OTL Extras logfile created on: 2012-02-10 16:14:45 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\tomek\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,38% Memory free 4,23 Gb Paging File | 2,74 Gb Available in Paging File | 64,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 11,21 Gb Free Space | 28,70% Space Free | Partition Type: NTFS Drive D: | 78,13 Gb Total Space | 68,54 Gb Free Space | 87,72% Space Free | Partition Type: NTFS Drive E: | 174,29 Gb Total Space | 162,21 Gb Free Space | 93,07% Space Free | Partition Type: NTFS Drive F: | 174,28 Gb Total Space | 142,33 Gb Free Space | 81,67% Space Free | Partition Type: NTFS Computer Name: TOMEK-PC | User Name: tomek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1681707348-1694484624-1071145583-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{20A3B8D2-2E81-49F5-A022-B1429C660913}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2EACAB78-EF16-457A-ADF6-93FD3508FF4E}" = lport=139 | protocol=6 | dir=in | app=system | "{556D07BC-D8FA-44C0-AC35-DA40B18D8248}" = lport=137 | protocol=17 | dir=in | app=system | "{5B65B3E0-04C5-49E2-A45D-ED0AD56FBB16}" = rport=139 | protocol=6 | dir=out | app=system | "{84C00A49-4553-4072-9F1A-E7227E829A4F}" = rport=445 | protocol=6 | dir=out | app=system | "{B56843E8-6743-459A-98C8-30F64ACE4856}" = rport=138 | protocol=17 | dir=out | app=system | "{E3D90F7F-BCDF-4E17-993D-CD16B7D799DC}" = lport=138 | protocol=17 | dir=in | app=system | "{F43EBE5A-6FA5-47DC-AB9C-A66FEBCDF344}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F8208DB9-FA0A-410D-ADAB-0E80E9B930C3}" = lport=445 | protocol=6 | dir=in | app=system | "{F83E859D-0DBC-492F-88B4-A3FF1ED398A2}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3F264391-F9ED-495B-BFAD-14960742B48F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6F2050D9-8474-4613-8AB8-8094BFB43B91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8935512B-35EC-4AAA-8997-D90E584067EB}" = protocol=6 | dir=in | app=e:\bohemia interactive\arma2free.exe | "{A3BAEF86-BD31-4F8E-9DA4-3BFDD84285EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BA9E1787-B125-40A9-A884-2E5370D166BD}" = protocol=17 | dir=in | app=e:\bohemia interactive\arma2free.exe | "{D488BC4D-58B1-4A46-B2F0-ECF537A494FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E278A73B-B2A5-4882-82A6-88C158A17711}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{29C55696-A89C-4CEE-A471-D9B50398D0EB}E:\prism.exe" = protocol=6 | dir=in | app=e:\prism.exe | "TCP Query User{9FA8CE0E-1302-480A-96AC-73A792AE8B37}E:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\wotlauncher.exe | "TCP Query User{E80E2687-7FC7-4CAC-96AA-9BC3E1F9AFCF}E:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\worldoftanks.exe | "UDP Query User{6227E5D6-2B38-493D-814D-55B4AF3251FD}E:\prism.exe" = protocol=17 | dir=in | app=e:\prism.exe | "UDP Query User{68483604-0FD6-471D-BAC4-DE3784437CBA}E:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\wotlauncher.exe | "UDP Query User{AEC0C029-9ED7-4948-8B4F-F1236D7D7816}E:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\worldoftanks.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English "{0D2F1A48-CB56-481F-BD7A-F75CAFCD2E7E}" = msejf "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30 "{26D4FB2E-BA55-3E2C-CC6F-97D6A0A74306}" = AMD Fuel "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{47E235BB-2CB0-4D8D-A95C-A2F723691173}" = Guard Shield "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper wersja 3.2.0 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common "{7336143C-44FD-4AAC-B53A-158FEA08489D}" = OpenOffice.ux.pl 3.3 "{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{8D8B8115-40C1-A707-B7DA-599514076A81}" = AMD VISION Engine Control Center "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Polish "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1" = GPU Caps Viewer 1.14.4 "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = 2.0 PC CAMERA "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "18 Wheels of Steel - Extreme Trucker 2/PL-Polish_is1" = 18 Wheels of Steel: Extreme Trucker 2 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALLPlayer_is1" = ALLPlayer V5.X "ArmA 2" = ArmA 2 Free Uninstall "Bus Driver" = Bus Driver 1.5 "CCleaner" = CCleaner "Euro Truck Simulator" = Euro Truck Simulator 1.3 "German Truck Simulator" = German Truck Simulator 1.32 "HD Tune_is1" = HD Tune 2.55 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.1.1000 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 10.0 (x86 pl)" = Mozilla Firefox 10.0 (x86 pl) "Revo Uninstaller" = Revo Uninstaller 1.93 "UK Truck Simulator" = UK Truck Simulator 1.32 "VLC media player" = VLC media player 1.1.11 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-02-08 04:05:01 | Computer Name = tomek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-02-08 04:05:01 | Computer Name = tomek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-02-08 04:05:15 | Computer Name = tomek-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-02-08 06:04:28 | Computer Name = tomek-PC | Source = ESENT | ID = 484 Description = WinMail (2232) WindowsMail0: An attempt to remove the folder "C:\Users\tomek\AppData\Local\Microsoft\Windows Mail\Backup\old" failed with system error 145 (0x00000091): "The directory is not empty. ". The remove folder operation will fail with error -1022 (0xfffffc02). Error - 2012-02-08 06:04:28 | Computer Name = tomek-PC | Source = ESENT | ID = 215 Description = WinMail (2232) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 2012-02-09 04:28:58 | Computer Name = tomek-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-02-09 11:39:45 | Computer Name = tomek-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-02-10 00:03:27 | Computer Name = tomek-PC | Source = WinMgmt | ID = 10 Description = Error - 2012-02-10 02:32:09 | Computer Name = tomek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-02-10 03:44:39 | Computer Name = tomek-PC | Source = Application Error | ID = 1000 Description = Faulting application HDDScan.exe, version 0.0.0.0, time stamp 0x4c4664f4, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0x0eedfade, fault offset 0x0003fc56, process id 0x12ec, application start time 0x01cce7c74a61ccaf. [ System Events ] Error - 2011-10-25 05:19:51 | Computer Name = tomek-PC | Source = Service Control Manager | ID = 7024 Description = Error - 2011-10-25 05:19:51 | Computer Name = tomek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2011-10-26 07:46:21 | Computer Name = tomek-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 2011-10-29 04:40:02 | Computer Name = tomek-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-29 04:40:16 | Computer Name = tomek-PC | Source = Service Control Manager | ID = 7009 Description = Error - 2011-10-29 04:40:16 | Computer Name = tomek-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-11-05 10:01:21 | Computer Name = tomek-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 14:57:36 on 2011-11-05 was unexpected. Error - 2011-11-05 11:08:36 | Computer Name = tomek-PC | Source = i8042prt | ID = 327714 Description = An error occurred while trying to determine the number of mouse buttons. Error - 2011-11-10 03:49:14 | Computer Name = tomek-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 2011-11-12 13:46:20 | Computer Name = tomek-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. < End of report >