OTL Extras logfile created on: 9/9/2009 3:26:11 AM - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.48 Mb Total Physical Memory | 556.36 Mb Available Physical Memory | 54.79% Memory free 2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.64% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18.64 Gb Total Space | 3.57 Gb Free Space | 19.14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 232.88 Gb Total Space | 223.40 Gb Free Space | 95.93% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-48F30B758 Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "3681:UDP" = 3681:UDP:*:Enabled:Windows Media Format SDK (firefox.exe) "3680:UDP" = 3680:UDP:*:Enabled:Windows Media Format SDK (firefox.exe) "3703:UDP" = 3703:UDP:*:Enabled:Windows Media Format SDK (firefox.exe) [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.) "E:\LimeWire\LimeWire.exe" = E:\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.18.8 -- (Lime Wire, LLC) "E:\BearShare Applications\BearShare\BearShare.exe" = E:\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- () "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) "C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.) "C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation) "C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google) "C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{2A9C3F41-DACA-37AB-84FB-2E6193C42151}" = Google Gears "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7DCA3763-701D-45DD-8F6B-A8C3206C0289}" = ActiveSpeed "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{F1D3D463-023F-4BC6-B0C4-E287E24A635A}" = ActiveSpeed "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM_6" = AIM 6 "ATT-SST" = AT&T Self Support Tool "ATTToolbar" = AT&T Toolbar "Audacity_is1" = Audacity 1.2.6 "BellsouthHelpCenter4.0b_is1" = FastAccess® DSL Help Center 4.1 "CCleaner" = CCleaner (remove only) "ERUNT_is1" = ERUNT 1.1j "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "king.com" = king.com (remove only) "LimeWire" = LimeWire 5.1.2 "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MySpaceIM" = MySpaceIM "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PokerStars" = PokerStars "PokerStars.net" = PokerStars.net "RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11 "RealPlayer 6.0" = RealPlayer "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6h "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 11 "Windows Mobile Device Handbook" = Windows Mobile® Device Handbook "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Extras" = Yahoo! Browser Services "Yahoo! Mail" = Yahoo! Internet Mail "Yahoo! Messenger" = Yahoo! Messenger "YInstHelper" = Yahoo! Install Manager [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 9/9/2009 12:07:47 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 11321 Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe. Error - 9/9/2009 12:07:48 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 11321 Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe. Error - 9/9/2009 12:07:48 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 11321 Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe. Error - 9/9/2009 12:07:49 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 11321 Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe. Error - 9/9/2009 12:36:25 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_16\jre1.6.0_16-pfrom11.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 9/9/2009 12:38:05 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Documents and Settings\User\Application Data\Sun\Java\jre1.6.0_16\jre1.6.0_16-pfrom11.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 9/9/2009 1:18:12 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_28_0_1010.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 9/9/2009 1:18:15 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_28_0_1010.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 9/9/2009 1:19:48 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_28_0_1010.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 9/9/2009 1:20:41 AM | Computer Name = OWNER-48F30B758 | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_28_0_1010.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. [ System Events ] Error - 9/9/2009 12:22:02 AM | Computer Name = OWNER-48F30B758 | Source = DCOM | ID = 10010 Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout. Error - 9/9/2009 12:24:27 AM | Computer Name = OWNER-48F30B758 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SYMTDI Error - 9/9/2009 1:18:54 AM | Computer Name = OWNER-48F30B758 | Source = DCOM | ID = 10010 Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout. Error - 9/9/2009 1:53:00 AM | Computer Name = OWNER-48F30B758 | Source = Schedule | ID = 7901 Description = The At25.job command failed to start due to the following error: %%2147942405 Error - 9/9/2009 2:00:00 AM | Computer Name = OWNER-48F30B758 | Source = Schedule | ID = 7901 Description = The At26.job command failed to start due to the following error: %%2147942405 Error - 9/9/2009 2:05:11 AM | Computer Name = OWNER-48F30B758 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL Error - 9/9/2009 3:00:00 AM | Computer Name = OWNER-48F30B758 | Source = Schedule | ID = 7901 Description = The At27.job command failed to start due to the following error: %%2147942405 Error - 9/9/2009 4:00:00 AM | Computer Name = OWNER-48F30B758 | Source = Schedule | ID = 7901 Description = The At28.job command failed to start due to the following error: %%2147942405 Error - 9/9/2009 4:09:58 AM | Computer Name = OWNER-48F30B758 | Source = DCOM | ID = 10010 Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout. Error - 9/9/2009 4:11:54 AM | Computer Name = OWNER-48F30B758 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL < End of report >