OTL Extras logfile created on: 13/08/2011 13:49:10 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.07 Mb Total Physical Memory | 779.75 Mb Available Physical Memory | 76.29% Memory free 2.40 Gb Paging File | 2.33 Gb Available in Paging File | 97.17% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.95 Gb Total Space | 83.53 Gb Free Space | 57.23% Space Free | Partition Type: NTFS Drive D: | 554.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 7.45 Gb Total Space | 7.29 Gb Free Space | 97.86% Space Free | Partition Type: FAT32 Computer Name: EMMA | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "4736:TCP" = 4736:TCP:*:Enabled:Search [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.) "C:\WINDOWS\SYSTEM32\muzapp.exe" = C:\WINDOWS\SYSTEM32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module -- (Camshare Inc.) "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24 "{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.16 "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{889D7767-A186-4ED4-A7D9-FC6ECDA2A87C}_is1" = PC Repair Doctor Version 1.0 "{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11 "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "Bitzi's Bitcollider 0.6.0" = Bitzi's Bitcollider 0.6.0 "Camfrog 6.0" = Camfrog Video Chat 6.0 "Camfrog Server 6.0" = Camfrog Server 6.0 (remove only) "CFWebAdvancedU2" = Camfrog Web Advanced 2.0 ActiveX Plugin (remove only) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall "ie8" = Windows Internet Explorer 8 "InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective "InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio "KeynoteConnector" = Keynote Connector "KeyScrambler" = KeyScrambler "Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NIS" = Norton Internet Security "OpenAL" = OpenAL "Rapport_msi" = Rapport "ResultDns" = ResultDns 1.0 build 115 "Tweak UI 2.10" = Tweak UI "Unlocker" = Unlocker 1.8.7 "ViewpointMediaPlayer" = Viewpoint Media Player "WIC" = Windows Imaging Component "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/08/2011 13:54:51 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 33.4.0.54, faulting module svchost.exe, version 33.4.0.54, fault address 0x000077fe. Error - 12/08/2011 14:31:43 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application inststub.exe, version 18.5.0.125, faulting module prodcbk.dll, version 18.5.0.125, fault address 0x0000f6a5. Error - 12/08/2011 15:09:03 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 33.4.0.54, faulting module svchost.exe, version 33.4.0.54, fault address 0x000077fe. Error - 12/08/2011 15:26:37 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application nis-upgrade-esd-nodefs-18-5-0-125-en.exe, version 18.5.0.125, faulting module prodcbk.dll, version 18.5.0.125, fault address 0x0000f6a5. Error - 12/08/2011 15:28:12 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application nis-upgrade-esd-nodefs-18-5-0-125-en.exe, version 18.5.0.125, faulting module prodcbk.dll, version 18.5.0.125, fault address 0x0000f6a5. Error - 12/08/2011 15:33:09 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application pev.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x0008cb40. Error - 12/08/2011 15:47:08 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application nis-upgrade-esd-nodefs-18-5-0-125-en.exe, version 18.5.0.125, faulting module prodcbk.dll, version 18.5.0.125, fault address 0x0000f6a5. Error - 12/08/2011 16:00:54 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 33.4.0.54, faulting module svchost.exe, version 33.4.0.54, fault address 0x000077fe. Error - 13/08/2011 07:45:12 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 33.4.0.54, faulting module svchost.exe, version 33.4.0.54, fault address 0x000077fe. Error - 13/08/2011 07:45:12 | Computer Name = EMMA | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 33.4.0.54, faulting module unknown, version 0.0.0.0, fault address 0x24017c1e. [ System Events ] Error - 10/08/2011 17:23:47 | Computer Name = EMMA | Source = redbook | ID = 268369922 Description = Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems. Error - 12/08/2011 14:36:54 | Computer Name = EMMA | Source = sfsync02 | ID = 262156 Description = Error - 12/08/2011 14:36:54 | Computer Name = EMMA | Source = redbook | ID = 268369922 Description = Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems. Error - 12/08/2011 14:36:54 | Computer Name = EMMA | Source = redbook | ID = 268369922 Description = Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems. Error - 13/08/2011 08:00:55 | Computer Name = EMMA | Source = sfsync02 | ID = 262156 Description = Error - 13/08/2011 08:00:55 | Computer Name = EMMA | Source = redbook | ID = 268369922 Description = Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems. Error - 13/08/2011 08:00:55 | Computer Name = EMMA | Source = redbook | ID = 268369922 Description = Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems. Error - 13/08/2011 08:17:17 | Computer Name = EMMA | Source = sfsync02 | ID = 262156 Description = Error - 13/08/2011 08:17:17 | Computer Name = EMMA | Source = redbook | ID = 268369922 Description = Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems. Error - 13/08/2011 08:17:17 | Computer Name = EMMA | Source = redbook | ID = 268369922 Description = Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems. < End of report >