011/03/31 19:23:22 | 000,109,269 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\taste bud 3.png
[2011/03/31 17:10:38 | 000,025,148 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tastebud (1).gif
[2011/03/28 21:39:46 | 000,417,922 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jerry nance quote 2.jpg
[2011/03/28 21:38:22 | 000,478,423 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jerry nance quote 1.jpg
[2011/03/27 15:11:47 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\taste buds.rtf
[2011/03/25 21:57:43 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/03/25 21:57:43 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/25 12:30:28 | 000,215,896 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\flying j 3-25.jpg
[2011/03/24 18:36:14 | 000,401,937 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 4.jpg
[2011/03/24 18:30:17 | 005,942,707 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 3.jpg
[2011/03/24 18:29:27 | 003,592,536 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 2.jpg
[2011/03/24 18:28:23 | 005,926,043 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 1.jpg
[2011/03/23 19:06:05 | 000,230,574 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pilot 3-18.jpg
[2011/03/22 17:55:57 | 000,061,440 | ---- | M] () -- C:\WINDOWS\uninstall.exe
[2011/03/22 17:55:57 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WCIA Personal Connection.lnk
[2011/03/18 13:04:45 | 000,262,461 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\iga 3-18.jpg
[2011/03/17 13:21:06 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2011/03/14 07:48:35 | 000,502,374 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 07:48:35 | 000,086,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/14 07:43:48 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/12 17:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SWAT.INI
[2011/03/12 12:38:07 | 000,000,286 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/07 13:34:09 | 000,082,681 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\navy2.jpg
[2011/04/07 13:32:28 | 000,027,313 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\navy.jpg
[2011/04/07 11:49:58 | 000,031,152 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ups.class
[2011/04/02 21:02:55 | 000,219,432 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gnc 4-2.jpg
[2011/03/31 19:23:35 | 000,109,269 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\taste bud 3.png
[2011/03/31 17:10:46 | 000,025,148 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tastebud (1).gif
[2011/03/28 21:39:26 | 000,417,922 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jerry nance quote 2.jpg
[2011/03/28 21:37:53 | 000,478,423 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jerry nance quote 1.jpg
[2011/03/26 14:59:39 | 000,000,297 | ---- | C] () -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.inf
[2011/03/25 12:30:08 | 000,215,896 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\flying j 3-25.jpg
[2011/03/24 18:35:45 | 000,401,937 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 4.jpg
[2011/03/24 17:46:54 | 000,002,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\taste buds.rtf
[2011/03/24 05:11:16 | 005,942,707 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 3.jpg
[2011/03/24 05:10:28 | 003,592,536 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 2.jpg
[2011/03/24 05:09:58 | 005,926,043 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\papa johns 324 1.jpg
[2011/03/23 19:05:13 | 000,230,574 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pilot 3-18.jpg
[2011/03/22 17:55:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\uninstall.exe
[2011/03/22 17:55:57 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WCIA Personal Connection.lnk
[2011/03/18 13:04:16 | 000,262,461 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\iga 3-18.jpg
[2011/03/17 13:22:35 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/03/17 13:22:08 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/03/17 13:21:06 | 000,002,198 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2011/03/12 17:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SWAT.INI
[2011/03/12 12:37:03 | 000,151,552 | ---- | C] () -- C:\WINDOWS\unswat.exe
[2011/03/12 12:37:02 | 000,029,820 | ---- | C] () -- C:\WINDOWS\System32\rdxcom.tlb
[2011/03/12 12:37:02 | 000,003,571 | ---- | C] () -- C:\WINDOWS\System32\ActiveRDX.tlb
[2011/03/12 12:34:33 | 000,000,286 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/03/07 18:12:49 | 000,014,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/13 08:47:14 | 000,165,664 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
[2010/12/13 08:47:14 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2010/12/10 17:13:26 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 16:49:30 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/10 16:43:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\igxpun.exe
[2010/12/01 22:58:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 22:54:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/01 16:48:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/01 16:47:28 | 000,099,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,502,374 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,086,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A74A9A7

< End of report >

OTL Extras logfile created on: 4/10/2011 1:38:24 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 12.95 Gb Free Space | 26.53% Space Free | Partition Type: NTFS
Drive D: | 184.06 Gb Total Space | 173.71 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive E: | 649.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MISCHELLE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Microsoft Games\Rise of Nations\patriots.exe" = C:\Program Files\Microsoft Games\Rise of Nations\patriots.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe" = C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\World of Warcraft\Launcher.patch.exe" = D:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"D:\SIERRA\SWAT2\SWAT.EXE" = D:\SIERRA\SWAT2\SWAT.EXE:*:Disabled:SWAT -- (Yosemite Entertainment)
"C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe" = C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe:*:Enabled:GameTap Web Player -- (Metaboli)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BN_DesktopReader" = NOOK for PC
"EPSON Printer and Utilities" = EPSON Printer Software
"Family Feudô" = Family Feudô (remove only)
"GameSpy Arcade" = GameSpy Arcade
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iWinArcade" = iWin Games (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Retrogamer_2zbar Uninstall" = Retrogamer
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Shop for HP Supplies" = Shop for HP Supplies
"Sierra Utilities" = Sierra Utilities
"Sins of a Solar Empire" = Sins of a Solar Empire
"Swat2" = Police Quest: SWAT2
"VLC media player" = VLC media player 0.9.2
"WCIA Personal Connection" = WCIA Personal Connection
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wordscape Online Party" = Wordscape Online Party (remove only)
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2011 5:15:00 PM | Computer Name = MISCHELLE | Source = Application Hang | ID = 1002
Description = Hanging application Wordscape.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2011 12:55:58 PM | Computer Name = MISCHELLE | Source = Application Hang | ID = 1002
Description = Hanging application Wordscape.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2011 10:50:45 PM | Computer Name = MISCHELLE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2011 10:28:19 PM | Computer Name = MISCHELLE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2011 8:58:36 AM | Computer Name = MISCHELLE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 3/28/2011 10:39:07 PM | Computer Name = MISCHELLE | Source = Application Hang | ID = 1002
Description = Hanging application wiaacmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/30/2011 2:26:24 PM | Computer Name = MISCHELLE | Source = Application Error | ID = 1000
Description = Faulting application swat.exe, version 1.0.0.2, faulting module bpathing.dll,
version 0.0.0.0, fault address 0x00002a80.

Error - 4/3/2011 6:01:49 PM | Computer Name = MISCHELLE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2011 7:47:56 AM | Computer Name = MISCHELLE | Source = Application Hang | ID = 1002
Description = Hanging application Wordscape.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2011 10:04:37 AM | Computer Name = MISCHELLE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 2/4/2011 9:22:23 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:22:31 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:22:39 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:22:47 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:22:56 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:23:04 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:23:12 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:23:21 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:23:29 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/4/2011 9:23:37 AM | Computer Name = MISCHELLE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

bspinn07

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-04-10
Operating System : windowsxp

View user profile

Back to top Go down

Re: MS removal tool

Post by Belahzur on Mon 11 Apr 2011, 6:32 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS removal tool

Post by bspinn07 on Mon 11 Apr 2011, 7:42 am

just to be sure we are on the same page, i wasn't aware of anything on my desktop. the MS removal tool is on my laptop

bspinn07

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-04-10
Operating System : windowsxp

View user profile

Back to top Go down

Re: MS removal tool

Post by Belahzur on Tue 12 Apr 2011, 6:24 am

Yeah, so run MBAM on the laptop.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS removal tool

Post by Sponsored content Today at 9:31 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum