WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Frozen desktop background, no icons

3 posters

descriptionFrozen desktop background, no icons EmptyFrozen desktop background, no icons7th June 2011, 1:22 pm

more_horiz
Hi and good day.
I cannot do anything on my computer. When I turn it on it just stays on the desktop background, no icons, no bar, no start button.

The following is the history I remember before this happened.

1. I downloaded the free trial newest version of AVG anti-virus and used it immediately.
2. It found some registry errors and quarantined them.
3. I've noticed that it kind of slowed down my computer so I uninstalled it.
4. From then on everytime I turn on the computer I was getting a couple of pop-up messages which says "InCD not installed" and "InCd helper not installed"
5. I can open files from the CD/DVD drive but cannot use it to save files. Its saying the drive is read only memory. I never had problem saving files using the cd drive before.
6. I tried to re-install the drive program using the cd that came with the LG drive. During the installation process I saw the message" In CD succesfully installed"
7. When I re-started the computer, it just stayed and froze on the desktop background, no icons and no start button and no bar at the bottom, so I was kind of stuck and cannot go anywhere.

Hope you can help me fix this problem.

Thanks
****************************************************************
OTL logfile created on: 6/7/2011 12:05:02 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Noel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.42 Mb Total Physical Memory | 145.03 Mb Available Physical Memory | 57.00% Memory free
661.22 Mb Paging File | 529.79 Mb Available in Paging File | 80.12% Paging File free
Paging file location(s): C:\pagefile.sys 420 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.41 Gb Total Space | 52.09 Gb Free Space | 78.44% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 64.35 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive E: | 21.79 Gb Total Space | 14.57 Gb Free Space | 66.85% Space Free | Partition Type: NTFS

Computer Name: NOEL-93ECC9D32D | User Name: Noel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 23:58:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.com
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 23:58:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2004/09/07 16:25:12 | 001,151,090 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/12/10 09:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 09:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 09:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 09:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 09:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 09:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 09:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/05/15 16:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 16:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/08/17 21:58:51 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/03/22 20:57:44 | 000,073,984 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rockusb.sys -- (rockusb)
DRV - [2005/04/12 04:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/03/08 22:08:42 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/03/08 22:05:40 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/01/28 15:36:00 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/07/16 15:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/19 03:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2


[2010/12/15 22:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noel\Application Data\Mozilla\Extensions
[2010/12/15 22:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noel\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/02/24 12:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 22:29:02 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2008/11/22 13:53:41 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\MS Office 2000\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227381243265 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Documents and Settings\Noel\My Documents\My Pictures\Giulio\Picture 001.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Noel\My Documents\My Pictures\Giulio\Picture 001.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/23 18:01:05 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{178a30ee-0657-11e0-b429-0002550d5afa}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{49252eb6-b8c9-11dd-b10f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{49252eb6-b8c9-11dd-b10f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49252eb6-b8c9-11dd-b10f-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun\Demo.exe
O33 - MountPoints2\{fc236737-b88c-11dd-a034-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{fc236737-b88c-11dd-a034-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc236737-b88c-11dd-a034-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {28ABC5C0-4FCG-11CF-AAX5-81CX5C625612} - c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 23:58:19 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.com
[2011/06/06 22:04:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/01 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/06/01 14:36:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\InCD
[2011/06/01 14:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2011/06/01 14:36:21 | 000,010,368 | ---- | C] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys
[2011/06/01 14:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink DVD Solution
[2011/06/01 14:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink DVD Solution
[2011/05/31 14:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel\Local Settings\Application Data\WMTools Downloaded Files
[2008/12/11 23:56:02 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 23:58:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel\Desktop\OTL.com
[2011/06/06 22:18:08 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/06 22:18:08 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/06 22:14:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 22:13:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 14:44:02 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/06/01 14:33:02 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberLink Multimedia Launcher.lnk
[2011/06/01 14:31:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/01 14:28:12 | 000,000,318 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/06/01 14:26:17 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Noel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/01 14:19:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/31 13:43:25 | 000,643,072 | ---- | M] () -- C:\Documents and Settings\Noel\My Documents\hctree.pps
[2011/05/31 13:31:23 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/05/31 13:31:14 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\Microsoft Office PowerPoint.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 14:33:02 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink Multimedia Launcher.lnk
[2011/06/01 14:32:55 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2011/05/31 13:43:24 | 000,643,072 | ---- | C] () -- C:\Documents and Settings\Noel\My Documents\hctree.pps
[2009/10/09 13:07:39 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/28 00:08:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2008/12/24 00:32:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/12/10 22:06:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2008/12/10 22:03:39 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/12/07 23:41:01 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Noel\Application Data\ViewerApp.dat
[2008/12/07 23:39:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/07 22:48:58 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Noel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/07 22:42:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/12/03 21:49:44 | 000,000,774 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/12/03 21:49:44 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/12/03 21:49:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2008/12/03 21:12:39 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/03 21:12:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/22 14:22:37 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\Noel\Application Data\.zreglib
[2008/11/22 14:17:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/22 14:05:31 | 000,000,318 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/11/22 13:54:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 13:31:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/22 13:21:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/22 08:12:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/22 08:10:45 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/02/28 15:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/12/19 03:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2009/07/27 16:38:26 | 008,117,208 | ---- | M] (Mozilla) -- C:\Documents and Settings\Noel\Desktop\Firefox Setup 3.5.1.exe
[2008/11/22 14:53:30 | 001,851,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Noel\Desktop\install_flash_player.exe
[2009/06/11 12:18:38 | 000,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Noel\Desktop\jxpiinstall-6u13-fcs-bin-b03-windows-i586-09_mar_2009.exe
[2008/11/22 14:21:14 | 001,308,658 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\SetupAnyDVD6050.exe
[2008/11/22 14:20:40 | 005,061,763 | ---- | M] () -- C:\Documents and Settings\Noel\Desktop\SetupCloneDVD2901Slysoft.exe

