OTL Extras logfile created on: 6/17/2011 3:08:25 PM - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Karen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 66.04% Memory free 6.20 Gb Paging File | 4.81 Gb Available in Paging File | 77.68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 456.52 Gb Total Space | 347.08 Gb Free Space | 76.03% Space Free | Partition Type: NTFS Drive D: | 9.24 Gb Total Space | 1.25 Gb Free Space | 13.50% Space Free | Partition Type: NTFS Computer Name: HOME-COMPUTER | User Name: Karen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E98F33-552B-497D-9152-1E4AA7E3D66D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{08EFAF93-B3E0-4F59-9F8B-BE71CB603CA2}" = dir=in | app=c:\program files\itunes\itunes.exe | "{0B1D2605-F23B-4B15-AD92-72A6A8E43CCB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{16AB5610-7CEE-4D33-B3AA-4DEF4CC1ABCD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{190EFC28-BBAB-42B7-B1A7-6C9F98CF122C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{1C309689-D35F-4698-B924-F05E1315B22A}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{1FAE04C9-E590-4C4E-8B50-1D91C4C4AA56}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{3ADC0D61-0236-4732-9C98-BC859CCD336F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{43DD6BF7-7628-47FD-89C5-03996974329B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{73DAE23F-8DCE-48C6-9F88-653778C7F931}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{74CB7EC8-3791-4EEE-8638-96BA722B48C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{87827DFB-8D14-4CF9-A21E-16BC504F62CF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{A26CA2C6-6CE3-4DE9-9DBC-95DB3F217A85}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{ADF403AE-14A0-454B-8D08-F241D4DD0239}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{B036F269-E276-4C91-B8BD-CC14B1911C33}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{E31E678E-EED8-4428-985F-F48CA42851E9}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{F88B36CB-D3D2-47C4-B44C-30D477395480}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{49F489E9-901E-48AB-8CCA-27B62F11C0BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{649B498A-07DA-4BBF-87DA-95D24546CF41}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{3E89A81A-E374-43AE-8E7A-2C1A84F75892}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{B20BF9EA-3B20-4BAE-B17E-E65CDF80E61B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A379E7A-22ED-44FF-9293-E393D704505D}" = HP Demo "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software "{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32 "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "eMusic Download Manager" = eMusic Download Manager 4.1.4 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Photosmart Essential" = HP Photosmart Essential 2.5 "InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video "Keyboarding Pro 4" = Keyboarding Pro 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Monopoly" = Monopoly "MSNINST" = MSN "Network Play System (Patching)" = Network Play System (Patching) "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "Philips Songbird" = Philips Songbird "Plants vs. Zombies" = Plants vs. Zombies "Registry Mechanic_is1" = Registry Mechanic 10.0 "Trophy Bass 3D Demo" = Trophy Bass 3D Demo [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2646239008-2084633532-2222816099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Karen [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 6/16/2011 10:59:04 AM | Computer Name = Home-Computer | Source = Application Hang | ID = 1002 Description = The program javaw.exe version 6.0.230.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 149c Start Time: 01cc2c35d07bb9c0 Termination Time: 28 Error - 6/16/2011 1:22:09 PM | Computer Name = Home-Computer | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module jscript9.dll, version 9.0.8112.16430, time stamp 0x4db210d4, exception code 0xc0000005, fault offset 0x0001369a, process id 0x17e8, application start time 0x01cc2c46ebe380b0. Error - 6/17/2011 8:36:36 AM | Computer Name = Home-Computer | Source = EventSystem | ID = 4609 Description = Error - 6/17/2011 8:37:31 AM | Computer Name = Home-Computer | Source = WinMgmt | ID = 10 Description = Error - 6/17/2011 9:01:43 AM | Computer Name = Home-Computer | Source = WinMgmt | ID = 10 Description = Error - 6/17/2011 9:16:41 AM | Computer Name = Home-Computer | Source = Perflib | ID = 1010 Description = Error - 6/17/2011 9:16:42 AM | Computer Name = Home-Computer | Source = Perflib | ID = 1008 Description = Error - 6/17/2011 9:19:08 AM | Computer Name = Home-Computer | Source = WinMgmt | ID = 10 Description = Error - 6/17/2011 9:23:34 AM | Computer Name = Home-Computer | Source = WinMgmt | ID = 10 Description = Error - 6/17/2011 3:07:48 PM | Computer Name = Home-Computer | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.24.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: fa0 Start Time: 01cc2d20350c3e60 Termination Time: 4 [ System Events ] Error - 6/17/2011 8:36:13 AM | Computer Name = Home-Computer | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:34:15 AM on 6/17/2011 was unexpected. Error - 6/17/2011 8:36:29 AM | Computer Name = Home-Computer | Source = DCOM | ID = 10005 Description = Error - 6/17/2011 8:36:36 AM | Computer Name = Home-Computer | Source = DCOM | ID = 10005 Description = Error - 6/17/2011 8:36:37 AM | Computer Name = Home-Computer | Source = DCOM | ID = 10005 Description = Error - 6/17/2011 8:36:43 AM | Computer Name = Home-Computer | Source = DCOM | ID = 10005 Description = Error - 6/17/2011 8:37:31 AM | Computer Name = Home-Computer | Source = Service Control Manager | ID = 7001 Description = Error - 6/17/2011 8:37:31 AM | Computer Name = Home-Computer | Source = Service Control Manager | ID = 7026 Description = Error - 6/17/2011 9:16:25 AM | Computer Name = Home-Computer | Source = Service Control Manager | ID = 7006 Description = Error - 6/17/2011 9:16:25 AM | Computer Name = Home-Computer | Source = Service Control Manager | ID = 7006 Description = Error - 6/17/2011 9:16:37 AM | Computer Name = Home-Computer | Source = DCOM | ID = 10010 Description = < End of report >