OTL logfile created on: 2011-07-10 18:11:14 - Run 5
OTL by OldTimer - Version 3.2.26.1     Folder = E:\rescue\OTL
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,13% Memory free
3,85 Gb Paging File | 3,44 Gb Available in Paging File | 89,33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,55 Gb Total Space | 2,85 Gb Free Space | 11,60% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 117,13 Gb Free Space | 50,30% Space Free | Partition Type: NTFS
Drive E: | 50,01 Gb Total Space | 27,25 Gb Free Space | 54,48% Space Free | Partition Type: NTFS
 
Computer Name: ARS | User Name: Mateusz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 180 Days
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment >[/color]
"ComSpec" = %SystemRoot%\system32\cmd.exe -- [2008-04-14 23:51:10 | 000,396,288 | ---- | M] (Microsoft Corporation)
"FP_NO_HOST_CHECK" = NO
"NUMBER_OF_PROCESSORS" = 1
"OS" = Windows_NT
"Path" = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\QuickTime\QTSystem
"PATHEXT" = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE" = x86
"PROCESSOR_IDENTIFIER" = x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL" = 15
"PROCESSOR_REVISION" = 4f02
"TEMP" = %SystemRoot%\TEMP -- [2011-07-10 18:04:30 | 000,000,000 | ---D | M]
"TMP" = %SystemRoot%\TEMP -- [2011-07-10 18:04:30 | 000,000,000 | ---D | M]
"windir" = %SystemRoot% -- [2011-07-09 12:07:11 | 000,000,000 | ---D | M]
"CLASSPATH" = .;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA" = C:\Program Files\Java\jre6\lib\ext\QTJava.zip -- [2010-09-08 11:17:38 | 000,935,850 | ---- | M] ()
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers >[/color]
"VDD" =  [binary data]
 
 
[color=#A23BEC]< MD5 for: COMMAND.COM  >[/color]
[2001-08-17 13:32:04 | 000,050,620 | ---- | M] () MD5=BE67D29CA914DE072D9971E3FFFC4050 -- C:\WINDOWS\system32\command.com
 
[color=#A23BEC]< MD5 for: NTDOS.SYS  >[/color]
[2001-10-26 20:15:04 | 000,027,898 | ---- | M] () MD5=CFF364CC2CBEC781C2565144B1225915 -- C:\WINDOWS\system32\dllcache\ntdos.sys
[2001-10-26 20:15:04 | 000,027,898 | ---- | M] () MD5=CFF364CC2CBEC781C2565144B1225915 -- C:\WINDOWS\system32\ntdos.sys
 
[color=#A23BEC]< MD5 for: NTDOS404.SYS  >[/color]
[2001-08-18 01:31:46 | 000,029,146 | ---- | M] () MD5=CF9ED169FF86D935E47999E82359E898 -- C:\WINDOWS\system32\dllcache\ntdos404.sys
[2001-08-18 01:31:46 | 000,029,146 | ---- | M] () MD5=CF9ED169FF86D935E47999E82359E898 -- C:\WINDOWS\system32\ntdos404.sys
 
[color=#A23BEC]< MD5 for: NTDOS411.SYS  >[/color]
[2001-08-18 01:31:46 | 000,029,370 | ---- | M] () MD5=03B945AC0481CD8BB161C3569D8ED1C3 -- C:\WINDOWS\system32\dllcache\ntdos411.sys
[2001-08-18 01:31:46 | 000,029,370 | ---- | M] () MD5=03B945AC0481CD8BB161C3569D8ED1C3 -- C:\WINDOWS\system32\ntdos411.sys
 
[color=#A23BEC]< MD5 for: NTDOS412.SYS  >[/color]
[2001-08-18 01:31:50 | 000,029,274 | ---- | M] () MD5=BBC957DC18C17CC027EB80B7C77F2AEA -- C:\WINDOWS\system32\dllcache\ntdos412.sys
[2001-08-18 01:31:50 | 000,029,274 | ---- | M] () MD5=BBC957DC18C17CC027EB80B7C77F2AEA -- C:\WINDOWS\system32\ntdos412.sys
 
[color=#A23BEC]< MD5 for: NTDOS804.SYS  >[/color]
[2001-08-18 01:31:44 | 000,029,146 | ---- | M] () MD5=3CFFAEFFF23B0D208214A6D3061A5B1B -- C:\WINDOWS\system32\dllcache\ntdos804.sys
[2001-08-18 01:31:44 | 000,029,146 | ---- | M] () MD5=3CFFAEFFF23B0D208214A6D3061A5B1B -- C:\WINDOWS\system32\ntdos804.sys
 
