OTL Extras logfile created on: 2012-11-06 23:52:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\ Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,87 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 57,03% Memory free 5,94 Gb Paging File | 4,75 Gb Available in Paging File | 79,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,41 Gb Total Space | 88,52 Gb Free Space | 59,25% Space Free | Partition Type: NTFS Drive E: | 147,21 Gb Total Space | 107,12 Gb Free Space | 72,77% Space Free | Partition Type: NTFS Drive G: | 1,91 Gb Total Space | 1,91 Gb Free Space | 99,97% Space Free | Partition Type: FAT Computer Name: MATEUSZ-PC | User Name: ppp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3010784645-2878713753-691153394-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07C236FA-884D-47E8-A91B-80573CEFEC0A}" = rport=138 | protocol=17 | dir=out | app=system | "{1566FF8A-D667-48B9-A5FF-2597020FF822}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{238F9B55-8F82-4579-9A83-CCAF8735FA1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{46B3C9BD-98B1-4A5C-9BFA-E34A5A420882}" = rport=137 | protocol=17 | dir=out | app=system | "{4BED1A4D-7353-4579-BF06-7ED1FD449BF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6962CF58-C63D-48D9-960E-FBF07E2D66D5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{769CC9E1-1CE7-4272-ADD0-88DCD479D18D}" = rport=445 | protocol=6 | dir=out | app=system | "{7AE8E399-A319-4AAC-8C79-2CE2E5931221}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{96463D44-090D-43E1-9D34-D963B7402971}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9D5E2F1A-FCDD-4454-B0F9-DF21421290C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A2E82592-9C6A-43C5-A683-53CDE8E9232A}" = rport=139 | protocol=6 | dir=out | app=system | "{A6767E59-8F7C-402E-B604-20B6081BEAC4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{AC607F31-9B28-47AB-BA66-101652E70BB7}" = lport=137 | protocol=17 | dir=in | app=system | "{AE0DA10B-F8D1-4C8F-B49E-028674B35536}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C9C26EBD-40CB-4D2A-9653-49A5CCF3EC57}" = lport=138 | protocol=17 | dir=in | app=system | "{CB60E8DB-E154-439B-A4FB-CDEAFA64691D}" = lport=139 | protocol=6 | dir=in | app=system | "{DA4B4767-1C91-4BEF-80F0-E5A02AA59476}" = lport=445 | protocol=6 | dir=in | app=system | "{E9D7EC7B-AB42-47FC-AC74-ADB40A271BFA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{EE54613F-3707-4A40-A4CC-68451E277158}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{205F72F1-CB5B-4609-8902-C953A4C1BCB5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{44FEA90E-79EA-473E-97B4-41AB99FDABF8}" = protocol=17 | dir=in | app=e:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{5CA6B8F5-894E-4C9C-9EAD-114960FD619D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{64479CD3-06E9-47A1-9107-A45CDACC8DFF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{6B7DA282-F6F5-48FA-AFEA-33737E13944B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{746CC1AD-3F94-4D95-92E2-B0CF519F6BAC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9CE9F392-543D-4DF3-BC01-DB5C94762CFB}" = protocol=6 | dir=in | app=e:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{A48117C7-ACBD-4A1A-883E-558FD44EA014}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{ABDD54A7-A22F-4E73-A067-F52D5CF05D52}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{B002B675-4F01-4C1B-A899-735B6011C1E9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{B08768E9-0F19-4895-8C27-5E1A1565BA35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B5DA88B6-C3EF-47C0-9B04-4198CF271CD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B9823B2A-C840-4B74-8955-39DD97D90594}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CC680056-5A1D-4903-A8FC-A92BA5F3DCA5}" = protocol=17 | dir=in | app=c:\users\ppp\downloads\sweetimsetup.exe | "{D73C0BD2-0CFB-46E9-A391-00E03EE03817}" = protocol=6 | dir=in | app=c:\users\ppp\downloads\sweetimsetup.exe | "{FD2A6385-62C0-4CA0-A839-DF31F63A58EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{05276619-D36F-4EA7-8404-95E11676D082}C:\casino\paradisecasino\casino.exe" = protocol=6 | dir=in | app=c:\casino\paradisecasino\casino.exe | "TCP Query User{0695F4D0-6995-45FD-8A0B-88BBB3F8B780}E:\casino\paradisecasino\casino.exe" = protocol=6 | dir=in | app=e:\casino\paradisecasino\casino.exe | "TCP Query User{0E292F91-48C9-4398-BBB0-597F30FFD8CF}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{30F0FD10-FFF9-468C-9AE1-86F014F59C85}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe | "TCP Query User{331FE777-001E-4EB8-9F31-E4614E01C75A}E:\program files\ea sports\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 12\game\fifa.exe | "TCP Query User{39A9B1EB-77DF-48BC-9391-A7A7B97FC833}C:\users\ppp\desktop\cs\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\ppp\desktop\cs\counter-strike 1.6\hl.exe | "TCP Query User{4CC7A5D7-DD93-4555-9E1F-AD2EF71D9DC3}C:\users\ppp\desktop\dragonmt2\dragonmt2.exe" = protocol=6 | dir=in | app=c:\users\ppp\desktop\dragonmt2\dragonmt2.exe | "TCP Query User{5E2BB9B6-BA11-4D09-8727-8AB850D44C88}C:\users\ppp\appdata\local\temp\winupphf.exe" = protocol=6 | dir=in | app=c:\users\ppp\appdata\local\temp\winupphf.exe | "TCP Query User{5F3BF633-7C92-44EC-9348-91434141211B}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{6089F2BC-B888-407B-92EE-815CF49119E1}C:\users\ppp\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\ppp\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{825B74A7-0D66-4A90-A052-F15CDE64BA64}C:\users\ppp\desktop\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\ppp\desktop\counter-strike 1.6\hl.exe | "TCP Query User{8C02C6F4-E423-4285-8DB1-80204346006D}C:\users\ppp\appdata\local\temp\winywfai.exe" = protocol=6 | dir=in | app=c:\users\ppp\appdata\local\temp\winywfai.exe | "TCP Query User{8F4CA785-736D-4E01-93F9-3E327A9F4B82}G:\metin2\metin2.bin" = protocol=6 | dir=in | app=g:\metin2\metin2.bin | "TCP Query User{98672AC2-08A4-4B3C-AF80-5C90A6F8266E}E:\program files\betsson euro tables\pokerclient\betsson euro tables.exe" = protocol=6 | dir=in | app=e:\program files\betsson euro tables\pokerclient\betsson euro tables.exe | "TCP Query User{9FF7DCEA-3D3E-4803-8236-090A7D4944A5}E:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 11\game\fifa.exe | "TCP Query User{B7B64AFE-89BF-4946-AECB-D73B4F254869}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{B9CF94C3-DC8D-438E-8470-1221D5F953C8}C:\users\ppp\downloads\ap_wizard\polish\wizard\apwizard.exe" = protocol=6 | dir=in | app=c:\users\ppp\downloads\ap_wizard\polish\wizard\apwizard.exe | "TCP Query User{BB4EE9A2-28C7-4E87-AD26-8182B56B5362}E:\program files\dragonmt2\dragonmt2.exe" = protocol=6 | dir=in | app=e:\program files\dragonmt2\dragonmt2.exe | "TCP Query User{D4464D98-C112-4C10-936D-6291A788626A}E:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=e:\program files\metin2\metin2.bin | "TCP Query User{DB77E6D4-9642-4AEA-9524-1B716AAEF286}G:\new folder.exe" = protocol=6 | dir=in | app=g:\new folder.exe | "TCP Query User{E01919FD-2F9B-4EFA-B66C-E0602437ECE0}E:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{E3FD8A14-5249-448E-9010-65A623F60267}E:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\program files\metin2\metin2client.bin | "TCP Query User{E6D99231-AD07-419F-B9EF-72AEE30CB595}C:\users\ppp\appdata\local\temp\winntncqv.exe" = protocol=6 | dir=in | app=c:\users\ppp\appdata\local\temp\winntncqv.exe | "TCP Query