OTL Extras logfile created on: 7/12/2012 8:12:41 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502.00 Mb Total Physical Memory | 282.00 Mb Available Physical Memory | 56.00% Memory free 454.00 Mb Paging File | 317.00 Mb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.80 Gb Total Space | 5.20 Gb Free Space | 9.32% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Odkurz tutaj] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "29999:TCP" = 29999:TCP:*:Enabled:Trend Micro OfficeScan Listener "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\DOCUME~1\akakel\USTAWI~1\Temp\RarSFX0\SwiApiMux.exe" = C:\DOCUME~1\akakel\USTAWI~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMuxX.exe" = C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX "C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX "C:\WINDOWS\system32\r_server.exe" = C:\WINDOWS\system32\r_server.exe:*:Enabled:r_server -- () "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00020415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard "{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30 "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade "{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90120415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{BE40EC9E-9466-4288-916D-C1D6C13F4A40}" = upekmsi "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDD4761A-3D3F-4487-9AAF-7855A36E0D31}" = Wave Infrastructure Installer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0 "{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad "{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EE2EE62C-E27D-486A-AF6D-FA4A06E67476}" = Preboot Manager "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems "{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "BlackBerry_Desktop" = BlackBerry Desktop Software 7.0 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "ffdshow_is1" = ffdshow v1.1.3984 [2011-09-22] "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "HaaliMkx" = Haali Media Splitter "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OfficeScanNT" = Trend Micro OfficeScan Client "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Sunbelt Remote Administrator v2.1" = Sunbelt Remote Administrator v2.1 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\akakel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Live Security Platinum" = Live Security Platinum < End of report >