[color=#A23BEC]< MD5 for: NTIO.SYS  >[/color]
[2008-04-13 23:19:58 | 000,033,936 | ---- | M] () MD5=23F6170163311DAB8E67AE610AB98D12 -- C:\WINDOWS\ServicePackFiles\i386\ntio.sys
[2004-08-03 22:45:34 | 000,033,936 | ---- | M] () MD5=23F6170163311DAB8E67AE610AB98D12 -- C:\WINDOWS\system32\dllcache\ntio.sys
[2004-08-03 22:45:34 | 000,033,936 | ---- | M] () MD5=23F6170163311DAB8E67AE610AB98D12 -- C:\WINDOWS\system32\ntio.sys
 
[color=#A23BEC]< MD5 for: NTIO404.SYS  >[/color]
[2008-04-13 23:19:44 | 000,034,560 | ---- | M] () MD5=6F73F50162DEF60C84B725C18CD9140F -- C:\WINDOWS\ServicePackFiles\i386\ntio404.sys
[2004-08-03 22:45:16 | 000,034,560 | ---- | M] () MD5=6F73F50162DEF60C84B725C18CD9140F -- C:\WINDOWS\system32\dllcache\ntio404.sys
[2004-08-03 22:45:16 | 000,034,560 | ---- | M] () MD5=6F73F50162DEF60C84B725C18CD9140F -- C:\WINDOWS\system32\ntio404.sys
 
[color=#A23BEC]< MD5 for: NTIO411.SYS  >[/color]
[2008-04-13 23:19:40 | 000,035,648 | ---- | M] () MD5=0FDD5E69C1FF3B58043D44F2CC743D45 -- C:\WINDOWS\ServicePackFiles\i386\ntio411.sys
[2004-08-03 22:45:12 | 000,035,648 | ---- | M] () MD5=0FDD5E69C1FF3B58043D44F2CC743D45 -- C:\WINDOWS\system32\dllcache\ntio411.sys
[2004-08-03 22:45:12 | 000,035,648 | ---- | M] () MD5=0FDD5E69C1FF3B58043D44F2CC743D45 -- C:\WINDOWS\system32\ntio411.sys
 
[color=#A23BEC]< MD5 for: NTIO412.SYS  >[/color]
[2008-04-13 23:19:44 | 000,035,424 | ---- | M] () MD5=8842837C4D8311BF8E72BEE8CCC42217 -- C:\WINDOWS\ServicePackFiles\i386\ntio412.sys
[2004-08-03 22:45:16 | 000,035,424 | ---- | M] () MD5=8842837C4D8311BF8E72BEE8CCC42217 -- C:\WINDOWS\system32\dllcache\ntio412.sys
[2004-08-03 22:45:16 | 000,035,424 | ---- | M] () MD5=8842837C4D8311BF8E72BEE8CCC42217 -- C:\WINDOWS\system32\ntio412.sys
 
[color=#A23BEC]< MD5 for: NTIO804.SYS  >[/color]
[2008-04-13 23:19:42 | 000,034,560 | ---- | M] () MD5=6B56CEB3C6F9D5CD7293DBD9FE23B311 -- C:\WINDOWS\ServicePackFiles\i386\ntio804.sys
[2004-08-03 22:45:14 | 000,034,560 | ---- | M] () MD5=6B56CEB3C6F9D5CD7293DBD9FE23B311 -- C:\WINDOWS\system32\dllcache\ntio804.sys
[2004-08-03 22:45:14 | 000,034,560 | ---- | M] () MD5=6B56CEB3C6F9D5CD7293DBD9FE23B311 -- C:\WINDOWS\system32\ntio804.sys
 
[color=#A23BEC]< MD5 for: NTVDM.EXE  >[/color]
[2004-08-04 00:44:26 | 000,420,352 | ---- | M] (Microsoft Corporation) MD5=BF875D3929327A328230C60602AFE92B -- C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe
[2008-04-14 23:51:36 | 000,421,376 | ---- | M] (Microsoft Corporation) MD5=E7306BF4E841FD76EFE6276BE2617128 -- C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
[2008-04-14 23:51:36 | 000,421,376 | ---- | M] (Microsoft Corporation) MD5=E7306BF4E841FD76EFE6276BE2617128 -- C:\WINDOWS\system32\ntvdm.exe
 
