OTL Extras logfile created on: 12/19/2010 8:21:51 PM - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Saki\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free 6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 3840 7680 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 407.43 Gb Free Space | 87.48% Space Free | Partition Type: NTFS Computer Name: 1DCGCC1 | User Name: Saki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] [HKEY_USERS\S-1-5-21-790525478-2077806209-725345543-1004\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "FirewallOverride" = 0 "AntiVirusOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe:*:Enabled:WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe -- (Blizzard Entertainment) "C:\Documents and Settings\Saki\Desktop\Micki's Shit\iTunes.exe" = C:\Documents and Settings\Saki\Desktop\Micki's Shit\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Documents and Settings\Saki\Local Settings\temp\Rar$EX00.375\teamspeak3-server_win32\ts3server_win32.exe" = C:\Documents and Settings\Saki\Local Settings\temp\Rar$EX00.375\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server -- File not found "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23 "{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone "{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AviSynth" = AviSynth 2.5 "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009 "Keyboard Status LED" = Keyboard Status LED "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "QcDrv" = Logitech® Camera Driver "SpywareBlaster_is1" = SpywareBlaster 4.4 "SystemRequirementsLab" = System Requirements Lab "Vivitar Experience Image Manager" = Vivitar Experience Image Manager "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Warcraft" = World of Warcraft "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-790525478-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/10/2010 3:16:57 AM | Computer Name = 1DCGCC1 | Source = ESENT | ID = 454 Description = Catalog Database (1728) Database recovery/restore failed with unexpected error -1216. Error - 12/10/2010 3:44:24 AM | Computer Name = 1DCGCC1 | Source = Application Hang | ID = 1002 Description = Hanging application RawCopy_1_2_WinAll.exe, version 1.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/10/2010 4:00:28 AM | Computer Name = 1DCGCC1 | Source = Application Hang | ID = 1002 Description = Hanging application Wow.exe, version 3.3.5.12340, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/10/2010 6:04:55 AM | Computer Name = 1DCGCC1 | Source = ESENT | ID = 494 Description = wuauclt (1492) Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which is no longer present. The database was not brought to a consistent state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, please contact PSS for further instructions regarding the steps required in order to allow recovery to proceed without this database. Error - 12/10/2010 6:04:55 AM | Computer Name = 1DCGCC1 | Source = ESENT | ID = 454 Description = wuauclt (1492) Database recovery/restore failed with unexpected error -1216. Error - 12/13/2010 8:39:28 PM | Computer Name = 1DCGCC1 | Source = Bonjour Service | ID = 100 Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 12/17/2010 3:02:01 AM | Computer Name = 1DCGCC1 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/17/2010 3:02:04 AM | Computer Name = 1DCGCC1 | Source = Application Hang | ID = 1001 Description = Fault bucket -2084660477. Error - 12/19/2010 3:45:01 AM | Computer Name = 1DCGCC1 | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.50.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/19/2010 8:39:10 PM | Computer Name = 1DCGCC1 | Source = Bonjour Service | ID = 100 Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) [ System Events ] Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:27 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/19/2010 3:58:28 AM | Computer Name = 1DCGCC1 | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 < End of report >