MS Removal Tool problems - OTL log

View previous topic View next topic Go down

MS Removal Tool problems - OTL log

Post by WyldBill_883 on Wed 27 Apr 2011, 1:09 am

I got infected with this thing about twenty four hours ago. Ran Malwarebytes scan which found and removed all sorts of stuff, but MS Removal Tool persists. This is my OTL log:

OTL logfile created on: 4/26/2011 9:20:23 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 67.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.50 Gb Total Space | 41.49 Gb Free Space | 58.02% Space Free | Partition Type: NTFS
Drive F: | 983.72 Mb Total Space | 197.06 Mb Free Space | 20.03% Space Free | Partition Type: FAT
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 14.92 Gb Total Space | 13.25 Gb Free Space | 88.81% Space Free | Partition Type: FAT32
Drive J: | 272.24 Gb Total Space | 98.73 Gb Free Space | 36.27% Space Free | Partition Type: NTFS
Drive T: | 272.24 Gb Total Space | 98.73 Gb Free Space | 36.27% Space Free | Partition Type: NTFS
Drive W: | 272.24 Gb Total Space | 98.73 Gb Free Space | 36.27% Space Free | Partition Type: NTFS

Computer Name: WS6 | User Name: walt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/26 08:59:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\OTL.com
PRC - [2008/05/04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\U3\0774410ED892849A\LaunchPad.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/26 08:59:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IPNMSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2002/10/18 19:04:10 | 000,101,136 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\ONRSD80.EXE -- (OracleClientCache80)
SRV - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- c:\Ora9i\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- c:\Ora9i\bin\ONRSD.EXE -- (OracleOra9iClientCache)


