OTL Extras logfile created on: 2012-08-02 17:47:21 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\megi\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16945) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1013,50 Mb Total Physical Memory | 254,04 Mb Available Physical Memory | 25,07% Memory free 2,22 Gb Paging File | 0,88 Gb Available in Paging File | 39,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 52,65 Gb Total Space | 5,77 Gb Free Space | 10,95% Space Free | Partition Type: NTFS Drive D: | 52,31 Gb Total Space | 4,40 Gb Free Space | 8,41% Space Free | Partition Type: NTFS Computer Name: MAGDA | User Name: megi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F6F863F-6838-4EA7-8933-C0970B97D4C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{21CB8A67-0F4B-46F5-B6E4-605129A00256}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D946974D-1966-40D3-8C84-9DADDB3F88CF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DA0755EE-CE2E-4DF1-B67B-293732621E6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3AE39ACA-4C07-409B-9B57-72A85A0697E5}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{50CA11EE-77AA-481D-B3B4-219802FF064A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{5E3D63AE-DE8F-4A43-8136-E19A1C56E7D4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{754DE6A3-9C08-4A4C-9034-0F3F41AE7A5D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{765FC783-0430-4E05-8647-2ADE3906D991}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{83500BC8-61D1-4C6C-A7FE-2622520E9201}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{9133734B-20E4-4025-B3D5-C64A9EF90745}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D75994B-B414-41ED-AE0F-8A490AE697EC}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{CCBCE597-D1F3-4E2B-AAA7-CE041100E96C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{F611222F-7735-49A9-B669-10CBF2CD37BB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{F70CB77B-38BC-4A2A-92F6-1FB825B28088}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "TCP Query User{22B81069-76E5-47D3-A257-05BB2DD33AE3}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | "TCP Query User{2558D5A6-9D61-4E92-95A2-A3A0F34E196D}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{34F7025F-54E5-4313-9726-93FBECE105A5}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{704095C3-E43B-4EDD-BA46-045E7F864490}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{C5A3A208-4422-48D6-A43C-22DFA4B6F81E}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{7AD872B6-6EB0-4E4F-8097-775CEFB558B4}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{7FD8D475-3712-4FDE-8076-5EE9BAEDB662}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{9EA9C312-745B-46B3-B13B-D2BA7A86ED51}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{CF1DE7C3-93E3-42C8-86BE-C91610F8250B}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | "UDP Query User{D5ABE73B-D000-4A8B-93B9-BA0AD4909B61}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam "{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}" = OpenOffice.org 3.1 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pakiet sterowników systemu Windows - Nokia Modem (10/12/2007 3.6) "819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Pakiet sterowników systemu Windows - Nokia Modem (08/03/2007 6.84.0.2) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer V3.1_is1" = ALLPlayer V3.X "Ares" = Ares 2.1.7 "avast" = avast! Free Antivirus "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pakiet sterowników systemu Windows - Nokia Modem (03/05/2008 3.7) "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "Gadu-Gadu" = Gadu-Gadu 7.7 "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "HDMI" = Intel(R) Graphics Media Accelerator Driver "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full) "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "RealAlt_is1" = Real Alternative 1.8.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = Archiwizator WinRAR "WMV9_VCM" = Microsoft Windows Media Video 9 VCM [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2009-08-23 14:05:51 | Computer Name = magda | Source = SecurityCenter | ID = 3 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy. Error - 2009-08-23 14:13:33 | Computer Name = magda | Source = SecurityCenter | ID = 3 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy. Error - 2009-08-23 14:20:48 | Computer Name = magda | Source = MsiInstaller | ID = 11704 Description = Error - 2009-08-23 14:32:05 | Computer Name = magda | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2009-08-23 14:32:43 | Computer Name = magda | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2009-08-23 14:33:21 | Computer Name = magda | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2009-08-23 14:33:49 | Computer Name = magda | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2009-08-24 15:52:25 | Computer Name = magda | Source = SecurityCenter | ID = 3 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy. Error - 2009-08-27 17:28:21 | Computer Name = magda | Source = SecurityCenter | ID = 3 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy. Error - 2009-08-29 11:57:17 | Computer Name = magda | Source = SecurityCenter | ID = 3 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend dotyczących zdarzeń z usługi WMI, aby monitorować program antywirusowy, program antyszpiegowski i zaporę innej firmy. [ System Events ] Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:45 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:46 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-08-02 10:37:46 | Computer Name = magda | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report >