OTL Extras logfile created on: 2011-09-04 17:42:56 - Run 4 OTL by OldTimer - Version 3.2.27.0 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 503,35 Mb Total Physical Memory | 119,71 Mb Available Physical Memory | 23,78% Memory free 1,20 Gb Paging File | 0,89 Gb Available in Paging File | 73,99% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 6,70 Gb Free Space | 8,99% Space Free | Partition Type: NTFS Drive G: | 3,91 Gb Total Space | 3,88 Gb Free Space | 99,26% Space Free | Partition Type: FAT32 Computer Name: CHOFF | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromium\Application\chrome.exe (Privack) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [open] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromium\Application\chrome.exe" -- "%1" (Privack) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\Heroes3.exe" = C:\Program Files\Heroes3.exe:*:Enabled:Heroes of Might and Magic® III -- (The 3DO Company) "G:\GRY\Warcraft III -PORTABLE\Warcraft III.exe" = G:\GRY\Warcraft III -PORTABLE\Warcraft III.exe:*:Enabled:Warcraft III "C:\Program Files\Spik\Spik.exe" = C:\Program Files\Spik\Spik.exe:*:Enabled:Spik -- () "H:\GRY\Warcraft III -PORTABLE\Warcraft III.exe" = H:\GRY\Warcraft III -PORTABLE\Warcraft III.exe:*:Enabled:Warcraft III "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare "C:\Program Files\zrzut\FlashGet universal\FlashGet.exe" = C:\Program Files\zrzut\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 "C:\Program Files\zrzut\FlashGet universal\LiveUpdate.exe" = C:\Program Files\zrzut\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate "C:\Program Files\zrzut\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\zrzut\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx "C:\Program Files\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe" = C:\Program Files\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe:*:Enabled:commandos3 -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{063BF5C1-89DB-433F-9D74-2E4F043E3F5E}" = Broadcom Management Programs "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359D2A79-64C6-4824-83CE-B053297DED6A}" = Adobe Photoshop Lightroom "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0 "{AAC4426A-42CD-4B4E-8057-9738C96F2C8F}" = HP Safety and Comfort Guide "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EB26AB83-D2E8-45E4-B510-CD670C506C74}" = Codecs Video Pack "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "ALLPlayer V3.1_is1" = ALLPlayer V3.X "avast" = avast! Free Antivirus "CadStd" = CadStd "CCleaner" = CCleaner "Claro" = Claro "CueClub" = CueClub "Free Media Player" = Free Media Player 0.1 "Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death(TM) "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Standard "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Picasa2" = Picasa 2 "Privack" = Privack 0.1 "RealAlt_is1" = Real Alternative 1.60 "Shipsim2008" = Ship Simulator 2008 "Skype_is1" = Skype 3.1 "Software Setup" = Software Setup "Spik" = Spik "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2009-06-21 17:56:11 | Computer Name = CHOFF | Source = Application Error | ID = 1000 Description = Faulting application lightroom.exe, version 1.2.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58. Error - 2009-07-04 20:20:47 | Computer Name = CHOFF | Source = Application Error | ID = 1000 Description = Faulting application codsp.exe, version 0.0.0.0, faulting module ialmgicd.dll, version 6.14.10.4299, fault address 0x00084983. Error - 2009-07-06 13:53:56 | Computer Name = CHOFF | Source = Application Error | ID = 1000 Description = Faulting application codsp.exe, version 0.0.0.0, faulting module ialmgicd.dll, version 6.14.10.4299, fault address 0x00084978. Error - 2009-07-08 18:46:48 | Computer Name = CHOFF | Source = Application Error | ID = 1000 Description = Faulting application codsp.exe, version 0.0.0.0, faulting module ialmgicd.dll, version 6.14.10.4299, fault address 0x00084978. Error - 2009-07-09 10:49:20 | Computer Name = CHOFF | Source = Application Error | ID = 1000 Description = Faulting application worldedit.exe, version 0.0.0.0, faulting module d3d8.dll, version 5.3.2600.2180, fault address 0x0003595c. Error - 2009-07-09 11:02:11 | Computer Name = CHOFF | Source = Application Error | ID = 1000 Description = Faulting application codsp.exe, version 0.0.0.0, faulting module ialmgicd.dll, version 6.14.10.4299, fault address 0x00084978. Error - 2009-07-12 19:42:04 | Computer Name = CHOFF | Source = Application Error | ID = 1000 Description = Faulting application allplayer.exe, version 3.1.0.0, faulting module avisplitter.ax, version 1.0.0.9, fault address 0x00021dcf. [ System Events ] Error - 2011-09-02 19:56:15 | Computer Name = CHOFF | Source = Service Control Manager | ID = 7034 Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s). Error - 2011-09-02 19:56:15 | Computer Name = CHOFF | Source = Service Control Manager | ID = 7034 Description = The Adobe Active File Monitor V6 service terminated unexpectedly. It has done this 1 time(s). Error - 2011-09-02 19:57:33 | Computer Name = CHOFF | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'r40' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 2011-09-02 19:57:47 | Computer Name = CHOFF | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 2011-09-02 19:57:47 | Computer Name = CHOFF | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 2011-09-02 19:58:02 | Computer Name = CHOFF | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 2011-09-02 19:58:02 | Computer Name = CHOFF | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 2011-09-04 11:14:42 | Computer Name = CHOFF | Source = Tcpip | ID = 4199 Description = The system detected an address conflict for IP address 192.168.0.10 with the system having network hardware address 00:16:CE:6B:D0:B9. Network operations on this system may be disrupted as a result. Error - 2011-09-04 11:30:48 | Computer Name = CHOFF | Source = Service Control Manager | ID = 7034 Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s). Error - 2011-09-04 11:30:48 | Computer Name = CHOFF | Source = Service Control Manager | ID = 7034 Description = The Adobe Active File Monitor V6 service terminated unexpectedly. It has done this 1 time(s). < End of report >