OTL Extras logfile created on: 2011-08-13 14:50:19 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\ Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 254,41 Mb Total Physical Memory | 72,46 Mb Available Physical Memory | 28,48% Memory free 624,96 Mb Paging File | 416,16 Mb Available in Paging File | 66,59% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,63 Gb Total Space | 0,58 Gb Free Space | 3,11% Space Free | Partition Type: NTFS Computer Name: JOKO-7966C40E56 | User Name: Trzy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiSpywareOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive) "C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo "C:\Program Files\OO Software\Defrag\oodag.exe" = C:\Program Files\OO Software\Defrag\oodag.exe:*:Enabled:O&O Defrag Agent (Win32) "C:\Program Files\Screamer Radio\screamer.exe" = C:\Program Files\Screamer Radio\screamer.exe:*:Enabled:Screamer Radio -- (Steamcore.se) "C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Documents and Settings\Trzy\Pulpit\TDSSKiller.exe" = C:\Documents and Settings\Trzy\Pulpit\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool -- () "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- () "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Documents and Settings\Trzy\Ustawienia lokalne\Temp\fsonlinescanner.exe" = C:\Documents and Settings\Trzy\Ustawienia lokalne\Temp\fsonlinescanner.exe:*:Enabled:F-Secure Online Scanner -- (F-Secure Corporation) "C:\Program Files\AVAST Software\Avast\Setup\avast.setup" = C:\Program Files\AVAST Software\Avast\Setup\avast.setup:*:Enabled:avast! antivirus Update [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{033FAD4E-C48B-11D5-BCEF-005004748D87}" = 64x Drivers "{0773A806-0853-4B4D-8771-55BEF03E242B}" = Dell OpenManage Client Instrumentation "{0780B80B-7B91-42AA-95CF-61387CA9933F}" = SekretNIK "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11 "{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1 "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{481EA8F8-CAC0-4137-9CF8-DD0297593E61}" = TP-LINK Wireless Client Utility "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{771150EF-63F1-11D6-B60A-0800460222F0}" = Conexant-Ambit® SoftK56 Data/Fax Modem Driver for Microsoft® Windows® XP & 2000 "{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}" = Sagem Wi-Fi 11g USB adapter (utility) "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime "{E6E88DF4-E0F1-4AA7-912D-74223AA6B70F}" = DriverScan "{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp "7-Zip" = 7-Zip 4.58 beta "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audacity_is1" = Audacity 1.2.6 "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem "Defraggler" = Defraggler "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "Football Manager 2008" = Football Manager 2008 "Gadu-Gadu 10" = Gadu-Gadu 10 "HijackThis" = HijackThis 2.0.2 "I8kfanGUI" = I8kfanGUI V3.1 "Icy Tower v1.3.1_is1" = Icy Tower v1.3.1 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18) "RAR Password Cracker" = RAR Password Cracker 4.12 "Registry Shower 2007_is1" = Registry Shower 2007 3.4M "SubEdit-Player_is1" = SubEdit-Player "uTorrent" = µTorrent "wList" = wList 2.1.0 "Xvid_is1" = Xvid 1.2.1 final uninstall [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2052111302-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ System Events ] Error - 2011-08-13 08:11:41 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:45:12 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:45:12 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:45:13 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:46:32 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:46:33 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:48:49 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:48:49 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:49:10 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-08-13 08:49:15 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 < End of report >