User{E7B59D07-2216-481A-A230-13DA08A76221}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{E81F63DE-0AF1-4FA3-A0A2-4C474648A83B}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | "TCP Query User{E8D2BF29-2470-4066-BF08-16C569F55872}E:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{F61E9FF0-4A52-40AB-8817-5219D2309ED4}E:\program files\metin2\metin2.exe" = protocol=6 | dir=in | app=e:\program files\metin2\metin2.exe | "UDP Query User{15759AE7-AFEB-4832-92E2-B2C96BEC3DA6}E:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\program files\metin2\metin2client.bin | "UDP Query User{1B1FF215-46AD-417A-A4A8-E78C15EF4E4B}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{2427F901-CDA3-4867-AD27-0C1DC075FC0E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{27C91F28-A1EB-41EC-9316-CEBA758EAF4B}E:\program files\metin2\metin2.exe" = protocol=17 | dir=in | app=e:\program files\metin2\metin2.exe | "UDP Query User{2B803AAB-8AD6-4B4B-9D92-0AA687235CB5}C:\casino\paradisecasino\casino.exe" = protocol=17 | dir=in | app=c:\casino\paradisecasino\casino.exe | "UDP Query User{2B8BF559-E632-40E3-9D66-24C450DAF122}C:\users\ppp\appdata\local\temp\winywfai.exe" = protocol=17 | dir=in | app=c:\users\ppp\appdata\local\temp\winywfai.exe | "UDP Query User{2FC85F21-6657-4E51-ACD1-66F1A0557C58}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{3814DD3B-76B6-4B84-9FDC-45499CA68B6D}E:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=e:\program files\metin2\metin2.bin | "UDP Query User{3EDFE4F3-1732-4870-ADB5-905CFFA067AD}C:\users\ppp\downloads\ap_wizard\polish\wizard\apwizard.exe" = protocol=17 | dir=in | app=c:\users\ppp\downloads\ap_wizard\polish\wizard\apwizard.exe | "UDP Query User{4B8A4FBD-624B-43C5-B761-3BF9393B24C2}C:\users\ppp\desktop\cs\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\ppp\desktop\cs\counter-strike 1.6\hl.exe | "UDP Query User{60F15A68-AAC5-4287-BBD5-B824061BDB79}E:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 11\game\fifa.exe | "UDP Query User{6E38A3F7-26CC-4F78-A507-0140A9F41C41}E:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{8C79F58B-2825-4E7D-9CE2-2A9F5BF98FE1}C:\users\ppp\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\ppp\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{9E0C2777-7EC8-4B7C-88EE-0A7B3BB46E8F}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | "UDP Query User{A2A17541-E164-4F57-8C96-28608649B095}G:\new folder.exe" = protocol=17 | dir=in | app=g:\new folder.exe | "UDP Query User{B42DD051-EDEE-4F67-AC2C-0D903FDF627A}G:\metin2\metin2.bin" = protocol=17 | dir=in | app=g:\metin2\metin2.bin | "UDP Query User{C11E569C-0E4D-4944-9BF9-80747A588888}E:\program files\dragonmt2\dragonmt2.exe" = protocol=17 | dir=in | app=e:\program files\dragonmt2\dragonmt2.exe | "UDP Query User{C4BE504F-CB59-4FA7-B459-795EBFA2BF9B}C:\users\ppp\appdata\local\temp\winupphf.exe" = protocol=17 | dir=in | app=c:\users\ppp\appdata\local\temp\winupphf.exe | "UDP Query User{C7E0A23A-C349-4CFB-B5F5-01B1B3789011}C:\users\ppp\desktop\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\ppp\desktop\counter-strike 1.6\hl.exe | "UDP Query User{CF3F66AA-876A-4937-BD72-E7B471390A0B}E:\program files\ea sports\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 12\game\fifa.exe | "UDP Query User{D8088F42-C882-4F59-B7FF-CFC1E307B1C2}C:\users\ppp\desktop\dragonmt2\dragonmt2.exe" = protocol=17 | dir=in | app=c:\users\ppp\desktop\dragonmt2\dragonmt2.exe | "UDP Query User{D8CBAE71-199E-4A30-9F24-4EB88B92436D}E:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{DAB29BAF-F6FE-4B53-86F8-FFAF2B3FA972}C:\users\ppp\appdata\local\temp\winntncqv.exe" = protocol=17 | dir=in | app=c:\users\ppp\appdata\local\temp\winntncqv.exe | "UDP Query User{DC1FCAED-953D-463D-8F7B-9F0B8A2A017B}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe | "UDP Query User{DD7485D8-5E49-4BDF-A83F-0E71EF5E1111}E:\program files\betsson euro tables\pokerclient\betsson euro tables.exe" = protocol=17 | dir=in | app=e:\program files\betsson euro tables\pokerclient\betsson euro tables.exe | "UDP Query User{DDC7E7C0-D5C7-436A-B6EA-938F3882C7F5}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "UDP Query User{F6B27372-48CA-486D-B529-05707F18CFE3}E:\casino\paradisecasino\casino.exe" = protocol=17 | dir=in | app=e:\casino\paradisecasino\casino.