Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot Uninstall Movie Maker & microsoft frontpage & Google Re


  • This topic is locked This topic is locked

#1
10Kay

10Kay

    Member

  • Member
  • PipPip
  • 19 posts
Hello,
My Computer information are:
OS: XP Home Edition version 2002 (SP2 OEM), Upgraded to SP3
Security: NIS 2010, AdBlockPlus
Browsers: FF 3.6.8 (use for surfing in Windows UA), IE 8 (do NOT use! But do keep updated.)

  • Uninstall Attempts
I have been trying to remove Movie Maker and microsoft frontpage from my computer as I have no use for them about three weeks ago!

Initially, I used Revo Uninstaller (free version) with the 'Unrecoverable Delete' option to forcefully remove Movie Maker as the program did not show up in the Add/Remove Program dialog box. The files quickly reappeared after using the Delete key when Revo Uninstaller Unrecoverable Delete didn't work!

That didn't work, so I installed CCleaner and went through Options, Include and listed the above-noted program and selected Files, Subfolders and the Folder itself option. The programs still displayed under Program Files!

  • Malware Removal Attempt 1, 2

    Running NIS Full System Scans did not find anything! Before installing Google Redirect and Malware & Spyware Cleaning Guide Files, NIS 2010 had 0 Skipped Files then over 5,000 Skipped Files and after installing these new files, there are now 2 Skipped Files with NIS Full System Scan.
  • Followed Google Redirects Instructions

    I installed & ran ERUNT, OTM, GooredRix, TDSSKiller (0 results)
  • Followed Malware & Spyware Cleaning Guide Instructions
Installed & ran:
TFC, ERUNT,Malwarebytes Anti-Malware, didn't install any free anti-virus programs as I have anti-virus included with NIS 2010, rebooted my computer, have IE8 settings have been set to HIGH with limited sites Trusted, GMER, OTL.

After running all these .exe files and scans, I still cannot remove these programs!

FYI, after my MS updates finished downloading and installing yesterday, I could not access these downloaded files at all today. I noticed that there was a Movie Maker update in yesterday's MS updates as well. After making a JPEG of problems accessing these .exe files, the install and access problems went away! I can now download an uncorrupted version of OTM and run a scan.

Will installing Superantispyware along with the current anti-spyware programs cause a conflict with NIS 2010 and Malwarebytes Anti-Malware?

Looking forward to what steps I should take next. Thanks so much in advance for your help.
  • 0

Advertisements


#2
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Deleted my Reply I posted after reading that no replies should be added to my original post! Now I cannot delete my reply!

Edited by 10Kay, 15 August 2010 - 07:25 PM.

  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello 10Kay,

Welcome to Geekstogo.

I see you mention OTM. Do you really mean OTL? If so will you please post any logs you have from that together with a Malwarebytes one if you have it. :)
  • 0

#4
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hello 10Kay,

Welcome to Geekstogo.

I see you mention OTM. Do you really mean OTL? If so will you please post any logs you have from that together with a Malwarebytes one if you have it. :)


Hello emeraldnzl,
Thanks for your reply. I looked for my post in the Waiting Room and it is not there. Nor does it show up in My Topics at all. I had further information as to what is going on with my computer. Did it get deleted?

I did mean OTM.exe file. It worked when installed initially, then the next day it displayed as 'Shortcut to MS-DOS'.

As requested, here are the OTL and Malwarebytes scan logs.

Thanks so much.

Attached File  OTL.Txt   79.33KB   156 downloads

***********************


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2010 9:31:45 PM
mbam-log-2010-08-09 (21-31-45).txt

Scan type: Quick scan
Objects scanned: 137436
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello 10Kay,

Nothing showing up there.

Have you tried uninstalling those programs in Safe Mode?

To boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the offending programs. If for some reason you can't see them in your uninstall list then tell me when you return.

Meantime

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#6
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hello 10Kay,

Nothing showing up there.

