OTL Extras logfile created on: 2012-07-27 08:26:57 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = E:\pobrane Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,23 Mb Total Physical Memory | 407,30 Mb Available Physical Memory | 39,81% Memory free 2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,67% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,08 Gb Total Space | 0,63 Gb Free Space | 6,24% Space Free | Partition Type: NTFS Drive D: | 25,37 Gb Total Space | 0,86 Gb Free Space | 3,40% Space Free | Partition Type: FAT32 Drive E: | 20,50 Gb Total Space | 3,09 Gb Free Space | 15,06% Space Free | Partition Type: FAT32 Drive F: | 18,54 Gb Total Space | 2,90 Gb Free Space | 15,63% Space Free | Partition Type: FAT32 Drive G: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive P: | 7,47 Gb Total Space | 0,42 Gb Free Space | 5,63% Space Free | Partition Type: FAT32 Computer Name: DOM-AB5A97E2C4D | User Name: DOM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56937:TCP" = 56937:TCP:*:Enabled:Pando Media Booster "56937:UDP" = 56937:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "56937:TCP" = 56937:TCP:*:Enabled:Pando Media Booster "56937:UDP" = 56937:UDP:*:Enabled:Pando Media Booster [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "E:\CS 1.6\hl.exe" = E:\CS 1.6\hl.exe:*:Disabled:Half-Life Launcher "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "F:\Lineage II\System\l2.bin" = F:\Lineage II\System\l2.bin:*:Enabled:l2 "F:\Star_Wars_Battlefront_RIP\Star Wars Battlefront RIP\GameData\Battlefront.exe" = F:\Star_Wars_Battlefront_RIP\Star Wars Battlefront RIP\GameData\Battlefront.exe:*:Enabled:Battlefront -- () "F:\Alien Shooter 2\AlienShooter.exe" = F:\Alien Shooter 2\AlienShooter.exe:*:Enabled:AlienShooter Application "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Disabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "F:\NeverwinterNights\nwmain.exe" = F:\NeverwinterNights\nwmain.exe:*:Enabled:Neverwinter Nights "C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- () "F:\Disciples II - Bunt Elfow\Discipl2.exe" = F:\Disciples II - Bunt Elfow\Discipl2.exe:*:Enabled:Disciples II v3.01 -- (Strategy First) "F:\Valve\hl.exe" = F:\Valve\hl.exe:*:Enabled:Half-Life Launcher "C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{063F31AB-3493-412D-AE47-E76BAF64040A}_is1" = Testy Maturalne3 wersja 1.0 "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2BA53FA9-0973-425C-8464-4A73E8C70C1D}" = Character Builder Beta "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4278B780-6CB5-437A-BA6A-31C7F9FAB980}" = Adobe Flash Player 11 ActiveX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7EACD785-823D-4D1B-9A5E-85FACAF5DFB3}_is1" = Oxin's Style! 3D Sexvilla 2.055.001 "{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.102.12050 "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8E8365D0-C7AE-3CA2-9BCC-7A6644428166}" = e-Deklaracje Desktop "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92C0EEE0-EA16-4B95-84B6-A060B589081B}" = Disciples II - Bunt Elfów "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Zemsta "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALLConverter to PSP_is1" = ALLConverter to PSP "ALLPlayer_is1" = ALLPlayer V4.X "Any Video Converter_is1" = Any Video Converter 3.3.3 "avast" = avast! Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "Brutal Chess" = Brutal Chess "DAEMON Tools Lite" = DAEMON Tools Lite "e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop "ESET Online Scanner" = ESET Online Scanner v3 "FableTLCMod - Albion Explorer" = FableTLCMod - Albion Explorer "FableTLCMod - Fable Explorer" = FableTLCMod - Fable Explorer "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "Hentai3D2-052.003" = thriXXX Hentai3D2-052.003 "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0 "Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Minecraft" = Minecraft "neostradatp.exe" = neostrada tp "Nero8Lite_is1" = Nero 8 Micro 8.3.2.1 "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Opera 12.00.1467" = Opera 12.00 "pepakura_viewer3en" = Pepakura Viewer 3 "PhotoToolkit_is1" = Photo! Editor 1.1 "Piraci Nowego Świata_is1" = Piraci Nowego Świata "PIT Format 2011_is1" = PIT Format 2011 "The Sith Lords Restored Content Mod_is1" = TSLRCM 1.7 "UltraISO_is1" = UltraISO Premium V9.52 "Update Engine" = Sony Ericsson Update Engine "V9Software" = V9 HomeTool "Vampire PL" = Vampire PL "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WinRAR archiver" = WinRAR 4.01 (32-bitowy) [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Live Security Platinum" = Live Security Platinum "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-06-29 12:57:12 | Computer Name = DOM-AB5A97E2C4D | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd vampire.exe, wersja 0.0.0.0, moduł powodujący błąd d3dim700.dll, wersja 5.3.2600.5512, adres błędu 0x000190ad. Error - 2012-07-05 01:16:49 | Computer Name = DOM-AB5A97E2C4D | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca opera.exe, wersja 12.0.1467.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-07-19 11:42:45 | Computer Name = DOM-AB5A97E2C4D | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WinRAR.exe, wersja 4.1.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-07-19 11:42:49 | Computer Name = DOM-AB5A97E2C4D | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WinRAR.exe, wersja 4.1.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-07-20 10:49:47 | Computer Name = DOM-AB5A97E2C4D | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2012-07-23 08:01:18 | Computer Name = DOM-AB5A97E2C4D | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd morrowind.exe, wersja 1.6.0.1820, moduł powodujący błąd d3d8.dll, wersja 5.3.2600.5512, adres błędu 0x000357c2. Error - 2012-07-24 02:53:13 | Computer Name = DOM-AB5A97E2C4D | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd morrowind.exe, wersja 1.6.0.1820, moduł powodujący błąd morrowind.exe, wersja 1.6.0.1820, adres błędu 0x00029b94. Error - 2012-07-25 13:38:38 | Computer Name = DOM-AB5A97E2C4D | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd morrowind.exe, wersja 1.6.0.1820, moduł powodujący błąd morrowind.exe, wersja 1.6.0.1820, adres błędu 0x00029b94. Error - 2012-07-25 13:53:52 | Computer Name = DOM-AB5A97E2C4D | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd morrowind.exe, wersja 1.6.0.1820, moduł powodujący błąd morrowind.exe, wersja 1.6.0.1820, adres błędu 0x00029b94. Error - 2012-07-26 09:36:03 | Computer Name = DOM-AB5A97E2C4D | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd morrowind.exe, wersja 1.6.0.1820, moduł powodujący błąd msvcrt.dll, wersja 7.0.2600.5512, adres błędu 0x00037696. [ System Events ] Error - 2012-07-27 01:57:43 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7034 Description = Usługa Machine Debug Manager niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-07-27 01:57:43 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-07-27 01:57:43 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7034 Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-07-27 01:57:43 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7034 Description = Usługa France Telecom Routing Table Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-07-27 01:57:44 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Presentation Foundation Font Cache 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-07-27 01:57:52 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Windows Presentation Foundation Font Cache 3.0.0.0. Error - 2012-07-27 01:57:52 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Windows Presentation Foundation Font Cache 3.0.0.0 z powodu następującego błędu: %%1053 Error - 2012-07-27 02:01:20 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Machine Debug Manager. Error - 2012-07-27 02:01:20 | Computer Name = DOM-AB5A97E2C4D | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1053” podczas próby uruchomienia usługi MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064} Error - 2012-07-27 02:01:20 | Computer Name = DOM-AB5A97E2C4D | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Machine Debug Manager z powodu następującego błędu: %%1053 < End of report >