OTL Extras logfile created on: 2011-10-01 18:17:30 - Run 2 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Artur\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,59% Memory free 3,85 Gb Paging File | 3,49 Gb Available in Paging File | 90,66% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 36,27 Gb Free Space | 61,89% Space Free | Partition Type: NTFS Drive D: | 426,48 Gb Total Space | 0,86 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive F: | 446,42 Gb Total Space | 85,45 Gb Free Space | 19,14% Space Free | Partition Type: NTFS Computer Name: PRIVATE | User Name: Artur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-1085031214-839522115-682003330-1003\SOFTWARE\Classes\] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows "80:TCP" = 80:TCP:*:Disabled:Zdalne zarządzanie systemem Windows — tryb zgodności (ruch przychodzący HTTP) "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "5900:TCP" = 5900:TCP:*:Enabled:vnc5900 "5800:TCP" = 5800:TCP:*:Enabled:vnc5800 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\K2T\WTW\wtw.exe" = C:\Program Files\K2T\WTW\wtw.exe:*:Enabled:WTW Instant Messenger -- (K2T.eu, Kaworu) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary "C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC) "C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC) "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater "C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW 0.8.12.2750 "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 "{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0E77E-7F00-0AE3-35ED-2D1B1C048E4A}" = ATI Catalyst Install Manager "{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper wersja 3.1.0 "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{888C6BAB-729D-FF8A-1856-F2A58A702C1C}" = ATI Problem Report Wizard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{90140011-0061-0415-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Polski "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C96AA90C-9DE0-4C37-92F2-49CC3FE8C330}" = Nokia Software Updater "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite "{D385C907-19E0-4CF7-82C1-A597B8558853}" = Watchtower Library 2010 - wydanie polskie "{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer "{DE1DDAC8-0451-4F16-B63D-B72FBCBC9BF6}" = Febooti fileTweak Hash and CRC "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "72A50F48CC5601190B9C4E74D81161693133E7F7" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) "7-Zip" = 7-Zip 9.22beta "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ATI Display Driver" = ATI Display Driver "AviSynth" = AviSynth 2.5 "CCleaner" = CCleaner "CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only) "E0AC723A3DE3A04256288CADBBB011B112AED454" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) "ffdshow_is1" = ffdshow v1.1.3984 [2011-09-22] "HaaliMkx" = Haali Media Splitter "ie8" = Windows Internet Explorer 8 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "JDownloader" = JDownloader "Mamutu_is1" = Mamutu 3.0 "MediaInfo" = MediaInfo 0.7.49 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "MKVtoolnix" = MKVtoolnix 3.3.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "nLite_is1" = nLite 1.4.9.1 "Nokia PC Suite" = Nokia PC Suite "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "Opera 11.51.1087" = Opera 11.51 "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software "Software Informer_is1" = Software Informer 1.1 "SubtitleWorkshop" = Subtitle Workshop 2.51 "The KMPlayer" = The KMPlayer (remove only) "Ultravnc2_is1" = UltraVnc "VLC media player" = VLC media player 1.1.11 "WAssociate_is1" = WAssociate 3.4.4 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "winscp3_is1" = WinSCP 4.3.5 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wondershare LiveBoot 2012_is1" = Wondershare LiveBoot 2012 (Build 7.0.1) "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1085031214-839522115-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Analog Clock" = Analog Clock "friskyRadio1050" = friskyRadio1050 "RMF RDS" = RMF RDS [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-09-24 14:15:34 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=FDC:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:35 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=FDC:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:35 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=FDC:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:36 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=FDC:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:36 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=FDC:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:40 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=FDC:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:41 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=FDC:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:44 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=B08:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-24 14:15:53 | Computer Name = PRIVATE | Source = Application Virtualization Client | ID = 3001 Description = {tid=B08:usr=Artur} CSuite::access_check failed, IsTokenRestricted=TRUE. Error - 2011-09-30 21:05:10 | Computer Name = PRIVATE | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca OTL.exe, wersja 3.2.29.1, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2011-10-01 05:47:54 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:47:54 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:47:54 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:47:58 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:47:59 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:47:59 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:47:59 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:47:59 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:56:50 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. Error - 2011-10-01 05:56:50 | Computer Name = PRIVATE | Source = nvgts | ID = 262149 Description = Na \Device\Scsi\nvgts1 został wykryty błąd parzystości. < End of report >