OTL Extras logfile created on: 2012-07-31 09:20:12 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Administrator\My Documents\Pobieranie Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 70,30% Memory free 3,27 Gb Paging File | 2,98 Gb Available in Paging File | 91,03% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 218,76 Gb Free Space | 93,94% Space Free | Partition Type: NTFS Drive D: | 2,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PL000035WSDT | User Name: hlusupport | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications] "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List] "%programfiles%\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SecureClient" = %programfiles%\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SecureClient "%programfiles%\Lundbeck\VPN Connection Utility\Hook.exe:*:enabled:Lundbeck Connection Utility" = %programfiles%\Lundbeck\VPN Connection Utility\Hook.exe:*:enabled:Lundbeck Connection Utility [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts] "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List] "6129:TCP:*:enabled:DameWare" = 6129:TCP:*:enabled:DameWare [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect "6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games) "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games) "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0184979E-227E-406D-9BEA-C0BEF21EB7AA}" = 4670 - XPSupport (XP) (s1.0c) "{06C26A92-12D1-4506-B9DD-E03A5FCF0CE7}" = 4012 - CiscoWorks (XP) (s1.0a) "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5F7A502A-D6C1-4107-AC2E-403270C1E2BC}" = 4019 - Flash Player 10.0.12.36 (XP) (s7.0a) "{83AD5E71-80C0-4818-B6E4-CA2607B6A141}" = SMS Advanced Client "{86D1B95C-7250-47FB-B4AF-AA97B40A5707}" = 4666 - I386 for WXPsp2 UK (XP) (s1.0a) "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CDC6712-AF80-459E-911F-F1E156CB0AB0}" = hp deskjet 5600 "{90110409-6000-11D3-8CFE-0150048383C9}" = 4002 - MS Office 2003 PRO (XP) (s3.0b) "{90120000-0020-0409-0000-0000000FF1CE}" = 4841 - MS Office 2007 Compatibility Pack (XP) (s1.0a) "{901F0409-6000-11D3-8CFE-0150048383C9}" = 4003 - MS Office 2003 Proofing Tools (XP) (s2.0a) "{90AE0409-6000-11D3-8CFE-0150048383C9}" = 4919 - Microsoft Organization Chart 2.0 (XP) (s1.0a) "{9F6C45FA-C00D-452B-9AC9-80815CF3CC24}" = 4896 - Enterprise Vault 2007 SP4 (XP) (s1.0b) "{A1F09A93-EDFA-44F8-A1F5-03A53D5B8DFF}" = 4632 - OrgPub PluginX 5 (XP) (s1.0b) "{A92EA644-6D44-4AC6-BA51-93B7FD137469}" = 4350 - Oracle Client 10g (xp) (s1.0a) "{A97792EC-E172-4B38-85DD-0F853599D5EF}" = 4033 - Trend Micro 7.3 (XP) (s2.0a) "{ABF91E13-D48D-4A7D-85B5-DD36A6141F7F}" = 4671 - MUI Packs IT, ES, FR, GER, PT (XP) (s1.0a) "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Dysk wspomnieniowy HP "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B6115FAB-A474-44AC-91AA-9750FDF34D45}" = 4954 - Lundbeck Wireless Certificate (XP) (s1.0a) "{C7F4A048-4A75-4B00-92BD-43EA11DA06A1}" = 4422 - Bliss Fonte (XP) (s2.0b) "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series "{E7695716-A0FD-4BF5-B778-F0071127FB4D}" = 4688 - HLUWebInstall XP (XP) (s1.0b) "{EB37357C-8A25-4DB4-953D-B63C87705C3F}" = 4794 - DameWare Agent Service 6.0 (XP) (s1.0e) "{FCCF83D9-0835-4883-BD22-C4495B98AD03}" = 4907 - Outlook Signature Code Group (XP) (s1.0a) "4968 - MS Office 2003 Pro SP3 (XP) (s1.0a)" = 4968 - MS Office 2003 Pro SP3 (XP) (s1.0a) "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "HDMI" = Intel(R) Graphics Media Accelerator Driver "hp print screen utility" = hp print screen utility "KLiteCodecPack_is1" = K-Lite Codec Pack 9.0.2 (Full) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705 "Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl) "Mozilla Thunderbird 14.0 (x86 pl)" = Mozilla Thunderbird 14.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "OfficeScanNT" = Trend Micro OfficeScan Client "RealVNC_is1" = VNC Free Edition 4.1.3 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.11 (32-bit) "WMCSetup" = Windows Media Connect [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-31 02:17:37 | Computer Name = PL000035WSDT | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 2012-07-31 02:18:58 | Computer Name = PL000035WSDT | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 2012-07-31 02:18:58 | Computer Name = PL000035WSDT | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 2012-07-31 02:21:01 | Computer Name = PL000035WSDT | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 2012-07-31 02:21:01 | Computer Name = PL000035WSDT | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 2012-07-31 02:22:18 | Computer Name = PL000035WSDT | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 2012-07-31 02:22:18 | Computer Name = PL000035WSDT | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 2012-07-31 02:28:20 | Computer Name = PL000035WSDT | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 2012-07-31 02:28:20 | Computer Name = PL000035WSDT | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 2012-07-31 02:31:11 | Computer Name = PL000035WSDT | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. [ System Events ] Error - 2012-07-31 02:22:19 | Computer Name = PL000035WSDT | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain HLUCORP due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 2012-07-31 02:28:19 | Computer Name = PL000035WSDT | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain HLUCORP due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 2012-07-31 02:28:19 | Computer Name = PL000035WSDT | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 2012-07-31 02:28:19 | Computer Name = PL000035WSDT | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 2012-07-31 02:31:10 | Computer Name = PL000035WSDT | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain HLUCORP due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 2012-07-31 02:31:46 | Computer Name = PL000035WSDT | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2012-07-31 02:32:26 | Computer Name = PL000035WSDT | Source = SRService | ID = 104 Description = The System Restore initialization process failed. Error - 2012-07-31 02:32:46 | Computer Name = PL000035WSDT | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips intelppm Error - 2012-07-31 02:32:46 | Computer Name = PL000035WSDT | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 Error - 2012-07-31 03:13:17 | Computer Name = PL000035WSDT | Source = DCOM | ID = 10016 Description = The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {135D7881-D666-4046-A1DF-7EC7B5785A67} to the user PL000035WSDT\hlusupport SID (S-1-5-21-1173438046-1813291707-1776558029-500). This security permission can be modified using the Component Services administrative tool. < End of report >