OTL Extras logfile created on: 2012-07-08 10:43:27 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = E:\Programz Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,33% Memory free 4,20 Gb Paging File | 3,72 Gb Available in Paging File | 88,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,30 Gb Total Space | 9,16 Gb Free Space | 31,27% Space Free | Partition Type: NTFS Drive E: | 81,03 Gb Total Space | 9,94 Gb Free Space | 12,27% Space Free | Partition Type: NTFS Computer Name: TRYGLAV | User Name: Alaemortis | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3456899725-1400839390-1592737166-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- E:\Programz\Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "E:\Programz\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Programz\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "E:\Programz\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Programz\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Programz\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B086AE7-34E8-4F1B-BA61-8CB539720C8D}" = protocol=6 | dir=in | app=c:\users\alaemortis\appdata\roaming\dropbox\bin\dropbox.exe | "{0C74191D-4506-4234-BA2E-DF7B60E0CCFF}" = protocol=6 | dir=in | app=e:\programz\utorrent\utorrent.exe | "{143A54B8-38D4-4B56-ADD2-D54D35A9EB8D}" = protocol=6 | dir=in | app=e:\download\nw\hss-2.06-install-anchorfree-244-ask4(programosy.pl).exe | "{3447B2E2-B85F-4F4D-8C1B-48F714E25C9E}" = protocol=17 | dir=in | app=e:\programz\hotspot shield\bin\openvpntray.exe | "{7151C9F4-336F-4222-B683-6F0A16A5E101}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{7E4D2E13-A5C6-4A9F-A9EF-B53C3E2BAC41}" = protocol=6 | dir=in | app=e:\programz\hotspot shield\bin\openvpntray.exe | "{865E5ED1-452D-42FA-A020-A08172D52B2B}" = protocol=17 | dir=in | app=e:\download\nw\hss-2.06-install-anchorfree-244-ask4(programosy.pl).exe | "{88631A53-6AAA-4FB4-BD9F-D4D26AEA34B5}" = protocol=17 | dir=in | app=c:\users\alaemortis\appdata\roaming\dropbox\bin\dropbox.exe | "{C82FB04C-E2BC-4BCD-A0C6-094D56B294CC}" = protocol=17 | dir=in | app=e:\programz\utorrent\utorrent.exe | "{EC46D5DF-FB08-4486-8D68-4BA13A4F64A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{10998637-193C-4E93-A807-44FDF5266941}E:\gierce\neverwinter nights\nwmain.exe" = protocol=6 | dir=in | app=e:\gierce\neverwinter nights\nwmain.exe | "TCP Query User{11FACA47-369C-4198-B013-63F93BA0306A}E:\programz\emule\emule.exe" = protocol=6 | dir=in | app=e:\programz\emule\emule.exe | "TCP Query User{1CAA0991-3222-441E-85D4-124938F5E24D}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | "TCP Query User{222E63C4-FCD0-49CD-B2B8-BBB21440B855}E:\programz\dropbox\moje\teamspeak3 server\ts3server_win32.exe" = protocol=6 | dir=in | app=e:\programz\dropbox\moje\teamspeak3 server\ts3server_win32.exe | "TCP Query User{47F7BFB4-937A-4A62-A95B-88444D2A5AA6}E:\programz\teamspeak3 server\ts3server_win32.exe" = protocol=6 | dir=in | app=e:\programz\teamspeak3 server\ts3server_win32.exe | "TCP Query User{66163E8E-47E9-475D-BD3B-2AD724687904}E:\programz\free download manager\fdm.exe" = protocol=6 | dir=in | app=e:\programz\free download manager\fdm.exe | "TCP Query User{88748F9F-54CE-4627-92D2-8854F68B26B2}E:\gierce\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\gierce\world_of_tanks\worldoftanks.exe | "TCP Query User{C5BF1B14-ABDF-4436-AE5F-6A958F67E960}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | "TCP Query User{D6D55286-D4DE-42CB-85B9-AA964F6D2A6D}E:\programz\aqq\aqq.exe" = protocol=6 | dir=in | app=e:\programz\aqq\aqq.exe | "TCP Query User{FDCE159B-998E-479C-A71F-227A7741F0AA}E:\gierce\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\gierce\world_of_tanks\wotlauncher.exe | "UDP Query User{256692BB-3F04-4F3D-B8FE-CFD480452B7B}E:\gierce\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\gierce\world_of_tanks\worldoftanks.exe | "UDP Query User{3A8F61F2-4B47-4783-9CEE-FCDE2AD03547}E:\programz\free download manager\fdm.exe" = protocol=17 | dir=in | app=e:\programz\free download manager\fdm.exe | "UDP Query User{3E0E2E01-2EDC-47B6-9791-A71B8318787E}E:\programz\teamspeak3 server\ts3server_win32.exe" = protocol=17 | dir=in | app=e:\programz\teamspeak3 server\ts3server_win32.exe | "UDP Query User{6035F466-F049-46B3-AD38-F136D626033F}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | "UDP