OTL Extras logfile created on: 2012-09-08 22:01:20 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Kawka\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,79% Memory free 6,50 Gb Paging File | 5,46 Gb Available in Paging File | 84,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 34,20 Gb Free Space | 70,04% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 13,08 Gb Free Space | 26,79% Space Free | Partition Type: NTFS Drive E: | 51,39 Gb Total Space | 50,90 Gb Free Space | 99,05% Space Free | Partition Type: NTFS Drive F: | 3,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KAWKA-KOMPUTER | User Name: Kawka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2116334824-1268189343-2505437317-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- D:\Mozilla Farjerfox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\ComboFix\NircmdB.exe" = C:\ComboFix\NircmdB.exe:*:Enabled:ipsec "C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:ipsec "C:\Windows\Explorer.EXE" = C:\Windows\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{527E499D-56B0-4366-BB4C-09D8C9EBCDA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{04001D94-AD10-4D24-8587-021E73998686}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe | "TCP Query User{1C96908F-F004-4B3C-91CB-2455B83DC61E}D:\counter-strike hd\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\counter-strike hd\counter-strike 1.6\hl.exe | "TCP Query User{34F1892B-CDAC-472F-ABD7-603DCE178C09}D:\chrome_installer.exe" = protocol=6 | dir=in | app=d:\chrome_installer.exe | "TCP Query User{3E5FD69E-7F54-4B3F-A072-60F5C1AD89D7}C:\program files\internet download manager\idman.exe" = protocol=6 | dir=in | app=c:\program files\internet download manager\idman.exe | "TCP Query User{56F0B484-A815-4653-A188-36A16961D4FB}D:\aqq\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\aqq\wapster aqq\aqq.exe | "TCP Query User{5BC52637-8A65-47CD-A500-7E34332CD652}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{5D6DD0B8-3ACC-4AAB-BF1B-D86E7DCBBD41}D:\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\left4dead\left4dead.exe | "TCP Query User{AE3D4E57-5BAA-4814-A9C4-A757CB8E9B3B}C:\users\kawka\documents\downloads\idman612.exe" = protocol=6 | dir=in | app=c:\users\kawka\documents\downloads\idman612.exe | "TCP Query User{B49D41B8-D956-4B4D-9791-84E5AA8BE624}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{B85FBE59-500B-47CA-97A7-BC14F1A39BFF}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe | "TCP Query User{C5C0F0F1-8184-4460-AE21-C1D397951928}D:\aimp3\aimp3.exe" = protocol=6 | dir=in | app=d:\aimp3\aimp3.exe | "TCP Query User{DF2A5BC8-664E-44FC-BC36-5FF41AE897FC}C:\combofix\nircmdb.exe" = protocol=6 | dir=in | app=c:\combofix\nircmdb.exe | "TCP Query User{E1276019-6BFA-40D0-80FC-E660EC73CFE7}D:\nfsmw\speed.exe" = protocol=6 | dir=in | app=d:\nfsmw\speed.exe | "UDP Query User{0677E7F5-45B5-47AD-BC2D-11677C7F40E6}D:\nfsmw\speed.exe" = protocol=17 | dir=in | app=d:\nfsmw\speed.exe | "UDP Query User{0BB84778-C816-47EF-82C3-F0AD4A747D5F}D:\counter-strike hd\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\counter-strike hd\counter-strike 1.6\hl.exe | "UDP Query User{1399D32F-5E3F-4CD7-A1D3-7FE4606D57DA}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{1D6673E4-ABC8-4C80-9C49-0C4056DD93A5}C:\combofix\nircmdb.exe" = protocol=17 | dir=in | app=c:\combofix\nircmdb.exe | "UDP Query User{3EA81A79-F9A6-4C43-B782-E50F1C415803}D:\chrome_installer.exe" = protocol=17 | dir=in | app=d:\chrome_installer.exe | "UDP Query User{4B600578-5A27-4C76-895A-376897E67800}D:\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\left4dead\left4dead.exe | "UDP Query User{73E218C5-CB2B-4755-A6F5-4C652D0561E2}C:\users\kawka\documents\downloads\idman612.exe" = protocol=17 | dir=in | app=c:\users\kawka\documents\downloads\idman612.exe | "UDP Query User{8CF85E90-4CB7-4EC1-B8C0-BEE1FDB63C8A}D:\aimp3\aimp3.exe" = protocol=17 | dir=in | app=d:\aimp3\aimp3.exe | "UDP Query User{D5D29C0F-9CF9-449A-8B89-9ECBB40D2DD8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{E9B660A7-B452-4555-810C-30931328E457}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe | "UDP Query User{F2538A3D-AEBB-4BE1-89EE-3E9D95DD66B6}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe | "UDP Query User{FD7E8135-DCC9-4C93-901F-DF9C09C625E6}C:\program files\internet download manager\idman.exe" = protocol=17 | dir=in | app=c:\program files\internet download manager\idman.exe | "UDP Query User{FF8D82D9-DB0D-4F39-A80E-4203AFE23709}D:\aqq\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\aqq\wapster aqq\aqq.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIMP3" = AIMP3 "AQQ" = WapSter AQQ "Counter-Strike 1.6" = Counter-Strike 1.6 v48 "Internet Download Manager" = Internet Download Manager "Mozilla Firefox 15.0.1 (x86 pl)" = Mozilla Firefox 15.0.1 (x86 pl) "NIS" = Norton Internet Security "WinRAR archiver" = WinRAR 4.20 (32-bitowy) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2116334824-1268189343-2505437317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-09-05 14:23:55 | Computer Name = Kawka-Komputer | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "d:\AQQ\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "d:\AQQ\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2012-09-08 04:45:54 | Computer Name = Kawka-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 18.0.1025.151, sygnatura czasowa: 0x4f7b9746 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdadb Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x000c283b Identyfikator procesu powodującego błąd: 0x11a4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd8d9e46cad2a5 Ścieżka aplikacji powodującej błąd: C:\Users\Kawka\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 992f8848-f991-11e1-9c2d-f63be981779e Error - 2012-09-08 14:36:02 | Computer Name = Kawka-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 18.0.1025.151, sygnatura czasowa: 0x4f7b9746 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdadb Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x000c283b Identyfikator procesu powodującego błąd: 0xdfc Godzina uruchomienia aplikacji powodującej błąd: 0x01cd8dee3712edf7 Ścieżka aplikacji powodującej błąd: C:\Users\Kawka\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 0a01234d-f9e4-11e1-afc6-ddd2f9d5b298 [ System Events ] Error - 2012-09-08 13:25:25 | Computer Name = Kawka-Komputer | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2012-09-08 13:27:18 | Computer Name = Kawka-Komputer | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2012-09-08 13:29:37 | Computer Name = Kawka-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 19:28:44 na ?2012-?09-?08 było nieoczekiwane. Error - 2012-09-08 13:41:34 | Computer Name = Kawka-Komputer | Source = cdrom | ID = 262151 Description = W urządzeniu \Device\CdRom0 wystąpił zły blok. Error - 2012-09-08 13:41:43 | Computer Name = Kawka-Komputer | Source = cdrom | ID = 262151 Description = W urządzeniu \Device\CdRom0 wystąpił zły blok. Error - 2012-09-08 13:41:52 | Computer Name = Kawka-Komputer | Source = cdrom | ID = 262151 Description = W urządzeniu \Device\CdRom0 wystąpił zły blok. Error - 2012-09-08 13:42:01 | Computer Name = Kawka-Komputer | Source = cdrom | ID = 262151 Description = W urządzeniu \Device\CdRom0 wystąpił zły blok. Error - 2012-09-08 14:49:17 | Computer Name = Kawka-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-09-08 14:49:17 | Computer Name = Kawka-Komputer | Source = DCOM | ID = 10001 Description = Error - 2012-09-08 15:57:53 | Computer Name = Kawka-Komputer | Source = DCOM | ID = 10001 Description = < End of report >