OTL Extras logfile created on: 2012-07-07 22:30:28 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\witek\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,45% Memory free 8,00 Gb Paging File | 6,97 Gb Available in Paging File | 87,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 13,60 Gb Free Space | 13,60% Space Free | Partition Type: NTFS Drive D: | 198,08 Gb Total Space | 61,56 Gb Free Space | 31,08% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 41,78 Gb Free Space | 17,94% Space Free | Partition Type: NTFS Computer Name: WITEK-PC | User Name: witek | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-1810303337-3274751939-3185202697-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EEE1879-0A47-4FDB-849B-4C1751E1FC4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D68F23B-413A-4516-B7BB-2AE577B736FC}" = rport=445 | protocol=6 | dir=out | app=system | "{22019D44-2174-488F-9394-2057C80FA3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{33501037-DFF2-4B4B-A2B0-755872D4B312}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3422FAA5-E4F8-4FE1-8F73-F35077330FDA}" = rport=139 | protocol=6 | dir=out | app=system | "{3B7ED49A-9077-414B-843B-EA76B587A45E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3D5D1A45-DE1A-439F-B632-4A094E365A4E}" = lport=138 | protocol=17 | dir=in | app=system | "{3EB712AF-BC64-433C-AADC-5BBC802781C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{401F8D2A-2624-41A6-8C3B-3998CB5AF04C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{457150E8-BE36-4623-9EBE-EFA97179FA44}" = lport=58062 | protocol=6 | dir=in | name=pando media booster | "{598AD69A-15B3-4B94-8EE6-2C511CC37F1B}" = lport=137 | protocol=17 | dir=in | app=system | "{619F0EE6-CC90-4A35-943C-312F5DE701EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{62F459ED-CA03-4A7B-9BD1-90CE7BC579F9}" = lport=10243 | protocol=6 | dir=in | app=system | "{6DC709CB-F2DD-4C56-AC7C-2D867C08E538}" = rport=138 | protocol=17 | dir=out | app=system | "{6EDAAF33-80F9-41A9-A3A3-60D5CAB8A61D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{713F552C-04A5-426E-B589-4F1FCDE3C3C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{75D7C8B5-8B61-442E-B619-91DDA936AD86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{764DD4D3-FD3B-4FD9-9B01-5E047C41EA75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7BAEF571-6D03-4BA5-B415-ABFD5A491C0B}" = lport=58062 | protocol=6 | dir=in | name=pando media booster | "{8050BCC7-7216-4FC0-B2F2-34123B85B9DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8832798E-108A-4DBA-BED3-8BB7DA27C2B6}" = lport=58062 | protocol=17 | dir=in | name=pando media booster | "{8A332179-A1EA-4F88-B85F-9C3263338655}" = rport=10243 | protocol=6 | dir=out | app=system | "{9425503C-DA0E-469F-8579-528E0D9B4042}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9E17D8CD-CA91-4A84-978E-12F3CCFF5BD2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A6F2B396-4D7E-42F3-9ED3-FCA0F849A520}" = lport=139 | protocol=6 | dir=in | app=system | "{BC5E737D-5E19-41BC-B00B-19E3A7E0FB62}" = lport=2869 | protocol=6 | dir=in | app=system | "{C649E25E-1F2E-45A2-8B6E-4485B6C236D3}" = lport=58062 | protocol=17 | dir=in | name=pando media booster | "{CBF75D11-22E9-44AC-84A0-9018B9C0EB1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD18E4DF-5DD4-4F97-8F38-231BEC0A4762}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CEF3018E-AE87-4269-988C-7A3C28A839CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D44ECE6E-8F5C-476E-938D-FF2001E9C4C8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D9472F5A-E4F0-4EBA-AAF0-8EA81846EEF1}" = rport=137 | protocol=17 | dir=out | app=system | "{E4ECF745-1287-45BF-B8E1-24329D752FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED4516DD-1EE4-40C3-AC22-B79F7182BE6F}" = lport=445 | protocol=6 | dir=in | app=system | "{F654C403-5E6A-4103-A0A0-8E5B9BC7126C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{024BE262-ED91-4282-8DDD-A03169C9638B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{05386FFB-6D75-48AE-8DB7-E3A5F27780BC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0E4FCFD0-5E0B-43FF-A412-71D0C696AFC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0F4CA2F2-98F1-4E27-B4EE-DB308438DAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{10BDF0CC-0481-46A4-821F-3F0A82B5EA8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{113D33D4-2361-4592-8E60-563637D0AFE9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{182A5C6B-9250-46CE-A82D-BE3CCC165E7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1ABDEE09-FA04-4D56-81CB-2E2632B8F285}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{38A7121F-11A3-478C-B2EE-5A6FBB3ED39F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3C91355A-C078-4FC0-971B-5A2BED4FA2B2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3DE11B19-1BDE-4984-9760-C234244307AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3E86BCE7-6FB2-491E-BDCA-A9BE7256B831}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4D6F4226-46D0-45B7-A12A-FD2180EBC3C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5A763C3C-8E41-4F05-B554-9D395774241A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5C03FAE6-AB90-4572-8F7D-2610FED89996}" = protocol=6 | dir=in | app=c:\users\witek\appdata\local\temp\7zs7916\hpdiagnosticcoreui.exe | "{61F173B4-2A7D-4407-A859-EAFF59ACCB90}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6CFE34C8-6B45-4FF5-BD57-F42F347F948E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6E340C4C-EDB8-4882-BB5E-9608E2FA9D45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7A703A45-05E7-4ED6-A2C3-4C3D8BD369F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{84B03CB2-1516-4E55-A213-7F334F204099}" = protocol=17 | dir=in | app=c:\users\witek\appdata\local\temp\7zs7916\hpdiagnosticcoreui.exe | "{90A34865-272E-4F11-931C-4C4B7F570EA2}" = protocol=6 | dir=in | app=c:\users\witek\appdata\roaming\dropbox\bin\dropbox.exe | "{9D12D772-94DC-4AD5-8C66-07988463FA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A11FA643-1478-4D92-8659-5E2108423A72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A1BBD0B7-8873-49AD-B415-5FEE30F4B3C1}" = protocol=6 | dir=out | app=system | "{B1723E41-750F-412C-8E1D-15BCB5168C92}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B5FD34FC-BFC6-43CD-A4D9-9D4839A27EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C1CE0BF8-8CBF-4D6C-B2AB-B7DB9A4BFCB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C25BB931-6676-461C-8E16-B9F2E58CFE06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C8E843AB-D0F3-4BE2-BA67-7D069A62602F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CC01938F-8F91-4F26-8792-F2564E485C68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D13685D9-9D9D-4DDB-8F6D-470C736C78DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DA20F4F5-F5CB-42B3-8395-3A8BE8D2E818}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DA3D5FF4-68A2-456E-A2BE-B9E91174A607}" = protocol=17 | dir=in | app=c:\users\witek\appdata\roaming\dropbox\bin\dropbox.exe | "{DEF6A86B-20AF-4EBE-B553-3BD8F82A97A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DF324549-1EA3-4523-B9A5-3DB6E49E3702}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{E711FDD2-8262-4D52-88D2-8C8B8557268C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F8F36B43-6D7A-44DC-A25C-E520611A3CD5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{FCA58163-AF67-4EEA-85CD-4F0F77DE50D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{1218AD5E-964A-4384-AB25-6A90BABA64EA}C:\users\witek\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\witek\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{1FE2DD6C-76CE-4E09-990B-0CB421537310}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "TCP Query User{209F3B20-F7DE-4E32-B33D-CEDC5D1FFDF9}C:\users\witek\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\witek\downloads\runes_of_magic_5_0_0_2535_slim.exe | "TCP Query User{2B80C9BE-2403-4674-B300-C78AE291AC40}C:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe | "TCP Query User{3FC495C9-ECB0-4968-BE95-1463328AE991}C:\users\witek\downloads\anarchyonline_18.4.7-large.exe" = protocol=6 | dir=in | app=c:\users\witek\downloads\anarchyonline_18.4.7-large.exe | "TCP Query User{51016412-93FB-4D4E-B304-84579915EAD0}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | "TCP Query User{8514FD13-F3DC-4DA4-AE8D-51465BF56C62}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{C1D96123-A4E9-4018-8D2A-0A584E382ECF}C:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe | "TCP Query User{E23A9B4E-94D0-45EA-B61A-4CDD0AE26DBF}D:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | "TCP Query User{F5C72F86-5660-47F2-BFF4-4336AB70E58B}D:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | "UDP Query User{5C75F598-3900-43CF-8971-6934B586AFC3}C:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe | "UDP Query User{5E90A872-58CF-4B7D-A469-DE5CCB24AD78}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | "UDP Query User{99754FA9-5B92-4A72-BA6D-62FD952FD776}C:\users\witek\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\witek\downloads\runes_of_magic_5_0_0_2535_slim.exe | "UDP Query User{AD04FFB3-839B-400B-8891-14EA853B97EF}C:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe | "UDP Query User{B71BCB2D-1FBE-4EBD-AB50-BFC56DCAA9F4}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "UDP Query User{D6A546CC-A9B7-4C0D-9832-CF7592D489C2}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "UDP Query User{E6919CFD-0EE9-47F9-AD58-FA1BAE22223D}C:\users\witek\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\witek\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{F2E1D2AA-018A-447C-8C53-447CD0517A65}C:\users\witek\downloads\anarchyonline_18.4.7-large.exe" = protocol=17 | dir=in | app=c:\users\witek\downloads\anarchyonline_18.4.7-large.exe | "UDP Query User{FEBF860C-0FBA-43DC-84B6-A61443710EF2}D:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | "UDP Query User{FF384C2C-6F51-4176-B372-7459CF196802}D:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\tribees\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client PL-PL Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "WhoCrashed_is1" = WhoCrashed 3.04 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3 "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection "{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4 "{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3AE003CD-4111-4D8D-B798-FACFDFCF2991}_is1" = Anarchy Online "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{EE249C5E-F2F3-4F4C-8EAD-75F4E226E4C6}" = Document Express DjVu Plug-in "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.00.8037 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Android SDK Tools" = Android SDK Tools "Audacity_is1" = Audacity 2.0 "bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DtsFilter" = DTS+AC3 Filter "foobar2000" = foobar2000 v1.1.11 "Gadu-Gadu" = Gadu-Gadu 7.7 "GamersFirst LIVE!" = GamersFirst LIVE! "GOM Player" = GOM Player "Guitar Pro 5_is1" = Guitar Pro 5.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.0.0.2151) "NirSoft BlueScreenView" = NirSoft BlueScreenView "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 11.62.1347" = Opera 11.62 "Origin" = Origin "Payday The Heist (c) OVERKILL Software_is1" = Payday The Heist (c) OVERKILL Software version 1 "PunkBusterSvc" = PunkBuster Services "QuicktimeAlt_is1" = QuickTime Alternative 3.2.2 "RealAlt_is1" = Real Alternative 1.8.0 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "uTorrent" = µTorrent "WinRAR archiver" = WinRAR 4.11 (32-bit) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1810303337-3274751939-3185202697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-04 08:50:45 | Computer Name = witek-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 2012-07-05 11:34:01 | Computer Name = witek-PC | Source = Application Hang | ID = 1002 Description = The program uTorrent.exe version 3.1.3.27207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 684 Start Time: 01cd5abfccb15af4 Termination Time: 10 Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe Report Id: d4e48b86-c6b6-11e1-b41f-00e04c17db0f Error - 2012-07-05 11:45:17 | Computer Name = witek-PC | Source = Application Hang | ID = 1002 Description = The program uTorrent.exe version 3.1.3.27207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e48 Start Time: 01cd5ac3b5236bdf Termination Time: 10 Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe Report Id: 666fea8f-c6b8-11e1-b41f-00e04c17db0f Error - 2012-07-05 14:04:21 | Computer Name = witek-PC | Source = Application Error | ID = 1000 Description = Faulting application name: TribesAscend.exe, version: 1.0.1016.7, time stamp: 0x4fe0ee3c Faulting module name: TribesAscend.exe, version: 1.0.1016.7, time stamp: 0x4fe0ee3c Exception code: 0xc0000005 Fault offset: 0x001eaee3 Faulting process id: 0xb50 Faulting application start time: 0x01cd5ad66625f971 Faulting application path: D:\tribees\HiRezGames\tribes alpha\binaries\Win32\TribesAscend.exe Faulting module path: D:\tribees\HiRezGames\tribes alpha\binaries\Win32\TribesAscend.exe Report Id: d834ffa6-c6cb-11e1-b41f-00e04c17db0f Error - 2012-07-06 12:29:28 | Computer Name = witek-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 2012-07-06 12:29:53 | Computer Name = witek-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 2012-07-06 13:22:41 | Computer Name = witek-PC | Source = Application Error | ID = 1000 Description = Faulting application name: GOM.EXE, version: 2.1.39.5101, time stamp: 0x4f6030c7 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10 Exception code: 0xc0000005 Fault offset: 0x00038df9 Faulting process id: 0x1070 Faulting application start time: 0x01cd5b9bcdf04f1e Faulting application path: C:\PROGRA~2\GRETECH\GOMPLA~1\GOM.EXE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 305edad6-c78f-11e1-b9f3-00e04c17db0f Error - 2012-07-07 10:50:07 | Computer Name = witek-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 2012-07-07 10:50:32 | Computer Name = witek-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 2012-07-07 14:57:26 | Computer Name = witek-PC | Source = Application Error | ID = 1000 Description = Faulting application name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8 Faulting module name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8 Exception code: 0x40000015 Fault offset: 0x00014965 Faulting process id: 0xb2c Faulting application start time: 0x01cd5c199090f279 Faulting application path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe Faulting module path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe Report Id: 9759950b-c865-11e1-b9d3-00e04c17db0f [ System Events ] Error - 2012-07-07 16:27:42 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:27:42 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:27:44 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:27:44 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:27:44 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:27:44 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:27:44 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:27:44 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:29:32 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2012-07-07 16:29:32 | Computer Name = witek-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 < End of report >