< %PROGRAMFILES%\Common Files\*.* >
[2003/08/27 15:19:18 | 000,036,963 | R--- | M] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/02/17 15:00:27 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2011/02/17 15:00:27 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2007/08/13 18:50:08 | 001,383,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mshtml.tlb
[2008/04/13 11:42:06 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/12/24 00:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/24 00:15:47 | 000,000,000 | ---D | M] -- C:\Program Files\AdorageI-SAL
[2011/06/01 14:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/01/19 22:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/03 23:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\AVIConverter
[2008/12/10 22:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2011/02/06 22:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/11/22 13:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/01/04 00:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\Consumer Update Firmware
[2008/12/11 22:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/06/01 14:35:32 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink DVD Solution
[2008/11/22 14:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2011/06/01 14:35:29 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/04/15 03:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/06/11 12:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/06/01 14:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\lg_fwupdate
[2008/11/22 15:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/11/22 13:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/11/22 13:27:21 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/11/22 13:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/01 14:16:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/11 22:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/02/24 12:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/05 23:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/14 10:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/11/22 13:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/11/22 15:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/22 14:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/11/22 14:53:54 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/11/22 13:24:04 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 23:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/10/07 12:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2008/12/24 00:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\proDAD
[2009/01/19 22:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/05 23:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/12/11 23:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/12/10 22:02:58 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2008/11/22 14:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2009/01/06 18:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2011/02/06 22:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/01/19 22:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/12/22 22:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2011/04/14 17:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2010/12/15 22:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/12/15 22:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2008/11/22 13:45:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/11/22 15:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/22 15:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/22 14:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/11/22 13:24:11 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/11/22 13:27:21 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/22 14:43:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/22 14:43:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/22 14:43:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/22 14:43:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/22 14:43:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/22 14:43:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 19:32:31

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 08:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 08:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:9EE926D7F1C204EC

< End of report >

********************************************************************

OTL Extras logfile created on: 6/7/2011 12:05:02 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Noel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.42 Mb Total Physical Memory | 145.03 Mb Available Physical Memory | 57.00% Memory free
661.22 Mb Paging File | 529.79 Mb Available in Paging File | 80.12% Paging File free
Paging file location(s): C:\pagefile.sys 420 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.41 Gb Total Space | 52.09 Gb Free Space | 78.44% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 64.35 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive E: | 21.79 Gb Total Space | 14.57 Gb Free Space | 66.85% Space Free | Partition Type: NTFS