========== Driver Services (SafeList) ==========

DRV - [2011/04/22 00:39:17 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110421.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/22 00:39:16 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110421.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 14:55:41 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 14:55:41 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/01/10 21:43:52 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [1999/01/29 12:39:08 | 000,007,136 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\tpestat.sys -- (TPEStat)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [OSCD_Creator] c:\DELL\PREODM.EXE ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKLM..\RunOnce: [OSCD_Creator] C:\Dell\PreODM.EXE ()
O4 - HKCU..\RunOnce: [oPp24500lPoFo24500] C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [You must be registered and logged in to see this link.] (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} [You must be registered and logged in to see this link.] (RIM AxLoader)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.132.65.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headquarters.corp.econoco.com
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\walt.ECONOCO-DOM.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\walt.ECONOCO-DOM.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/06 16:03:21 | 000,000,615 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8a9c273b-932f-11df-9805-001111a13424}\Shell - "" = AutoRun
O33 - MountPoints2\{8a9c273b-932f-11df-9805-001111a13424}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a9c273b-932f-11df-9805-001111a13424}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [You must be registered and logged in to see this link.]
O33 - MountPoints2\{c10323fb-af93-11db-9471-001111a13424}\Shell - "" = AutoRun
O33 - MountPoints2\{c10323fb-af93-11db-9471-001111a13424}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c10323fb-af93-11db-9471-001111a13424}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{ec320f10-6f4d-11e0-98b0-001111a13424}\Shell - "" = AutoRun
O33 - MountPoints2\{ec320f10-6f4d-11e0-98b0-001111a13424}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec320f10-6f4d-11e0-98b0-001111a13424}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/26 09:19:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\OTL.com
[2011/04/25 11:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\Malwarebytes
[2011/04/25 11:13:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/25 11:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 11:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/25 11:13:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/25 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 10:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/25 09:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/26 09:18:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/26 09:17:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/26 09:10:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 08:59:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\OTL.com
[2011/04/26 08:17:44 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/26 08:06:37 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/25 13:29:24 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\iExplore.exe
[2011/04/25 13:23:22 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\Shortcut to Daily Reports and Forms on WMS Server (econoco-wms).lnk
[2011/04/25 11:13:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 14:31:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\Microsoft Office Word 2003.lnk
[2011/04/18 06:50:07 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 16:42:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 16:36:04 | 000,521,160 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/15 16:36:04 | 000,096,246 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 13:29:17 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\iExplore.exe
[2011/04/25 11:13:59 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 10:30:08 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/11 17:06:11 | 000,278,426 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/17 13:57:37 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Local Settings\Application Data\keyfile3.drm
[2010/05/27 15:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/04/21 11:32:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\PFP120JPR.{PB
[2009/04/21 11:32:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\PFP120JCM.{PB
[2008/04/07 06:59:48 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2007/10/12 14:58:13 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/09 15:35:57 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Local Settings\Application Data\fusioncache.dat
[2006/10/13 12:30:10 | 000,668,976 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/06/27 14:15:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/12/05 14:59:59 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/05 14:54:36 | 000,007,556 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/07/06 07:37:51 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2005/07/06 07:24:33 | 000,099,736 | ---- | C] () -- C:\WINDOWS\CPEins05.dat
[2005/07/06 07:24:33 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/06/02 09:20:22 | 000,104,266 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/06/02 09:20:22 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/04/19 10:58:43 | 000,002,722 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2005/04/19 09:46:40 | 000,000,348 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/03/22 15:07:49 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2005/03/10 15:44:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Tpengine.ini
[2005/03/10 15:44:37 | 000,000,078 | ---- | C] () -- C:\WINDOWS\Cswin.ini
[2005/03/10 15:44:17 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\TALPDF32.dll
[2005/03/10 15:44:17 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\TAL12832.dll
[2005/03/10 15:44:17 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\TALC3932.DLL
[2005/03/10 15:44:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\TALCBR32.dll
[2005/03/10 15:44:17 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\TALMAX32.DLL
[2005/03/10 15:44:17 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\TALZIP32.dll
[2005/03/10 15:44:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\tcapi.dll
[2005/03/10 15:44:16 | 000,297,984 | ---- | C] () -- C:\WINDOWS\System32\CAVO2SQL.DLL
[2005/03/10 15:44:15 | 000,007,136 | ---- | C] () -- C:\WINDOWS\tpestat.sys
[2005/03/10 15:44:15 | 000,000,558 | ---- | C] () -- C:\WINDOWS\rrw.ini
[2005/03/10 15:06:57 | 000,001,187 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/10 13:41:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ODBCTST.INI
[2005/01/14 10:21:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/10 21:46:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/10 21:42:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/10 21:26:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/01/10 21:25:26 | 000,521,160 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/01/10 21:25:26 | 000,096,246 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/01/10 21:08:52 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 19:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 19:20:10 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:14:38 | 000,005,741 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:12:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 12:31:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/11 12:31:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/05/26 17:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/26 19:43:44 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ORAODBC.INI
[1998/11/08 12:00:00 | 000,347,648 | ---- | C] () -- C:\WINDOWS\System32\omniorb251_rt.dll
[1998/11/08 12:00:00 | 000,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini
[1998/11/08 12:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\omnithread2_rt.dll
[1996/06/07 14:07:14 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[1996/06/07 14:07:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[1996/06/07 14:07:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[1996/06/07 14:07:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[1996/06/07 14:07:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[1996/06/07 14:07:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[1996/06/07 14:07:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[1996/06/07 14:07:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[1996/06/07 14:07:08 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[1996/06/07 14:07:08 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[1996/06/07 14:07:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[1996/06/07 14:07:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[1996/06/07 14:07:04 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[1996/06/07 14:07:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[1996/06/07 14:07:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[1995/10/25 09:17:22 | 000,775,168 | ---- | C] () -- C:\WINDOWS\System32\corent23.dll
[1995/10/25 09:17:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ora7nt.dll
[1995/10/25 09:17:12 | 000,613,376 | ---- | C] () -- C:\WINDOWS\System32\corent.dll
[1995/02/27 05:47:22 | 000,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
[1995/02/14 20:11:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[1995/01/13 09:10:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 19:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/03/22 18:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/28 07:11:21 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2005/01/10 21:31:07 | 000,000,310 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\convert.log