Have you tried uninstalling those programs in Safe Mode? Yes, but the programs do not show up on the Add/Remove Program dialog box. So I tried again to remove with CCleaner, Options, Include microsoft frontpage and Movie Maker. Today, I checked and it is still there!

 

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working.

[*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
[*]When the downloads have finished, click on Settings.

As you stated in your instructions, it took a long time and the definitions download stopped at 31% then immediately dropped to 0%. :) Quite frankly, I do not spend a lot of time on the computer and the Online Scanner does take a lot of time. :) Is there another site that does not take a long time to run an online scanner? I do not like that I do not have anti-virus running while Kasperzky Online Scanner is downloading files (Where? On my computer? On my browser?). :) Thanks so much emeraldnzl.


  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello 10Kay,

Please just answer normally in the thread. Using quote tags for an answer can be confusing. :)

Also, if you wouldn't mind, just use normal type face unless there is a special reason. Using bold in normal dialogue is like shouting and in internet terms can be construed as rude. :)

the programs do not show up on the Add/Remove Program dialog box.

Thank you for answering that question.

So I tried again to remove with CCleaner, Options, Include microsoft frontpage and Movie Maker


Yes you mentioned in your first post that you hadn't had success with CCleaner etc.

Is there another site that does not take a long time to run an online scanner?


Generally speaking the all take a long time although maybe not as long as Kaspersky, but then, we use Kaspersky because many of us think it is the best for this job. Doesn't always work, some machines do have issues with Kaspersky.

Up to you really, it's your computer. If you really don't want to use Kaspersky then try this one:

Run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Click Start and if your security program asks you if you want to allow the program, click yes.
  • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
  • Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
  • Copy and paste that log as a reply to this topic

  • 0

#8
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello emeraldnzl,
Sorry about the bold text of my reply. My eyes are old and I could actually see the text!

Thanks for replying about a new Online Scanner.

Here is the log below.

One thing I don't get on the 'osver' line. It states that I have NT Service Pack 3. I know that I have Windows XP Home Edition 2002 Service Pack 3. I do not understand how NT got installed on my computer?!?!


I am going to try Kazpersky again. Hopefully, that will help find out why I cannot remove Movie Maker and microsoft frontpage. I noticed that under Media Player there is Movie Maker folder, which I have deleted and it is gone too! Is Movie Maker part of Media Player?

Thanks so much.


 

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6436c93edec98f49b9e20de2b9449c53
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-27 10:07:46
# local_time=2010-08-27 03:07:46 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3588 16777190 85 88 3552581 21603451 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46994
# found=0
# cleaned=0
# scan_time=1856
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Is Movie Maker part of Media Player?


I can't see it on my machine in my Media Player.

I do not understand how NT got installed on my computer?!?!


Nothing to worry about. XP is a Windows NT based operating system. What you see is absolutely normal.

Now

I am not seeing malware in that scan. Don't worry about the Kaspersky scan for now. :)

Instead let's have a wider look at things.

You have used Malwarebytes before. If you still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
    %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)

Edited by emeraldnzl, 27 August 2010 - 06:24 PM.

  • 0

#10
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4492

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/27/2010 10:08:35 PM
mbam-log-2010-08-27 (22-08-35).txt

Scan type: Quick scan
Objects scanned: 138308
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#11
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 8/27/2010 9:49:25 PM - Run 8
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\CompAdmin_DW\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

510.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 52.78 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DWMTBCCA
Current User Name: CompAdmin_DW
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\CompAdmin_DW\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\CompAdmin_DW\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.dll (Windows ® Codename Longhorn DDK provider)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100827.039\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100827.039\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100827.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...618EC&FORM=W5WA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 0A EB 6E 46 10 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/07/07 15:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/07/06 18:27:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 20:30:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/27 11:11:04 | 000,000,000 | ---D | M]