Computer Name: NOEL-93ECC9D32D | User Name: Noel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.173
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"AVIConverter" = AVIConverter 3.0
"CloneDVD2" = CloneDVD2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"TomTom HOME" = TomTom HOME 2.8.0.2146
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/11/2010 10:58:18 PM | Computer Name = NOEL-93ECC9D32D | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 2/14/2010 3:30:05 PM | Computer Name = NOEL-93ECC9D32D | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 2/15/2010 4:22:25 PM | Computer Name = NOEL-93ECC9D32D | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/16/2010 11:46:42 AM | Computer Name = NOEL-93ECC9D32D | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 6/6/2011 10:06:21 PM | Computer Name = NOEL-93ECC9D32D | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cinemsup ElbyCDIO Fips P3 PCLEPCI

Error - 6/6/2011 10:08:43 PM | Computer Name = NOEL-93ECC9D32D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/6/2011 10:11:06 PM | Computer Name = NOEL-93ECC9D32D | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/6/2011 10:11:06 PM | Computer Name = NOEL-93ECC9D32D | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/6/2011 10:11:21 PM | Computer Name = NOEL-93ECC9D32D | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/6/2011 10:11:21 PM | Computer Name = NOEL-93ECC9D32D | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/6/2011 10:14:17 PM | Computer Name = NOEL-93ECC9D32D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/6/2011 10:14:21 PM | Computer Name = NOEL-93ECC9D32D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/6/2011 10:15:34 PM | Computer Name = NOEL-93ECC9D32D | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cinemsup ElbyCDIO Fips P3 PCLEPCI

Error - 6/6/2011 11:57:58 PM | Computer Name = NOEL-93ECC9D32D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

****************************************************************

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-07 00:42:14
-----------------------------
00:42:14.203 OS Version: Windows 5.1.2600 Service Pack 3
00:42:14.203 Number of processors: 1 586 0x80A
00:42:14.203 ComputerName: NOEL-93ECC9D32D UserName: Noel
00:42:15.000 Initialize success
00:42:25.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:42:25.828 Disk 0 Vendor: Maxtor_6L160P0 BAH41G10 Size: 156334MB BusType: 3
00:42:27.859 Disk 0 MBR read successfully
00:42:27.875 Disk 0 MBR scan
00:42:27.890 Disk 0 Windows XP default MBR code
00:42:29.906 Disk 0 scanning sectors +320143320
00:42:29.953 Disk 0 scanning C:\WINDOWS\system32\drivers
00:42:34.718 Service scanning
00:42:42.687 Disk 0 trace - called modules:
00:42:42.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
00:42:42.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812f3450]
00:42:42.750 3 CLASSPNP.SYS[f92c1fd7] -> nt!IofCallDriver -> \Device\0000005b[0x812f50c0]
00:42:42.765 5 ACPI.sys[f9218620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81319030]
00:42:42.796 Scan finished successfully
00:43:37.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Noel\Desktop\MBR.dat"
00:43:37.937 The log file has been saved successfully to "C:\Documents and Settings\Noel\Desktop\aswMBR.txt"

*****************************************************************
Results of screen317's Security Check version 0.99.12
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 13
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.12.36
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````



descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons7th June 2011, 6:25 pm

more_horiz
Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

Frozen desktop background, no icons AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    Frozen desktop background, no icons AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Frozen desktop background, no icons DXwU4
Frozen desktop background, no icons VvYDg

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons8th June 2011, 4:05 pm

more_horiz
Here is the content of the aswMBR.txt

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-07 00:42:14
-----------------------------
00:42:14.203 OS Version: Windows 5.1.2600 Service Pack 3
00:42:14.203 Number of processors: 1 586 0x80A
00:42:14.203 ComputerName: NOEL-93ECC9D32D UserName: Noel
00:42:15.000 Initialize success
00:42:25.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:42:25.828 Disk 0 Vendor: Maxtor_6L160P0 BAH41G10 Size: 156334MB BusType: 3
00:42:27.859 Disk 0 MBR read successfully
00:42:27.875 Disk 0 MBR scan
00:42:27.890 Disk 0 Windows XP default MBR code
00:42:29.906 Disk 0 scanning sectors +320143320
00:42:29.953 Disk 0 scanning C:\WINDOWS\system32\drivers
00:42:34.718 Service scanning
00:42:42.687 Disk 0 trace - called modules:
00:42:42.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
00:42:42.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812f3450]
00:42:42.750 3 CLASSPNP.SYS[f92c1fd7] -> nt!IofCallDriver -> \Device\0000005b[0x812f50c0]
00:42:42.765 5 ACPI.sys[f9218620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81319030]
00:42:42.796 Scan finished successfully
00:43:37.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Noel\Desktop\MBR.dat"
00:43:37.937 The log file has been saved successfully to "C:\Documents and Settings\Noel\Desktop\aswMBR.txt"

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons8th June 2011, 9:10 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Frozen desktop background, no icons CF_download_FF

    Frozen desktop background, no icons CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Frozen desktop background, no icons Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Frozen desktop background, no icons Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Frozen desktop background, no icons DXwU4
Frozen desktop background, no icons VvYDg

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons13th June 2011, 6:59 pm

more_horiz
Hi, I have already downloaded and ran the combofix on safe mode and I have included here the "C:\combofix.txt". I can only do it on safe mode. I cannot do anything on normal mode, there is nothing on the screen until now except my deskstop background. The only way I can open the computer is on safe mode.

Below is the the combofix.txt

thanks
=====================================================

ComboFix 11-06-13.01 - Noel 06/13/2011 14:13:16.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.165 [GMT -4:00]
Running from: c:\documents and settings\Noel\Desktop\Combo-Fix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-07 02:09 . 2011-06-07 02:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-05 11:59 . 2011-06-07 02:08 -------- d-s---w- c:\documents and settings\Administrator
2011-06-01 18:36 . 2011-06-01 18:36 -------- d-----w- c:\windows\InCD
2011-06-01 18:36 . 2011-06-01 18:36 -------- d-----w- c:\program files\Ahead
2011-06-01 18:36 . 2003-12-05 09:46 10368 ------w- c:\windows\system32\drivers\pfc.sys
2011-06-01 18:32 . 2011-06-01 18:35 -------- d-----w- c:\program files\CyberLink DVD Solution
2011-06-01 18:32 . 2004-03-11 17:27 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-05-31 18:05 . 2011-06-01 18:26 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-08-27 19:19 . 2008-12-12 03:56 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-08-14 470016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-09 153136]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-11-22 548864]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-20 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\ms office 2000\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
.
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/23/2009 12:04 PM 27632]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 8:29 AM 92008]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [3/22/2006 8:57 PM 73984]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [1/19/2009 10:22 PM 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [1/19/2009 10:22 PM 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [1/19/2009 10:22 PM 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [1/19/2009 10:22 PM 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [1/19/2009 10:22 PM 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [1/19/2009 10:22 PM 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [1/19/2009 10:22 PM 110120]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4/14/2011 5:14 PM 150528]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-CloneDVD2 - c:\documents and settings\Noel\My Documents\Temp\CloneDVD2\CloneDVD2-uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(256)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-13 14:27:21
ComboFix-quarantined-files.txt 2011-06-13 18:27
.
Pre-Run: 55,817,203,712 bytes free
Post-Run: 56,683,347,968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0E81BA0D9BB4EC78630570E4966E5A9D

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons14th June 2011, 3:52 pm

more_horiz
Hello.
Is the Desktop still blank when your in normal mode now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Frozen desktop background, no icons DXwU4
Frozen desktop background, no icons VvYDg

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons14th June 2011, 6:33 pm

more_horiz
Yes, the desktop still stays the same, still blank except the background. I cannot do anything on normal mode, there is nothing on the screen until now except my desktop background.

I tried running on normal mode after running the combofix from safe mode, I still have the same problem. What I have noticed though , this time it takes too long for windows to shut down on normal mode after I ran the combofix. By the way I just manually turn off the computer everytime when I have tried to open on normal mode. It's the only way I can turn it off( by the button or switch) since nothing is on the desktop, nothing to click.

Thanks again

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons14th June 2011, 7:00 pm

more_horiz
Please stay in normal mode for now.

Open the Task Manager via ctrl/alt/del. Go to the "Applications" tab, and press "New Task..."

In the open field, type in explorer.exe and hit the OK button.

Does your Desktop load now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Frozen desktop background, no icons DXwU4
Frozen desktop background, no icons VvYDg

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons15th June 2011, 1:19 pm

more_horiz
I did "ctrl+alt+del" on the normal mode and was able to open the task manager. I went to application tab but nothing happened after I entered "explorer.exe" in the open field and hit ok.

I did it 4 times and waited for quite awhile, but to no avail. My desktop is still not loading.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons15th June 2011, 6:24 pm

more_horiz
Hello.


  • Please download and run UnHide.exe by Grinler.
  • Double-click unhide.exe to run the program.
  • After running it, your files should reappear. Please let us know the result.


Got your Desktop back now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Frozen desktop background, no icons DXwU4
Frozen desktop background, no icons VvYDg

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons17th June 2011, 11:49 am

more_horiz
Hi, nothing still on mydesktop after running unhide.exe program. I also tried running it on the normal mode thru the task manager, but nothing still.

Can I try running the combofix on normal mode using the task manager?

Have a good day.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons17th June 2011, 6:02 pm

more_horiz
Yes, give it a try, see what happens.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Frozen desktop background, no icons DXwU4
Frozen desktop background, no icons VvYDg

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons20th June 2011, 7:59 pm

more_horiz
Hi, I did try running the combo fix on normal mode using the task manager. It did load my desktop but it's gone again evertime I turn on the computer. To load the desktop, I have to run the combofix again. Here are the things that happenned:

1. I got message that combofix has expired, it was asking me to click "yes" or "no" to run in "Reduced functionality mode". I selected "yes" and started running the combofix program.

2. After running, it loaded on the screen the combofix.txt and on the bottom it shows the "Start" menu bar. I closed the combofix.txt and there I saw my deskstop has also loaded.

3. I opened the microsoft excel, word and power point and they were loading okay. The problem is everytime I try to open a file on a different location using : file, open, and the dropdown key it kind of freeze for a couple of minutes before it gives me the drop down list, I never had this problem before.

4. Finally and most importantly, when I try to shut down the computer and click on the turn off button, it never shut down at all, it stays on the screen saying "Windows XP is shutting down", I waited for a couple of hours for something to happen but the computer did not actually shut down, the screen just stayed on "Windows XP is shutting down". So, again I just shut down the computer manually thru the switch button.

5. But when I turn on my computer on the normal mode, the desktop is not loading again. Then I have to run the combo fix again with "reduced functionality mode". Then points 1 to 5 keeps on repeating.

Hope you can help me fix these concerns.

Again, thank you.



descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons21st June 2011, 2:59 am

more_horiz
Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:


    :filefind
    explorer.exe



  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

............................................................................................

I'm livin' life in the fast lane.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons21st June 2011, 12:41 pm

more_horiz
SystemLook 04.09.10 by jpshortstuff
Log created at 08:36 on 21/06/2011 by Noel
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [12:00 04/08/2004] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1032192 bytes [18:44 22/11/2008] [12:00 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1033728 bytes [18:25 13/06/2011] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [00:12 14/04/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

-= EOF =-

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons22nd June 2011, 1:15 am

more_horiz
Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Frozen desktop background, no icons Cfscriptb4

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

............................................................................................

I'm livin' life in the fast lane.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons23rd June 2011, 5:21 pm

more_horiz
Hi, I am still encountering the same problem. Currently, I do not have any anti-virus. Is it wise to get one while you are trying to help me? Below is the log of the previous run of the combo fix:
====================================================

ComboFix 11-06-22.05 - Noel 06/23/2011 10:42:12.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.58 [GMT -4:00]
Running from: c:\documents and settings\Noel\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Noel\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 14:09 . 2011-06-23 14:10 -------- d-----w- C:\Combo-Fix
2011-06-16 13:15 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-07 02:09 . 2011-06-07 02:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-05 11:59 . 2011-06-07 02:08 -------- d-s---w- c:\documents and settings\Administrator
2011-06-01 18:36 . 2011-06-01 18:36 -------- d-----w- c:\windows\InCD
2011-06-01 18:36 . 2011-06-01 18:36 -------- d-----w- c:\program files\Ahead
2011-06-01 18:36 . 2003-12-05 09:46 10368 ------w- c:\windows\system32\drivers\pfc.sys
2011-06-01 18:32 . 2011-06-01 18:35 -------- d-----w- c:\program files\CyberLink DVD Solution
2011-06-01 18:32 . 2004-03-11 17:27 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-05-31 18:05 . 2011-06-01 18:26 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2008-11-22 17:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2003-08-27 19:19 . 2008-12-12 03:56 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-23_14.21.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-08-14 470016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-09 153136]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-11-22 548864]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-20 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\ms office 2000\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
.
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-23 73984]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 10:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-23 10:53:48
ComboFix-quarantined-files.txt 2011-06-23 14:53
ComboFix2.txt 2011-06-23 14:25
ComboFix3.txt 2011-06-20 17:42
ComboFix4.txt 2011-06-20 15:55
ComboFix5.txt 2011-06-23 14:39
.
Pre-Run: 56,178,278,400 bytes free
Post-Run: 56,168,062,976 bytes free
.
- - End Of File - - BFCC2A8CCADB2C1771AA90AE66840A7F

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons24th June 2011, 6:43 am

more_horiz
Hi,

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Frozen desktop background, no icons AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    Frozen desktop background, no icons AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

............................................................................................

I'm livin' life in the fast lane.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons26th June 2011, 2:26 am

more_horiz
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-25 22:18:58
-----------------------------
22:18:58.796 OS Version: Windows 5.1.2600 Service Pack 3
22:18:58.796 Number of processors: 1 586 0x80A
22:18:58.796 ComputerName: NOEL-93ECC9D32D UserName: Noel
22:18:59.250 Initialize success
22:19:25.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:19:25.031 Disk 0 Vendor: Maxtor_6L160P0 BAH41G10 Size: 156334MB BusType: 3
22:19:27.062 Disk 0 MBR read successfully
22:19:27.062 Disk 0 MBR scan
22:19:27.062 Disk 0 Windows XP default MBR code
22:19:29.062 Disk 0 scanning sectors +320143320
22:19:29.078 Disk 0 scanning C:\WINDOWS\system32\drivers
22:19:33.812 Service scanning
22:19:35.093 Disk 0 trace - called modules:
22:19:35.093 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:19:35.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812efab8]
22:19:35.093 3 CLASSPNP.SYS[f92c1fd7] -> nt!IofCallDriver -> \Device\0000005d[0x81351f18]
22:19:35.093 5 ACPI.sys[f9218620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x812e5328]
22:19:35.093 Scan finished successfully
22:20:46.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Noel\Desktop\MBR.dat"
22:20:46.062 The log file has been saved successfully to "C:\Documents and Settings\Noel\Desktop\aswMBR.txt"


descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons26th June 2011, 5:21 am

more_horiz
Hi,

Frozen desktop background, no icons Bf_new Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

............................................................................................

I'm livin' life in the fast lane.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons27th June 2011, 2:47 pm

more_horiz
Hi, after launching the Malwarebytes it did not find any infection. Below is the log:
====================================================

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6959

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/27/2011 10:39:08 AM
mbam-log-2011-06-27 (10-39-06).txt

Scan type: Quick scan
Objects scanned: 151270
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons28th June 2011, 8:53 pm

more_horiz
Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

............................................................................................

I'm livin' life in the fast lane.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons4th July 2011, 2:49 am

more_horiz
Hi, I did your instructions. I am still having the same problem. Below is the log for Eset Online scanner:
====================================================

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=80568f790ed3a14cbf88b65c125b88c8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-29 08:36:42
# local_time=2011-06-29 04:36:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=53197
# found=1
# cleaned=1
# scan_time=4183
D:\MyWorks\Clone DVD + Any DVD+ crack+serial\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\SetupAnyDVD2004.exe probably a variant of Win32/Adware.Agent.EQTHDWD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons6th July 2011, 12:48 am

more_horiz
Hi, how's your computer running now?

............................................................................................

I'm livin' life in the fast lane.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons6th July 2011, 11:58 am

more_horiz
Unfortunately no. I am still having the same problem. The only way I can have my desktop on normal mode is to run Combofix every single time I have to use it. Then I cannot shut down the computer automatically, it just says "windows shutting down" and stays there forever if I don't turn it off manually. I cannot even properly work on any application like Word and Excel, I'm getting stuck all the time, the response is too slow or not responding at all, then again I wll just turn off the computer manually.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons7th July 2011, 2:59 am

more_horiz
Hi,

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Frozen desktop background, no icons AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    Frozen desktop background, no icons AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

............................................................................................

I'm livin' life in the fast lane.

descriptionFrozen desktop background, no icons EmptyRe: Frozen desktop background, no icons

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum