OTL Extras logfile created on: 2011-10-25 19:24:23 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Piotrek\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,99% Memory free 4,20 Gb Paging File | 3,85 Gb Available in Paging File | 91,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,78 Gb Total Space | 49,56 Gb Free Space | 48,22% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 186,24 Gb Free Space | 95,35% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 0,09 Gb Free Space | 2,52% Space Free | Partition Type: FAT32 Computer Name: PIOTREK-PC | User Name: Piotrek | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2524492288-3767872630-1049285630-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08B02F79-7CA1-4EBC-8010-4D05DD72D45D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2D8083E4-2889-4257-9D77-B7A348170093}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2DE77587-3BD9-4C5D-966A-795C35B2305E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B61B24EF-51A2-450E-B8D1-3970ED9262C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{112B53D6-5833-4292-8AFA-76C669B90323}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{29B7B511-AA42-4ABA-BBD9-C76311B362DB}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{3DDAC353-E690-4A61-B604-21FB738A02F9}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{5696781E-6BFE-4E18-BA9C-92DF0663D1CC}" = protocol=6 | dir=in | app=e:\installation\setupx.exe | "{9A8423F7-86FC-4891-8121-451E4F4C9F9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4BFD123-F54D-4212-9AF1-F7D6B994909F}" = protocol=17 | dir=in | app=e:\installation\setupx.exe | "{D2CC35A0-DC59-4161-9652-1141F581356C}" = protocol=17 | dir=in | app=c:\users\piotrek\dokumenty\utorrent.exe | "{DB94E00C-5E40-45E9-83B4-E693DCA8DBD9}" = protocol=6 | dir=in | app=c:\users\piotrek\dokumenty\utorrent.exe | "TCP Query User{0596E2F1-CB2C-4780-BF2A-38D03E10552C}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | "TCP Query User{16DEA956-6B14-4C73-B8C7-D5EE0E775A96}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{393E3632-A4B5-442A-B221-B4914C2AE5F5}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{3EE5C011-3BAD-4362-8380-4AC7D84588BA}C:\users\piotrek\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\piotrek\downloads\utorrent.exe | "TCP Query User{3FF1045A-2E47-4ACC-8D2C-05C20BBBB5A3}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | "TCP Query User{6D478315-01FA-44F5-813A-99B048D6B5BD}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{BA41C62C-A721-4855-8BE7-25E4B6087A6D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{CC8327C9-B346-4ABE-9F7B-99B37F1A6184}C:\users\piotrek\desktop\nowy folder (2)\emule.exe" = protocol=6 | dir=in | app=c:\users\piotrek\desktop\nowy folder (2)\emule.exe | "TCP Query User{E2C78B8F-F982-4EA5-AEE8-C99D09717CBF}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{0390343F-3927-4BF6-8DF9-B49D03C2BFD8}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | "UDP Query User{05B432F3-8BBF-457B-9E23-3E04190F932E}C:\users\piotrek\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\piotrek\downloads\utorrent.exe | "UDP Query User{317A8FF4-B269-48CE-87D2-BA76F1CD1E08}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{76AA4D35-CED7-4695-8630-5F088167E3A9}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | "UDP Query User{87371E64-8E5D-4D27-8197-C7BA72846177}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{9248AA63-3DAC-4F07-82EF-871895C38E05}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{CD41B4FA-52AB-48B2-9732-C48AA0AD5AA3}C:\users\piotrek\desktop\nowy folder (2)\emule.exe" = protocol=17 | dir=in | app=c:\users\piotrek\desktop\nowy folder (2)\emule.exe | "UDP Query User{DB85163F-1F7A-4D4E-A35C-EA141B43BE27}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{FEE58298-F32F-4229-8A2D-F131EA195093}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights "{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam "{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver "{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player "{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{C3CF41F1-0373-4DD7-BE99-F33B00E51045}" = Nero 7 Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite "{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ares" = Ares 2.1.7 "CCleaner" = CCleaner "Gadu-Gadu" = Gadu-Gadu 7.7 "iPlus manager_is1" = iPlus manager 2.3 "Light Sensor Utility 1.4_is1" = Light Sensor Utility 1.4 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16) "NVIDIA Drivers" = NVIDIA Drivers "PLAY ONLINE" = PLAY ONLINE "Power Manager_is1" = Power Manager 2.1.10 "QuickTime" = QuickTime "SubEdit-Player_is1" = SubEdit-Player "Winamp" = Winamp [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-08-01 09:12:04 | Computer Name = Piotrek-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2010-08-01 09:22:22 | Computer Name = Piotrek-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2010-08-01 09:33:48 | Computer Name = Piotrek-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2010-08-01 09:43:43 | Computer Name = Piotrek-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2010-06-01 15:27:08 | Computer Name = Piotrek-PC | Source = RasClient | ID = 20227 Description = Error - 2010-06-01 15:27:45 | Computer Name = Piotrek-PC | Source = RasClient | ID = 20227 Description = Error - 2010-06-01 15:27:49 | Computer Name = Piotrek-PC | Source = RasClient | ID = 20227 Description = Error - 2010-06-01 15:27:58 | Computer Name = Piotrek-PC | Source = RasClient | ID = 20227 Description = Error - 2010-06-01 15:28:21 | Computer Name = Piotrek-PC | Source = RasClient | ID = 20227 Description = Error - 2010-06-01 15:28:47 | Computer Name = Piotrek-PC | Source = RasClient | ID = 20227 Description = [ System Events ] Error - 2011-10-25 12:42:26 | Computer Name = Piotrek-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 18:40:27 na 2011-10-25 było nieoczekiwane. Error - 2011-10-25 12:42:01 | Computer Name = Piotrek-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6 Description = Error - 2011-10-25 12:42:30 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-25 12:42:36 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-25 12:42:37 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-25 12:42:37 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-25 12:42:37 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-25 12:43:11 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-25 12:43:12 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-25 13:06:24 | Computer Name = Piotrek-PC | Source = DCOM | ID = 10005 Description = < End of report >