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/05/09 15:35:30 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/11 19:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/25 13:29:24 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop\iExplore.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/01/10 17:04:49 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Favorites\Desktop.ini
[2004/12/16 10:22:35 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Favorites\SAPdocs.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/17 08:11:25 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2004/08/04 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ANSI.SYS
[2004/08/04 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\COUNTRY.SYS
[2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DDMI2.sys
[2004/06/09 16:31:10 | 000,006,144 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DLPT.sys
[2004/06/17 13:56:42 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\GPCIEnu.sys
[2004/08/04 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HIMEM.SYS
[2004/08/04 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEY01.SYS
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEYBOARD.SYS
[2004/08/04 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS.SYS
[2004/08/04 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS404.SYS
[2004/08/04 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS411.SYS
[2004/08/04 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS412.SYS
[2004/08/04 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS804.SYS
[2004/08/04 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO.SYS
[2004/08/04 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO404.SYS
[2004/08/04 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO411.SYS
[2004/08/04 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO412.SYS
[2004/08/04 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO804.SYS
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2011/03/03 09:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/03/22 18:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2005/06/06 16:03:21 | 000,000,615 | ---- | M] () -- C:\autoAlbum.log
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/07/25 17:19:07 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/01/10 21:12:42 | 000,004,022 | RH-- | M] () -- C:\DELL.SDR
[2011/04/26 08:17:44 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2004/08/11 19:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/01/10 21:44:37 | 000,000,746 | -H-- | M] () -- C:\IPH.PH
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/28 07:03:04 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/04/26 09:17:45 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2005/03/22 08:47:08 | 000,018,334 | ---- | M] () -- C:\PkgClnup.log
[2011/04/25 15:08:33 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2005/01/10 21:44:52 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2005/06/02 09:39:10 | 000,001,185 | ---- | M] () -- C:\_Sid.txt
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2007/06/01 13:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2005/01/10 21:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2007/10/12 13:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2009/08/06 07:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2007/10/12 13:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/01/10 21:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/07/25 10:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/12/05 15:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2005/01/10 21:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2005/03/09 11:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support
[2006/12/11 12:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\DFX
[2010/02/04 07:43:50 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/06/02 09:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/04/07 06:59:01 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2007/10/12 15:32:41 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/01/10 21:34:30 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2005/01/18 11:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Intermec
[2011/04/15 16:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/01/10 21:39:52 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2009/08/06 07:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/01/10 21:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2011/04/25 11:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2005/03/10 16:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\MapInfo MapX
[2005/01/14 10:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/10/28 07:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/03/10 15:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/01/10 21:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/04/07 10:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/01/10 21:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/01/10 21:38:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2006/11/21 13:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Small Business
[2006/11/21 13:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2006/11/21 13:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2009/04/21 11:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/02/11 10:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 16:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/22 07:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/04/07 10:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/01/10 21:08:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/01/10 21:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/20 09:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/01/10 21:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2009/10/28 07:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/03/22 15:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\OLYMPUS
[2005/01/10 21:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2007/07/25 18:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
[2010/12/15 17:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/07/06 07:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Overland
[2005/01/10 21:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/01/10 21:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/07/22 07:32:02 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/04/05 15:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2005/03/10 16:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate Software
[2010/05/25 13:20:14 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/04/26 09:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2010/05/25 13:20:20 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec_Client_Security
[2005/03/10 15:45:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/01/10 21:44:30 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/12/11 11:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/10/28 07:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/28 07:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/01/10 21:08:22 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/01/10 21:35:36 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2005/01/10 21:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2005/01/10 21:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name

< %appdata%\*.* >
[2004/08/11 19:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\DESKTOP.INI
[2009/04/21 11:32:40 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\PFP120JCM.{PB
[2009/04/21 11:32:40 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\walt.ECONOCO-DOM.000\Application Data\PFP120JPR.{PB


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\I386\DISK.SYS
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:usbstor.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:usbstor.sys
[2009/10/28 06:57:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\i386\USBSTOR.SYS
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-15 20:42:39

< >

< End of report >

WyldBill_883

Unborn
Unborn

Posts : 2
Joined : 2011-04-26
Operating System : Windows XP

View user profile

Back to top Go down

MS Removal Tool: Extras.txt

Post by WyldBill_883 on Wed 27 Apr 2011, 1:10 am

And here is extras: THANKS IN ADVANCE!!!

