OTL Extras logfile created on: 1/11/2015 6:56:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Pobrane 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.17183) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.86 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.71% Memory free 7.72 Gb Paging File | 5.71 Gb Available in Paging File | 73.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 64.74 Gb Free Space | 64.74% Space Free | Partition Type: NTFS Drive D: | 346.03 Gb Total Space | 318.09 Gb Free Space | 91.92% Space Free | Partition Type: NTFS Computer Name: DOM | User Name: Pit | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2660333226-2956138994-4221737075-1001\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{F6059B58-83D6-42CD-A7AB-441078A18024}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12C4D863-D274-4801-92CC-FE54D372DD26}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{28119501-AB49-402E-B2C9-8318BE0D7EAA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | "{71582AB5-FEF5-4C80-BB32-A451CBB3B205}" = protocol=17 | dir=in | app=c:\users\pit\appdata\roaming\utorrent\utorrent.exe | "{BE6A71CD-5191-45C3-953D-C779DFB1D8A2}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{C36DF47C-6DA1-43A9-8CEC-F32D6478C25F}" = protocol=6 | dir=in | app=c:\users\pit\appdata\roaming\utorrent\utorrent.exe | "{CFB137CF-C123-457E-998D-8859514D0902}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.3 (64-bit) "{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK) "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{901D1D88-408D-48E5-80DD-CC3145BD8456}" = COMODO Internet Security Premium "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski) "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.93 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.93 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software "99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.25 "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.5 (64-bit) "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 5.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking "{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}" = Lenovo MuteSync "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}" = Nsd "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD "{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1" = This War of Mine "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}" = LibreOffice 4.2.4.2 "{71EE2EC3-AF95-4907-BBC4-7A9A867765DD}" = Mumble 1.2.8 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel(R) WiDi "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{913E2B02-1BA9-4B38-991B-31C717F9D00C}" = e-Deklaracje Desktop "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Polish "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI "CrystalDiskInfo_is1" = CrystalDiskInfo 6.1.14 "e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop "Foxit Reader_is1" = Foxit Reader "GOGPACKHOMM3COMPLETE_is1" = Heroes of Might and Magic 3 Complete "HP LaserJet P1000 series" = HP LaserJet P1000 series "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.0.4.1028 "Mozilla Firefox 34.0.5 (x86 pl)" = Mozilla Firefox 34.0.5 (x86 pl) "Mozilla Thunderbird 24.2.0 (x86 pl)" = Mozilla Thunderbird 24.2.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Sunplus SPUVCb" = Lenovo EasyCamera "VeriFace" = VeriFace "WinPcapInst" = WinPcap 4.1.3 "Wireshark" = Wireshark 1.12.3 (64-bit) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2660333226-2956138994-4221737075-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks "CodeBlocks" = CodeBlocks "TeamSpeak 3 Client" = TeamSpeak 3 Client "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.). Error - 9/19/2014 2:45:59 PM | Computer Name = dom | Source = NSDSvc | ID = 131328 Description = An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.). [ COMODO Internet Security Events ] Error - 12/13/2014 5:41:35 PM | Computer Name = dom | Source = cmdagent | ID = 1 Description = < End of report >