Query User{68804E54-B746-4EA6-A90E-B3E395B1B955}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | "UDP Query User{7A40F834-48C7-4925-9E12-2204979A0F32}E:\programz\dropbox\moje\teamspeak3 server\ts3server_win32.exe" = protocol=17 | dir=in | app=e:\programz\dropbox\moje\teamspeak3 server\ts3server_win32.exe | "UDP Query User{7DD722D7-1B0D-448C-A9F5-68935B11EB4F}E:\programz\aqq\aqq.exe" = protocol=17 | dir=in | app=e:\programz\aqq\aqq.exe | "UDP Query User{995D73FC-92A2-4E79-AADF-D229F0E72EFB}E:\programz\emule\emule.exe" = protocol=17 | dir=in | app=e:\programz\emule\emule.exe | "UDP Query User{A64925F7-A290-49B8-8FEB-BC7CA5BB2151}E:\gierce\neverwinter nights\nwmain.exe" = protocol=17 | dir=in | app=e:\gierce\neverwinter nights\nwmain.exe | "UDP Query User{C1F3AD2D-6471-4DA8-81E6-8494ACECBAC5}E:\gierce\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\gierce\world_of_tanks\wotlauncher.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 "{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Obsługa programów Apple "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F47E5EF3-F7CB-4459-9E5D-119511EBDD78}_is1" = Minecraft AA wersja 1.1 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3ivx MPEG-4 5.0.2" = 3ivx MPEG-4 5.0.2 (remove only) "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AQQ" = WapSter AQQ "Diablo" = Diablo "Diablo II" = Diablo II "eMule" = eMule "FileZilla Client" = FileZilla Client 3.5.1 "Flash Decompiler Trillix_is1" = Flash Decompiler Trillix "HaaliMkx" = Haali Media Splitter "HDMI" = Intel(R) Graphics Media Accelerator Driver "Hellfire" = Hellfire "HideIPEasy" = Hide IP Easy "HotspotShield" = Hotspot Shield 2.09 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Full) "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Matroska Pack" = Matroska Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Sierra Utilities" = Sierra Utilities "ST6UNST #1" = Hero Editor V1.04 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "TOSHIBA Software Modem" = TOSHIBA Software Modem "uTorrent" = µTorrent "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "X-COM Collector's Edition" = X-COM Collector's Edition [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3456899725-1400839390-1592737166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Diablo" = Diablo "Dropbox" = Dropbox "edf81210d8cda867" = Przytnij "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-06-24 01:58:25 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-06-26 14:29:52 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-06-26 20:11:03 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-06-28 14:17:59 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-06-30 11:15:03 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-07-02 14:30:36 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-07-04 14:27:45 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-07-06 14:23:21 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-07-08 02:24:52 | Computer Name = Tryglav | Source = WerSvc | ID = 5007 Description = Error - 2012-07-08 04:13:58 | Computer Name = Tryglav | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 2011-08-29 00:25:08 | Computer Name = Tryglav | Source = DCOM | ID = 10010 Description = Error - 2011-08-30 16:59:54 | Computer Name = Tryglav | Source = Dhcp | ID = 1002 Description = The IP address lease 10.71.32.25 for the Network Card with network address 00FFA23CE688 has been denied by the DHCP server 10.54.15.254 (The DHCP Server sent a DHCPNACK message). Error - 2011-09-01 13:22:47 | Computer Name = Tryglav | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-01 13:22:47 | Computer Name = Tryglav | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-01 13:22:47 | Computer Name = Tryglav | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-02 00:31:32 | Computer Name = Tryglav | Source = DCOM | ID = 10010 Description = Error - 2011-09-03 10:47:04 | Computer Name = Tryglav | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-03 10:47:04 | Computer Name = Tryglav | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-03 10:47:04 | Computer Name = Tryglav | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-04 00:47:45 | Computer Name = Tryglav | Source = DCOM | ID = 10010 Description = < End of report >