OTL Extras logfile created on: 4/26/2011 9:20:23 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\walt.ECONOCO-DOM.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 67.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.50 Gb Total Space | 41.49 Gb Free Space | 58.02% Space Free | Partition Type: NTFS
Drive F: | 983.72 Mb Total Space | 197.06 Mb Free Space | 20.03% Space Free | Partition Type: FAT
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 14.92 Gb Total Space | 13.25 Gb Free Space | 88.81% Space Free | Partition Type: FAT32
Drive J: | 272.24 Gb Total Space | 98.73 Gb Free Space | 36.27% Space Free | Partition Type: NTFS
Drive T: | 272.24 Gb Total Space | 98.73 Gb Free Space | 36.27% Space Free | Partition Type: NTFS
Drive W: | 272.24 Gb Total Space | 98.73 Gb Free Space | 36.27% Space Free | Partition Type: NTFS

Computer Name: WS6 | User Name: walt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE" = C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" = C:\Program Files\Symantec AntiVirus\Rtvscan.exe:*:Enabled:Rtvscan -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06230E02-2B7E-11D2-92D0-0040051BD005}" = OLYMPUS CAMEDIA Master 2.5
"{06DE445B-B2E1-4087-BE75-DB1DBFE655A4}" = 7300Trb
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2DB4AC4A-7C2B-4137-B892-314504B053F9}" = 7300_Help
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}" = BlackBerry Desktop Software 4.2
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{64658686-0CD4-4CF6-983D-0A6BE32007DB}" = Business Complete Care Services Agreement
"{6AF64CA8-81A6-4588-90E2-9A683A178273}" = 7400
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports XI
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8AC7B8CB-40D8-49AB-BEF7-70264845550D}" = 8AC7B8CB-40D8-49AB-BEF7-70264845550D
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{964032DD-EC00-4442-98A0-57665B746068}" = Creative Zen Micro (PlaysForSure)
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2923462-9A8F-4def-B0E2-BCADA209F8A5}" = DFX 8 for Windows Media Player
"{F47E1D85-72A4-4AF9-A631-4B733E28D106}" = WarehouseManager
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Bar Code 128" = Bar Code 128
"BlackBerry_{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}" = BlackBerry Desktop Software 4.2
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CrystalReports7" = Seagate Crystal Reports 7
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (630)
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2011 10:04:01 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:01 AM

Error - 4/25/2011 10:04:01 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:01 AM

Error - 4/25/2011 10:04:01 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:01 AM

Error - 4/25/2011 10:04:01 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:01 AM

Error - 4/25/2011 10:04:01 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:01 AM

Error - 4/25/2011 10:04:02 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:02 AM

Error - 4/25/2011 10:04:02 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\SavRoam.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:02 AM

Error - 4/25/2011 10:04:02 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:02 AM

Error - 4/25/2011 10:04:02 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:02 AM

Error - 4/25/2011 10:04:02 AM | Computer Name = WS6 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe
(PID 1920) Time: Monday, April 25, 2011 10:04:02 AM

[ System Events ]
Error - 4/26/2011 9:13:34 AM | Computer Name = WS6 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%230

Error - 4/26/2011 9:13:34 AM | Computer Name = WS6 | Source = Service Control Manager | ID = 7034
Description = The OracleMTSRecoveryService service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/26/2011 9:13:34 AM | Computer Name = WS6 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/26/2011 9:13:34 AM | Computer Name = WS6 | Source = Service Control Manager | ID = 7034
Description = The Fax service terminated unexpectedly. It has done this 1 time(s).

Error - 4/26/2011 9:13:34 AM | Computer Name = WS6 | Source = Service Control Manager | ID = 7034
Description = The MSSQL$MICROSOFTSMLBIZ service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/26/2011 9:18:30 AM | Computer Name = WS6 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/26/2011 9:18:50 AM | Computer Name = WS6 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/26/2011 9:19:33 AM | Computer Name = WS6 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/26/2011 9:19:37 AM | Computer Name = WS6 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SAVRT SAVRTPEL SPBBCDrv SYMTDI

Error - 4/26/2011 9:33:10 AM | Computer Name = WS6 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

WyldBill_883

Unborn
Unborn

Posts : 2
Joined : 2011-04-26
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool problems - OTL log

Post by Belahzur on Wed 27 Apr 2011, 10:31 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKCU..\RunOnce: [oPp24500lPoFo24500] C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500\oPp24500lPoFo24500.exe ()
    O33 - MountPoints2\{8a9c273b-932f-11df-9805-001111a13424}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a9c273b-932f-11df-9805-001111a13424}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8a9c273b-932f-11df-9805-001111a13424}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [You must be registered and logged in to see this link.]
    [2011/04/25 09:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oPp24500lPoFo24500



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool problems - OTL log

Post by Sponsored content Today at 4:10 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum