OTL Extras logfile created on: 2013-01-07 08:43:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SpectrumBX\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1013,54 Mb Total Physical Memory | 747,70 Mb Available Physical Memory | 73,77% Memory free 2,39 Gb Paging File | 2,24 Gb Available in Paging File | 93,81% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148,93 Gb Total Space | 142,73 Gb Free Space | 95,84% Space Free | Partition Type: NTFS Drive E: | 3,73 Gb Total Space | 0,43 Gb Free Space | 11,48% Space Free | Partition Type: FAT32 Computer Name: LABST08 | User Name: SpectrumBX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation) hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext "{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation "{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 6.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0 "IR Spectroscopy Software" = IR Spectroscopy Software "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "RA915P" = RA915P "RAD_KEY_is1" = RAD_KEY [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-11-09 02:56:31 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2012-12-07 03:24:08 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2012-12-11 07:54:00 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2012-12-12 03:23:42 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2012-12-12 03:31:33 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2012-12-13 03:27:31 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2012-12-14 06:05:59 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2012-12-20 06:15:37 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2013-01-04 02:46:26 | Computer Name = LABST08 | Source = Application Error | ID = 1000 Description = Faulting application temp2.exe, version 0.0.0.0, faulting module temp2.exe, version 0.0.0.0, fault address 0x0000126e. Error - 2013-01-04 04:55:57 | Computer Name = LABST08 | Source = Broadcom ASF IP Monitor | ID = 0 Description = !ERROR 53 Refreshing BMAPI data [ System Events ] Error - 2012-12-14 08:04:31 | Computer Name = LABST08 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 2012-12-14 08:04:31 | Computer Name = LABST08 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time. Error - 2012-12-20 06:55:36 | Computer Name = LABST08 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 2012-12-20 06:55:36 | Computer Name = LABST08 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 2012-12-20 07:10:36 | Computer Name = LABST08 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 2012-12-20 07:10:36 | Computer Name = LABST08 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time. Error - 2012-12-20 07:40:36 | Computer Name = LABST08 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 2012-12-20 07:40:36 | Computer Name = LABST08 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time. Error - 2013-01-04 05:27:14 | Computer Name = LABST08 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 2013-01-04 05:27:14 | Computer Name = LABST08 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. < End of report >