[2010/07/06 21:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CompAdmin_DW\Application Data\Mozilla\Extensions
[2010/08/27 16:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CompAdmin_DW\Application Data\Mozilla\Firefox\Profiles\q9axt25y.default\extensions
[2010/08/18 15:51:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\CompAdmin_DW\Application Data\Mozilla\Firefox\Profiles\q9axt25y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/06 21:48:12 | 000,000,000 | ---D | M] (WorldIP) -- C:\Documents and Settings\CompAdmin_DW\Application Data\Mozilla\Firefox\Profiles\q9axt25y.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2010/08/27 16:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 20:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 16:32:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/27 21:12:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O15 - HKCU\..Trusted Domains: adobe.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bing.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.45.111.250 72.45.111.251
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\CompAdmin_DW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CompAdmin_DW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/27 21:27:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\CompAdmin_DW\Recent
[2010/08/27 21:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Desktop\GooredFix Backups
[2010/08/27 18:37:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/27 16:31:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/27 16:31:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/27 16:31:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/27 12:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/26 20:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/24 19:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/23 22:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Application Data\WinPatrol
[2010/08/23 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/08/22 19:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Desktop\Process Explorer
[2010/08/21 23:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/08/21 23:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/08/21 23:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/08/17 17:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Desktop\TDSSKiller
[2010/08/17 17:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Desktop\OTL
[2010/08/17 17:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Desktop\GooredFix
[2010/08/14 21:59:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/12 19:54:07 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\OTM.exe
[2010/08/09 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Application Data\Malwarebytes
[2010/08/09 21:10:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 21:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/09 21:10:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 21:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 20:09:25 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\TFC.exe
[2010/08/09 19:43:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\OTL.exe
[2010/08/09 18:44:23 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\CompAdmin_DW\Desktop\GooredFix.exe
[2010/08/09 18:32:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/09 18:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/09 18:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Desktop\erunt
[2010/08/07 15:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CompAdmin_DW\Local Settings\Application Data\WMTools Downloaded Files
[2010/08/04 15:07:42 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CompAdmin_DW\Desktop\TDSSKiller.exe
[2010/08/01 15:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2010/08/27 21:16:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/27 21:14:06 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\CompAdmin_DW\NTUSER.DAT
[2010/08/27 21:14:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CompAdmin_DW\ntuser.ini
[2010/08/27 21:12:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/27 20:10:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\Desktop\exs20qjs.exe
[2010/08/26 21:01:19 | 007,969,942 | -H-- | M] () -- C:\Documents and Settings\CompAdmin_DW\Local Settings\Application Data\IconCache.db
[2010/08/25 19:48:24 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\DisableDrWatson.reg
[2010/08/24 17:05:14 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/24 17:05:12 | 000,553,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/24 17:05:12 | 000,463,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/24 17:05:12 | 000,080,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/23 16:00:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/16 19:02:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 16:28:37 | 000,002,688 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\Disable_CinepakEncodedFilesinDirectShow.reg
[2010/08/14 17:24:29 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\MP3_Parser_Backup.reg
[2010/08/14 16:48:43 | 000,000,141 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\Disable_NewsProtocolHandler.reg
[2010/08/14 16:41:05 | 000,000,587 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/14 16:41:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/14 16:41:05 | 000,000,214 | -HS- | M] () -- C:\boot.ini
[2010/08/14 15:39:51 | 000,002,740 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\Drivers32_Backup.reg
[2010/08/13 21:16:41 | 000,002,540 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\Disable_Silverlight.reg
[2010/08/13 21:15:08 | 000,002,540 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\SL_backup.reg
[2010/08/12 19:54:24 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\OTM.exe
[2010/08/11 16:17:12 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/09 20:09:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\TFC.exe
[2010/08/09 19:44:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\OTL.exe
[2010/08/09 19:37:41 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CompAdmin_DW\Desktop\TDSSKiller.exe
[2010/08/09 18:44:24 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\CompAdmin_DW\Desktop\GooredFix.exe
[2010/08/07 21:29:31 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/01 15:06:15 | 000,005,692 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\cc_20100801_150529.reg
[2010/08/01 15:04:57 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\cc_20100801_150447.reg
[2010/07/30 14:41:35 | 000,250,332 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\cc_20100730_144047.reg
[2010/07/30 11:50:38 | 000,014,534 | -H-- | M] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\ZbThumbnail.info