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{10DFB03F-845F-4BC6-BE9E-7FEC377A0CD0}" = Podreczniki TOSHIBA "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{306B39C9-3AB1-4161-8567-9C7E50B41AE3}" = Microsoft Works "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0415-0000-0000000FF1CE}" = Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "{AD9E6AC8-27B4-326A-69D1-C8A3549DAC22}" = Bamboo Dock "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F627CDBC-8323-4024-9691-A0A6533F43E0}" = ESET NOD32 Antivirus "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG Secure Search" = AVG Security Toolbar "Bamboo Dock" = Bamboo Dock 3.3 "Betsson Poker_is1" = Betsson Poker 1.0.0 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "GameDesire-Poker" = GameDesire-Poker "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 16.0.2 (x86 pl)" = Mozilla Firefox 16.0.2 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Pen Tablet Driver" = Bamboo "Picasa 3" = Picasa 3 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3010784645-2878713753-691153394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BankBrowser" = BankBrowser "GG" = GG "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-05-01 16:24:12 | Computer Name = Mateusz-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xe0fafafa, przesunięcie błędu 0x00000000, identyfikator procesu 0xf30, godzina rozpoczęcia aplikacji 0x01cc083d2e41b74b. Error - 2011-05-01 16:24:19 | Computer Name = Mateusz-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, moduł powodujący błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, kod wyjątku 0x40000015, przesunięcie błędu 0x0014c799, identyfikator procesu 0xf30, godzina rozpoczęcia aplikacji 0x01cc083d2e41b74b. Error - 2011-05-02 04:57:36 | Computer Name = Mateusz-PC | Source = WinMgmt | ID = 10 Description = Error - 2011-05-02 09:46:25 | Computer Name = Mateusz-PC | Source = WinMgmt | ID = 10 Description = Error - 2011-05-03 11:35:04 | Computer Name = Mateusz-PC | Source = WinMgmt | ID = 10 Description = Error - 2011-05-03 11:41:50 | Computer Name = Mateusz-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xe0fafafa, przesunięcie błędu 0x00000000, identyfikator procesu 0xea0, godzina rozpoczęcia aplikacji 0x01cc09a7a9ff3f29. Error - 2011-05-03 11:41:54 | Computer Name = Mateusz-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, moduł powodujący błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, kod wyjątku 0x40000015, przesunięcie błędu 0x0014c799, identyfikator procesu 0xea0, godzina rozpoczęcia aplikacji 0x01cc09a7a9ff3f29. Error - 2011-05-04 05:45:33 | Computer Name = Mateusz-PC | Source = WinMgmt | ID = 10 Description = Error - 2011-05-04 05:47:05 | Computer Name = Mateusz-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xe0fafafa, przesunięcie błędu 0x00000000, identyfikator procesu 0x808, godzina rozpoczęcia aplikacji 0x01cc0a4005ad5b2a. Error - 2011-05-04 05:47:10 | Computer Name = Mateusz-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, moduł powodujący błąd Skype.exe, wersja 5.0.0.156, sygnatura czasowa 0x4cf901f4, kod wyjątku 0x40000015, przesunięcie błędu 0x0014c799, identyfikator procesu 0x808, godzina rozpoczęcia aplikacji 0x01cc0a4005ad5b2a. Error encountered while reading event logs. < End of report >