OTL Extras logfile created on: 2012-08-16 17:56:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ania\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,78% Memory free 3,99 Gb Paging File | 3,29 Gb Available in Paging File | 82,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,12 Gb Total Space | 77,02 Gb Free Space | 34,52% Space Free | Partition Type: NTFS Computer Name: ANIA-PC | User Name: Ania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03EF8DFF-3FFF-4EC1-8C30-73D9C58B522D}" = lport=137 | protocol=17 | dir=in | app=system | "{217B0DF7-B875-4C88-A6EB-B092113C6097}" = rport=10243 | protocol=6 | dir=out | app=system | "{27B0667D-4445-4CEE-BA80-C1AAB595E830}" = lport=139 | protocol=6 | dir=in | app=system | "{421F2D27-2394-4E56-B5BF-65E9A1BCCAFE}" = lport=138 | protocol=17 | dir=in | app=system | "{46A6BA7E-56D6-4CEC-BD40-8F23ED894927}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{48273C8A-C3B9-4F25-84A3-1E1D5249E5E7}" = lport=10243 | protocol=6 | dir=in | app=system | "{500D1F2C-AF53-4534-9525-819A833A9244}" = rport=445 | protocol=6 | dir=out | app=system | "{537DD651-2E58-4E29-AFDC-2510F50540D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6464B4E7-71FA-4274-A0C5-2D077C974E8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{66476384-22A8-4C41-9A09-71CB36083FC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{66BE776F-A4E4-4AE4-8685-85D365ABEA01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{695637BC-5188-4208-825D-FA933FD0C476}" = rport=138 | protocol=17 | dir=out | app=system | "{736DD16C-2533-458E-81B5-0B4FB3337093}" = rport=139 | protocol=6 | dir=out | app=system | "{76D77B79-38E8-4554-87D1-FE5A705E2D92}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9721BC8F-BE4E-45AB-A9AF-174943752124}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AB0E0262-B5C0-43F1-A507-B98E7E219B25}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B92687EA-DB2A-4630-8767-08E4DF1F6CEA}" = lport=2869 | protocol=6 | dir=in | app=system | "{C8327790-E8E8-45E8-AF39-E55675E3FEA2}" = rport=137 | protocol=17 | dir=out | app=system | "{C8C48CDC-662F-4018-BCDB-6F2E5C524C5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D48BB0D0-25DA-4B3F-B40C-760E77BCABD6}" = lport=445 | protocol=6 | dir=in | app=system | "{D6860938-AECE-4D4F-A2B3-6821C458144F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1046B6E0-0504-4695-8F7B-C90AE6E7339C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2CC0DFC7-E2D6-412B-A921-63A2252A71DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2E5A9F44-4D93-4F42-BB8C-24E083BA9BEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{337D7DE9-436B-40A7-B535-55807D33C52B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3BFEDA46-9ADD-4B73-A3BA-E5275B3606B0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{46F7ED2D-ED5C-4DA1-9878-FFBEBA1481F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4E12D0FB-B4CC-496A-AE1F-462374BCEDB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{55CA566B-A184-4FEF-AAFC-4F140206C3A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{68CFD9B7-D330-436E-BCFB-74AEA5E23F0C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{94FC254E-A02F-41A6-B4CC-18BAA064E847}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{98FF8935-E9E7-4F0A-9066-C9688783D4E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC0A553A-36CA-44E3-84E9-AECC36B21795}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BEC9C2DC-3832-4EB4-9850-FC77B7DF6444}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E368A068-4671-4471-8903-A6B7DDC50506}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EF1E8780-F8AB-4955-A792-F147311EFBFA}" = protocol=6 | dir=out | app=system | "{F32276B8-059A-48B4-AF19-A8451A48B600}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F79E7A9B-F2EE-47AD-A41E-62EC17D492E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FC6352C1-8449-4D01-A97F-94B20F0FE714}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{53826A34-7412-46CB-ABA9-3868FD69006C}D:\bie\crack2\w7lxe.exe" = protocol=6 | dir=in | app=d:\bie\crack2\w7lxe.exe | "TCP Query User{5B70C2AC-A1C4-4840-A5A3-9649BF7092B9}C:\users\ania\appdata\local\temp\kmsemul.exe" = protocol=6 | dir=in | app=c:\users\ania\appdata\local\temp\kmsemul.exe | "TCP Query User{6D8D61D0-E982-445B-B03E-7BE3A449C7C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{3B9F18A8-220F-42B0-B36F-10F53C5AFE7F}C:\users\ania\appdata\local\temp\kmsemul.exe" = protocol=17 | dir=in | app=c:\users\ania\appdata\local\temp\kmsemul.exe | "UDP Query User{9CE69ECD-A9C3-4227-8E01-2E2E3C323E5C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{AD34F24A-5390-4986-900B-ED2FE77C829A}D:\bie\crack2\w7lxe.exe" = protocol=17 | dir=in | app=d:\bie\crack2\w7lxe.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Driver Checker_is1" = Driver Checker v2.7.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 16.0.2 (x86 pl)" = Mozilla Firefox 16.0.2 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "PS3 Media Server" = PS3 Media Server "uTorrent" = µTorrent "uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar "VLC media player" = VLC media player 2.0.4 "WinRAR archiver" = WinRAR 4.20 (32-bitowy) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-10-30 05:50:07 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-10-30 06:32:45 | Computer Name = Ania-PC | Source = Application Error | ID = 1000 Description = Faulting application name: firefox.exe, version: 16.0.2.4680, time stamp: 0x50882871 Faulting module name: xul.dll, version: 16.0.2.4680, time stamp: 0x508827d6 Exception code: 0xc0000005 Fault offset: 0x00130ef7 Faulting process id: 0x4b4 Faulting application start time: 0x01cdb689d3ba45e7 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla Firefox\xul.dll Report Id: 23e30af6-227d-11e2-98ed-001f16aac250 Error - 2012-10-30 16:28:32 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-10-31 03:27:09 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-10-31 07:09:51 | Computer Name = Ania-PC | Source = Application Error | ID = 1000 Description = Faulting application name: firefox.exe, version: 16.0.2.4680, time stamp: 0x50882871 Faulting module name: xul.dll, version: 16.0.2.4680, time stamp: 0x508827d6 Exception code: 0xc0000005 Fault offset: 0x00130ef7 Faulting process id: 0x7f8 Faulting application start time: 0x01cdb745d5514dae Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla Firefox\xul.dll Report Id: 7d184517-234b-11e2-ab6c-001f16aac250 Error - 2012-10-31 12:38:34 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-11-01 13:49:18 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-11-02 05:12:44 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-11-02 15:06:30 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-11-03 05:39:50 | Computer Name = Ania-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2012-05-05 05:31:28 | Computer Name = Ania-PC | Source = Microsoft-Windows-Time-Service | ID = 34 Description = The time service has detected that the system time needs to be changed by 15379199 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.23:123) is working properly. < End of report >