========== Files Created - No Company Name ==========

[2010/08/27 20:10:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\Desktop\exs20qjs.exe
[2010/08/25 19:48:24 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\DisableDrWatson.reg
[2010/08/15 16:28:37 | 000,002,688 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\Disable_CinepakEncodedFilesinDirectShow.reg
[2010/08/14 17:24:29 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\MP3_Parser_Backup.reg
[2010/08/14 16:48:43 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\Disable_NewsProtocolHandler.reg
[2010/08/14 15:39:51 | 000,002,740 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\Drivers32_Backup.reg
[2010/08/13 21:16:41 | 000,002,540 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\Disable_Silverlight.reg
[2010/08/13 21:15:08 | 000,002,540 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\SL_backup.reg
[2010/08/01 15:05:31 | 000,005,692 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\cc_20100801_150529.reg
[2010/08/01 15:04:50 | 000,000,332 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\cc_20100801_150447.reg
[2010/07/30 14:40:56 | 000,250,332 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\My Documents\cc_20100730_144047.reg
[2010/07/09 15:07:21 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 23:15:27 | 000,004,586 | ---- | C] () -- C:\Documents and Settings\CompAdmin_DW\Application Data\wklnhst.dat
[2010/06/17 07:03:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
[2009/03/17 19:55:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\05DBC0C248.sys
[2009/03/17 19:55:32 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/09 14:37:33 | 000,000,285 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/02/09 14:37:33 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/02/09 14:36:44 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/09 14:36:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/09 14:35:35 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/02/09 14:33:18 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/09 05:20:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/09 05:14:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/09 04:42:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/09/09 04:42:16 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/27 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:12:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 11:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/14 16:41:05 | 000,000,214 | -HS- | M] () -- C:\boot.ini
[2004/08/10 11:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/24 16:49:37 | 000,022,720 | ---- | M] () -- C:\HijackPatrol.log
[2009/02/07 14:57:07 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/03/09 17:09:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/09 17:09:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/07 14:57:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/27 21:16:33 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/08/09 19:38:43 | 000,048,552 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_19.37.54_log.txt
[2010/08/12 20:07:52 | 000,048,552 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_12.08.2010_20.06.46_log.txt
[2010/08/14 20:55:18 | 000,048,552 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_14.08.2010_20.54.18_log.txt
[2010/08/27 21:20:21 | 000,048,552 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_27.08.2010_21.19.07_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 11:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2001/11/20 15:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 10:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 10:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 10:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/07 15:05:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2010/03/23 15:28:18 | 000,006,656 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/19 14:33:48 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\CompAdmin_DW\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 11:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/27 20:10:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\CompAdmin_DW\Desktop\exs20qjs.exe
[2010/08/09 18:44:24 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\CompAdmin_DW\Desktop\GooredFix.exe
[2010/08/09 19:44:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\OTL.exe
[2010/08/12 19:54:24 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\OTM.exe
[2010/08/09 19:37:41 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CompAdmin_DW\Desktop\TDSSKiller.exe
[2010/08/09 20:09:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CompAdmin_DW\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2010/07/23 20:29:56 | 000,910,296 | ---- | M] (Mozilla Corporation) MD5=BACCDA841C689D1CBA941F478E8ED24B -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-27 18:01:53

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\basecsp.log:SummaryInformation
< End of report >
  • 0

#12
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL Extras logfile created on: 8/27/2010 4:45:46 PM - Run 5
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and

Settings\CompAdmin_DW\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

510.00 Mb Total Physical Memory | 265.00 Mb Available Physical Memory | 52.00% Memory

free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 52.85 Gb Free Space | 74.13% Space Free | Partition

Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DWMTBCCA
Current User Name: CompAdmin_DW
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla

Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla

Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint

-url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint

-url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft

Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe

%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" =

%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" =

C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft

Corporation)
"%windir%\system32\sessmgr.exe" =

%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Username\Local Settings\Temp\7zS15.tmp\SymNRT.exe" =

C:\Documents and Settings\Username\Local

Settings\Temp\7zS15.tmp\SymNRT.exe:*:Disabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\Username\Local Settings\Temp\7zS1.tmp\SymNRT.exe" =

C:\Documents and Settings\Username\Local

Settings\Temp\7zS1.tmp\SymNRT.exe:*:Disabled:Norton Removal Tool -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program

Files\Skype\Phone\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin

Manager\skypePM.exe:*:Disabled:Skype Extras Manager -- (Skype Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update

kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D166051-2C3B-4BF3-A68D-B11D45F3E1B6}" = User Profile Helper Cleanup Service
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = USB2.0 UVC WebCam
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera

User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.89
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software

Starter Guide
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2010 11:38:08 PM | Computer Name = DWMTBCCA | Source = Application Hang |

ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2010 7:27:28 PM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/21/2010 7:27:28 PM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/21/2010 7:27:36 PM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/22/2010 2:02:07 AM | Computer Name = DWMTBCCA | Source = Application Error |

ID = 1000
Description = Faulting application acrord32.exe, version 9.3.3.177, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x000046b4.

Error - 8/22/2010 3:13:30 AM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/22/2010 3:13:30 AM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/23/2010 6:47:15 PM | Computer Name = DWMTBCCA | Source = EventSystem | ID =

4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of

d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/23/2010 6:47:15 PM | Computer Name = DWMTBCCA | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 8/25/2010 10:39:08 PM | Computer Name = DWMTBCCA | Source = Microsoft

Management Console | ID = 1000
Description =

[ Application Events ]
Error - 8/14/2010 11:38:08 PM | Computer Name = DWMTBCCA | Source = Application Hang |

ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2010 7:27:28 PM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/21/2010 7:27:28 PM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/21/2010 7:27:36 PM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/22/2010 2:02:07 AM | Computer Name = DWMTBCCA | Source = Application Error |

ID = 1000
Description = Faulting application acrord32.exe, version 9.3.3.177, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x000046b4.

Error - 8/22/2010 3:13:30 AM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/22/2010 3:13:30 AM | Computer Name = DWMTBCCA | Source = crypt32 | ID =

131080
Description = Failed auto update retrieval of third-party root list sequence number
from:

<http://www.download....edr/en/authroot

seq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/23/2010 6:47:15 PM | Computer Name = DWMTBCCA | Source = EventSystem | ID =

4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of

d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/23/2010 6:47:15 PM | Computer Name = DWMTBCCA | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 8/25/2010 10:39:08 PM | Computer Name = DWMTBCCA | Source = Microsoft

Management Console | ID = 1000
Description =

[ System Events ]
Error - 8/27/2010 7:36:25 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:36:25 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:36:25 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:36:25 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:38:03 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:38:03 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:42:06 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:43:06 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/27/2010 7:45:22 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/27/2010 7:45:23 PM | Computer Name = DWMTBCCA | Source = Service Control

Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Edited by 10Kay, 27 August 2010 - 11:19 PM.

  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello 10Kay,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
    FP20*.*.
    
    :filefind
    Frontpg.ini
    Fpexplor.ini
    Fpeditor.ini 
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Next

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
    SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    :Commands
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
So when you return please post
  • SystemLook.txt
  • OTL fix log

  • 0

#14
10Kay

10Kay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:31 on 28/08/2010 by CompAdmin_DW (Administrator - Elevation successful)

========== file ==========

FP20*.*. - Unable to find/read file.

========== filefind ==========

Searching for "Frontpg.ini"
No files found.

Searching for "Fpexplor.ini"
No files found.

Searching for "Fpeditor.ini "
No files found.

-=End Of File=-
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello 10Kay,

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Program Files\movie maker
    C:\Program Files\microsoft frontpage
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP