problem to open programs

[igrek001]

Hello, Starbuck! This is what I found in 'extras' (part 1):

 

OTL Extras logfile created on: 18.03.2010 23:19:55 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 233,76 Gb Total Space | 208,62 Gb Free Space | 89,25% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 232,83 Gb Total Space | 211,49 Gb Free Space | 90,84% Space Free | Partition Type: FAT32

Drive F: | 5,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 1,91 Gb Total Space | 0,93 Gb Free Space | 48,55% Space Free | Partition Type: FAT

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: WXP-F03WF61

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = SlimBrowserHtml] -- C:\Program Files\SlimBrowser\sbrowser.exe (FlashPeak, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = SlimBrowserHtml] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)

https [open] -- "C:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[igrek001]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (BitLord - The Ultimate ******* Downloader)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News...)

"C:\Program Files\Mail.Ru\Agent\magent.exe" = C:\Program Files\Mail.Ru\Agent\magent.exe:*:Enabled:Mail.Ru Aaaio -- (Mail.Ru)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Documents and Settings\Administrator\tetatet\tetatet.exe" = C:\Documents and Settings\Administrator\tetatet\tetatet.exe:*:Enabled:tetatet -- ()

"C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe" = C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com -- ()

"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Disabled:ooVoo -- (ooVoo)

"C:\Program Files\Hercules\Classic Silver\Station2.exe" = C:\Program Files\Hercules\Classic Silver\Station2.exe:*:Enabled:Hercules Webcam Station Evolution -- (Guillemot Corporation S.A.)

"C:\Program Files\SlimBrowser\sbrowser.exe" = C:\Program Files\SlimBrowser\sbrowser.exe:*:Enabled:FlashPeak SlimBrowser -- (FlashPeak, Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{04BA5899-1B3C-4AE4-8384-60DAE6258E75}" = Âûøèâêà Êðåñòîì 1.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Средство передачи Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2350150C-6528-4517-A634-DEA66983C881}" = Joydesk Games Setup - Silly

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 15

"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37CE2810-CD35-4592-9B3D-4E662B2AC1C2}" = eBook Librarian

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Akmos MetaTrader 4.00

"{4740F152-2F61-4DEF-80C4-BFDEC8D928C3}" = Windows Live Messenger

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4E8FD73A-B055-4A62-9C37-FF36D2186328}" = AVEO USB2.0 PC Camera(S5HVTV1P20821)

"{4F61F885-704C-465A-9FB9-26AEF1D2B2D9}" = Russian Phonetic YaWert - WinRus.com

"{518A8485-E038-4A8C-A76B-1C868D95F13E}" = Помощник по входу в Windows Live

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003

"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003

"{9091E58F-3A35-45BA-BE8A-BEAB0E236BBB}" = Основные компоненты Windows Live

"{94A6BCE1-291D-4BA4-B8CE-C5B169F7A6D4}" = Russian Phonetic Student - WinRus.com

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9CE2B4FB-8127-4058-B028-C5961242A480}" = Pattern Maker for cross stitch - v4

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AF8CFA6B-3365-412D-A272-807D23B7BB59}" = Windows Live Writer

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BECFBF9A-9BCD-4AA6-B131-7326166648E5}" = Windows Live Toolbar

"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D7349BBF-A382-4130-823D-EEF5B3003BD3}" = Фотоальбом Windows Live

"{DB0D2734-55AB-437E-B629-1F167CAF7921}" = Ryijy Stitch Designer

"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In

"{E911BE56-F8DB-48BB-B9AA-217F5096122F}" = Windows Live Sync

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam

"25 Кадр_is1" = 25 Кадр

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"ALUpdate_is1" = ALTools Update

"ALZip_is1" = ALZip

"Âûøèâêà Êðåñòîì 1.0" = Âûøèâêà Êðåñòîì 1.0

"avast5" = avast! Free Antivirus

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative PC-CAM Center" = Creative PC-CAM Center

"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)

"Creative PD1120" = Creative WebCam NX Ultra Driver (1.01.03.0112)

"Creative WebCam Monitor" = Creative WebCam Monitor

"Creative WebCam NX Ultra User's Guide English" = Creative WebCam NX Ultra User's Guide (English)

"eMule" = eMule

"eMuleTV_is1" = eMuleTV 2.1

"ffdshow" = ffdshow (remove only)

"FormatFactory (¸ñʽ¹¤³§)" = FormatFactory (¸ñʽ¹¤³§) V1.70 ¶à¹úÓïÑÔ°æ

"free-downloads.net Toolbar" = free-downloads.net Toolbar

"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Living 3D Dolphins Full Screen Saver" = Living 3D Dolphins Full Screen Saver

"MailRuSputnik" = Mail.Ru Спутник 2.0.1.29

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)

"MRA" = Mail.Ru Агент 5.2 (сборка 2405, для всех пользователей)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"My.Freeze.com NetAssistant" = My.Freeze.com NetAssistant

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PROSet" = Intel® PRO Network Adapters and Drivers

"RealPlayer 12.0" = RealPlayer

"SlimBrowser" = SlimBrowser (remove only)

"Tetatet" = Tetatet Beta

"The_Pirate_Bay Toolbar" = The_Pirate_Bay Toolbar

"TV_Mule Toolbar" = TV_Mule Toolbar

"VLC media player" = VLC media player 0.9.2

"Window Washer" = Window Washer

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Основные компоненты Windows Live

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

[igrek001]

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XobniMain" = Xobni

"Yahoo! Companion" = Yahoo! Toolbar

"Вышивка Крестом 1.0" = Вышивка Крестом 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"QIP Infium" = QIP Infium 2.0.9026 RC4

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 30.10.2008 15:49:59 | Computer Name = WXP-F03WF61 | Source = avast! | ID = 33554522

Description =

 

Error - 11.06.2009 17:43:50 | Computer Name = WXP-F03WF61 | Source = avast! | ID = 33554522

Description =

 

Error - 06.11.2009 22:52:28 | Computer Name = WXP-F03WF61 | Source = avast! | ID = 33554522

Description =

 

Error - 09.11.2009 3:28:13 | Computer Name = WXP-F03WF61 | Source = avast! | ID = 33554522

Description =

 

[ Application Events ]

Error - 28.02.2010 1:25:11 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application Stitch color.exe, version 1.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 28.02.2010 1:27:01 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application Stitch color.exe, version 1.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 28.02.2010 1:31:39 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application Stitch color.exe, version 1.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 28.02.2010 1:37:45 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application Stitch color.exe, version 1.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 28.02.2010 1:50:46 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application Stitch color.exe, version 1.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 28.02.2010 15:15:51 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application Stitch color.exe, version 1.0.0.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 05.03.2010 2:28:30 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application sbrowser.exe, version 4.1.2.8, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

Error - 07.03.2010 21:59:58 | Computer Name = WXP-F03WF61 | Source = Application Error | ID = 1000

Description = Faulting application alcohol.exe, version 2.0.0.1331, faulting module

, version 0.0.0.0, fault address 0x00000000.

 

Error - 07.03.2010 22:57:31 | Computer Name = WXP-F03WF61 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting

module , version 0.0.0.0, fault address 0x00000000.

 

Error - 10.03.2010 0:48:31 | Computer Name = WXP-F03WF61 | Source = Application Hang | ID = 1002

Description = Hanging application Fixer.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

[ System Events ]

Error - 18.03.2010 23:24:15 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:24:35 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:24:55 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:25:15 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:25:35 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:25:55 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:26:15 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:26:35 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:26:55 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

Error - 18.03.2010 23:27:15 | Computer Name = WXP-F03WF61 | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {25E8A7CA-5874-4F85-BC00-35210131C444}.

The

error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"

-Embedding

 

 

< End of report >

[Starbuck]

Hi igrek001,

 

Step 1

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
[2009.12.09 00:05:41 | 000,002,377 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wyeke127.xml
[2010.03.07 22:57:33 | 000,000,000 | ---D | M] (Wyeke) -- C:\Program Files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_sa_us.dll File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\Shell - "" = AutoRun
O33 - MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2010.04.04 12:04:09 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2008.10.09 06:05:14 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:commands
[emptytemp]
[purity]
[EMPTYFLASH]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

Step 2

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click 'Select'.
  
• Then click Remove Older Versions.
  
• Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

 

Recommendation.

SuperAntiSpyware doesn't need to start when Windows starts.

You can start it manually when you need to do a scan.

 

To change this:

Restart SuperAntiSpyware...

Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.

Then click Close. and then Close on the next screen to exit the program.

 

In your next reply, please submit:

Otl fix report

 

and let me know how things are running.

 

 

Thanks.

[igrek001]

Hello, Starbuck!

I followed all your instruction: fixed with OTL and install latest Java's version.

Here is the report from OTL:

 

All processes killed

========== OTL ==========

C:\Program Files\Mozilla Firefox\searchplugins\wyeke127.xml moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}\defaults\preferences folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}\defaults folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E} folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f62da2-96af-11dd-8251-00173fd65f11}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f62da2-96af-11dd-8251-00173fd65f11}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f62da2-96af-11dd-8251-00173fd65f11}\ not found.

File F:\LaunchU3.exe not found.

C:\hpfr3420.xml moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 6437100 bytes

->Temporary Internet Files folder emptied: 814750124 bytes

->Java cache emptied: 3331 bytes

->FireFox cache emptied: 326712391 bytes

->Google Chrome cache emptied: 465646294 bytes

->Flash cache emptied: 2273383 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 405 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33251 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 16807298 bytes

 

Total Files Cleaned = 1 559,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.1.37.3 log created on 04082010_013253

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

[igrek001]

The system run much better - thank you very much!!!

[Starbuck]

Glad things are running better now.

Are you ready to complete the cleaning process now?

[igrek001]

Sure, I do... even though I thought that it was already done... :-)

[Starbuck]

To finish off, we just need to remove the programs we had you to download and then clear your restore points.

I normally ask just to make sure there's no new issues.

 

Step 1

• Please double-click OTL.exe to run it.
  
• You should see a CleanUp! button, press that button,
   
  http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
   
  
• This will remove any programs we have asked you to download along with there associated folders.. plus itself.

 

Note:

MBAM will not be removed

 

Step 2

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

 

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  
• Then go to Start > Run and type: Cleanmgr
  
• Click "OK".
  
• Select the drive for cleaning then click OK (usually 'C' drive)
  
• Click the "More Options" Tab.
  
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

 

To find out how you may have been infected....read this topic:

So how did i get infected?

 

Not all of the following information will be applicable to you, but it's still best to read it all.

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software
  
  • Avira AntiVir
    
  • Avast free
    
  • Bitdefender Free
    
  • MS Security Essentials ... see note*
    

   

  Note*:

  Upon installation MS Security Essentials will check that your OS is a legal copy.

   

  Only install one AntiVirus program

   

  [*]Update your AntiVirus Software regularly

   

  [*]Use a 3rd party Firewall

  • Online Armor Free
    
  • ZoneAlarm ...Important note below
    
  • Outpost Firewall Free
    
  • Sunbelt Personal Firewall
    

  NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

   

  Only install one software Firewall

   

  Some 3rd party Firewalls will turn off the windows firewall when they are installed.

  It's always best to check that the Windows Firewall is turned off:

   

  How to turn off Windows Firewall:

  Start ... Control Panel ...click on 'Classic View'.

  now select Windows Firewall.

  When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

   

  [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner:

  Installing another scanner that you can run once or twice a week is always beneficial.

  Something like:

  Malwarebytes Anti-Malware

  SUPERAntiSypware

  Remember to update these programs each time before running.

  You can install more than one of these if you only run them as stand alone programs.

   

  [*] Use an alternative browser:

  Some excellent alternatives to MS Internet Explorer are:

   

  Firefox

  For added security, add the NoScript extension to this browser:

  Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

  also consider adding:

  WOT - Safe Browsing Tool

   

  Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

  Btw: you don't have to make a contribution.

   

  Opera

   

  They offer better security, more stability, and better speed.

   

  [*]Keep a backup of your registry

  Keeping a regular backup of your registry will help when something goes wrong.

  Use a program like:

  Erunt

   

  A full tutorial on how to set up and use Erunt can be found here:

  Erunt tutorial

   

  [*]Keep your system clean of temp files etc, using a 'Cleaner':

  Cleaners are programs that will help to clean out your:

  Windows temp files

  Current user temp files

  Cookies

  Temporary Internet flies

  Browser history

  Recycle bin

  Etc.......

  In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.

  Programs like:

  CCleaner

  TFC by OldTimer

  ATF Cleaner

   

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

   

  [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

   

  A tutorial on installing & using this product can be found here:

  Using and installing SpywareBlaster

   

  [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Glad I was able to help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

[igrek001]

Hello, Starbuck!... I will make a printout copy from your last instruction, which should be very much useful in future.

I'm very-very thanksful you for your great help and patiеnce. It still amaizing for me how much you know about cleaning up the system, and I'm absolutely sure not only this...

Thank you again and I wish you the best in your life.

 

Igor