[color=#A23BEC]< MD5 for: REDIR.EXE  >[/color]
[2008-04-13 23:22:36 | 000,003,346 | ---- | M] () MD5=7149C0DF1A682BA0D70F955F2FC6823E -- C:\WINDOWS\ServicePackFiles\i386\redir.exe
[2004-08-03 22:48:52 | 000,003,346 | ---- | M] () MD5=7149C0DF1A682BA0D70F955F2FC6823E -- C:\WINDOWS\system32\dllcache\redir.exe
[2004-08-03 22:48:52 | 000,003,346 | ---- | M] () MD5=7149C0DF1A682BA0D70F955F2FC6823E -- C:\WINDOWS\system32\redir.exe
 
[color=#A23BEC]< type C:\Windows\system32\autoexec.nt /C >[/color]
@echo off
REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment.
REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a
REM different startup file is specified in an application's PIF.
REM Install CD ROM extensions
lh %SystemRoot%\system32\mscdexnt.exe
REM Install network redirector (load before dosx.exe)
lh %SystemRoot%\system32\redir
REM Install DPMI support
lh %SystemRoot%\system32\dosx
REM The following line enables Sound Blaster 2.0 support on NTVDM.
REM The command for setting the BLASTER environment is as follows:
REM    SET BLASTER=A220 I5 D1 P330
REM    where:
REM        A    specifies the sound blaster's base I/O port
REM        I    specifies the interrupt request line
REM        D    specifies the 8-bit DMA channel
REM        P    specifies the MPU-401 base I/O port
REM        T    specifies the type of sound blaster card
REM                 1 - Sound Blaster 1.5
REM                 2 - Sound Blaster Pro I
REM                 3 - Sound Blaster 2.0
REM                 4 - Sound Blaster Pro II
REM                 6 - SOund Blaster 16/AWE 32/32/64
REM
REM    The default value is A220 I5 D1 T3 and P330.  If any of the switches is
REM    left unspecified, the default value will be used. (NOTE, since all the
REM    ports are virtualized, the information provided here does not have to
REM    match the real hardware setting.)  NTVDM supports Sound Blaster 2.0 only.
REM    The T switch must be set to 3, if specified.
SET BLASTER=A220 I5 D1 P330 T3
REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid
REM SB base I/O port address.  For example:
REM    SET BLASTER=A0
 
[color=#A23BEC]< type C:\Windows\system32\config.nt /C >[/color]
REM Windows MS-DOS Startup File
REM
REM CONFIG.SYS vs CONFIG.NT
REM CONFIG.SYS is not used to initialize the MS-DOS environment.
REM CONFIG.NT is used to initialize the MS-DOS environment unless a
REM different startup file is specified in an application's PIF.
REM
REM ECHOCONFIG
REM By default, no information is displayed when the MS-DOS environment
REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add
REM the command echoconfig to CONFIG.NT or other startup file.
REM
REM NTCMDPROMPT
REM When you return to the command prompt from a TSR or while running an
REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the
REM TSR to remain active. To run CMD.EXE, the Windows command prompt,
REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or
REM other startup file.
REM
REM DOSONLY
REM By default, you can start any type of application when running
REM COMMAND.COM. If you start an application other than an MS-DOS-based
REM application, any running TSR may be disrupted. To ensure that only
REM MS-DOS-based applications can be started, add the command dosonly to
REM CONFIG.NT or other startup file.
REM
REM EMM
REM You can use EMM command line to configure EMM(Expanded Memory Manager).
REM The syntax is:
REM
REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM]
REM
REM     AltRegSets
REM         specifies the total Alternative Mapping Register Sets you
REM         want the system to support. 1 <= AltRegSets <= 255. The
REM         default value is 8.
REM     BaseSegment
REM         specifies the starting segment address in the Dos conventional
REM         memory you want the system to allocate for EMM page frames.
REM         The value must be given in Hexdecimal.
REM         0x1000 <= BaseSegment <= 0x4000. The value is rounded down to
REM         16KB boundary. The default value is 0x4000
REM     RAM
REM         specifies that the system should only allocate 64Kb address
REM         space from the Upper Memory Block(UMB) area for EMM page frames
REM         and leave the rests(if available) to be used by DOS to support
REM         loadhigh and devicehigh commands. The system, by default, would
REM         allocate all possible and available UMB for page frames.
REM
REM     The EMM size is determined by pif file(either the one associated
REM     with your application or _default.pif). If the size from PIF file
REM     is zero, EMM will be disabled and the EMM line will be ignored.
REM
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

< End of report >