OTL Extras logfile created on: 2014-07-25 17:50:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exhalation\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,92 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 53,57% Memory free 9,11 Gb Paging File | 4,91 Gb Available in Paging File | 53,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,12 Gb Total Space | 354,58 Gb Free Space | 50,79% Space Free | Partition Type: NTFS Drive G: | 3,73 Gb Total Space | 3,58 Gb Free Space | 96,09% Space Free | Partition Type: FAT32 Computer Name: RAFAL | User Name: Exhalation | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( ) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( ) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "UacDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18556404-9C81-4127-8952-D77395E01ABC}" = lport=58217 | protocol=6 | dir=in | name=pando media booster | "{5BCDC2B5-879D-48C7-B016-EC0551394C54}" = lport=58217 | protocol=6 | dir=in | name=pando media booster | "{6112F99B-B641-43AE-AFFC-D61F8204E7FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | "{75AD2488-C8FB-4B7E-BCD1-2DB8BC3084A5}" = lport=58217 | protocol=17 | dir=in | name=pando media booster | "{CA4FFA81-649B-4C96-BAE1-0BA8761BE5BF}" = lport=58217 | protocol=17 | dir=in | name=pando media booster | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F1A2E65-E382-41FD-8BB9-D8673F67848A}" = protocol=17 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{175F0A77-6F14-4573-91AC-F08117C4B440}" = dir=in | app=c:\program files (x86)\playbns.com\blade and soul\bin\client.exe | "{1778B85A-B167-4B26-922C-268CC3CE93B1}" = protocol=58 | dir=in | app=system | "{1912464C-0055-4867-A8D8-C0D542BFD0EE}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | "{1968BFCF-CB36-40D1-AAF3-A3D9D96A495D}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{2857D2EE-1FD5-4B2E-A282-76CF895FF2F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{28E56F91-A6EB-4A1F-A6D9-58D8B9067F36}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{2C993AEE-2FB3-4DF8-A064-85EF3F01CD00}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{2D5C7CB9-C093-43EB-9EF1-4DE23DBF2859}" = protocol=6 | dir=in | app=c:\users\exhalation\appdata\local\temp\qqgamedownloader\bns_1400679388\miniqqdl.exe | "{33B1D5D9-1D1D-4DF7-BFF6-0FDA40D5F046}" = dir=in | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{3537E1EA-F910-43EF-A41C-E184A760EF41}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{4CD63941-A66D-4E31-B013-2D90F3BCCD43}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{54A665E5-F8F8-4388-9071-6D169B0C5ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | "{553568D0-882C-4F85-ACEF-3629C312BB0F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{5CC184F5-7C10-4FEA-89B1-73AE25E02F43}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\bfh beta\bfh.exe | "{622AD144-0C72-4B74-9F7C-B3BFF9D918B0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{64692F25-6F02-4C84-AE82-78DFFC6B0FBE}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{6B2A5CFC-5DA9-4483-A2A9-C35C3BBB0E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{6B89A978-FF3E-4056-B8A8-DF72F361CB5C}" = protocol=17 | dir=in | app=c:\users\exhalation\appdata\local\temp\qqgamedownloader\bns_1400679388\teniodl.exe | "{74CDE524-DDAA-4A30-8E6B-2552E5DE989D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{75C845D2-337D-47B3-AFF7-638EC3E1501D}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{7627D362-09A5-4BBD-86A1-62ABBC3BEB53}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | "{76B809E2-B1E0-41E8-AA3B-E33D501F6FBD}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{7961D692-758A-476D-AB04-146A383834A8}" = dir=out | name=@{microsoft.zunevideo_1.5.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{84388BB6-3D08-4016-8462-5EAF32C7852B}" = dir=out | name=@{microsoft.bingtravel_2.0.0.319_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{86B78503-77B6-43B0-9CD5-845ED45E43EF}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{8702052C-9482-4AF0-ABAE-FED65AA7A1B2}" = protocol=17 | dir=in | app=c:\users\exhalation\appdata\roaming\ncsoft\ncdownloader\ncdownload.exe | "{895F476F-D629-48F4-925C-B89B3A8846E2}" = protocol=6 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{8C03700E-1129-4273-BDE9-3DD1FB3B0592}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "{8C815947-A08D-40CF-BEE2-A3C08AB24CB1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | "{8F98DDA8-CEAA-4461-9883-8DB243E38A08}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | "{905BD74F-B5C1-4FEF-94C9-E9F11FB1567C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{95A93580-C492-46DA-A345-B01E65194DFE}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{9962D91A-04C3-436E-B132-336EA5706F81}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{9AAB865D-70EA-41B0-B26B-22A6D399941D}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{9B23D121-D124-4EA3-AADE-8191429A5059}" = dir=out | name=skype | "{9C2C8B3B-0E5D-4191-8459-A1F04C660E88}" = protocol=6 | dir=in | app=c:\users\exhalation\appdata\local\temp\qqgamedownloader\bns_1400679388\teniodl.exe | "{9C3D8DD4-3B65-43B0-A473-9F013390E0B1}" = protocol=17 | dir=in | app=c:\users\exhalation\appdata\local\temp\qqgamedownloader\bns_1400679388\miniqqdl.exe | "{A5FF41AE-D0E9-4C92-A803-CBCE0B576D40}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{A72E68CB-7EB2-4B63-82E0-B5CD91604D74}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{BB639A72-7BA6-442D-B9B2-F1A56D29EECF}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{BF25AC43-26B9-44FC-8054-CED3702A8936}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | "{C0138A54-21F4-4BB9-B74A-332A42BD7536}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | "{C0D3F251-2239-469E-A197-B25641D7E1C4}" = protocol=6 | dir=in | app=c:\users\exhalation\appdata\roaming\ncsoft\ncdownloader\ncdownload.exe | "{C15D2C52-930F-45EF-B544-22255B781ABE}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{C1F11440-A26C-484D-86F1-53FCDED10273}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C78F5628-ACE9-44F3-A647-1078666AE06A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{CF0B5EC5-6CDD-4E21-BDA3-D0EF78D0D4C6}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{CFA35944-83D5-4DD1-9F7A-DD467AF2E9B5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D3020137-F546-4E8D-8578-324AD03385FD}" = dir=out | name=clip collage movie maker | "{D4E1F4C2-27A1-4550-B5E9-EFBFDCC1EB80}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{D5CB8DA1-6DEF-4CFB-9CFC-56A619B6FE1E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D6BA89A6-E054-405C-ADAD-D20CC2F466C4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E7356B4A-9EE3-478D-93F5-9F142EFFE2AA}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{ED62D2F3-F98A-42DE-BAB0-6095C97573D1}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{F23AE65B-953E-405C-9F80-1B0D0836B112}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{F3209D45-2378-4D16-9AB9-1310F7D2C7BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | "{FD29B947-124E-4829-AF20-AEA5027DB1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\bfh beta\bfh.exe | "{FE283C1B-5041-463D-BB41-74E114E80F70}" = dir=in | name=skype | "{FE388B94-6A44-48BB-BBA1-F33AD33E3AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{0E47AC3E-30A4-48CA-AE2C-38B4D9549482}C:\users\exhalation\desktop\football manager 2014\fm.exe" = protocol=6 | dir=in | app=c:\users\exhalation\desktop\football manager 2014\fm.exe | "TCP Query User{239FC5E2-6FE5-4AD6-9663-959CA2C8AB18}C:\users\exhalation\desktop\7 days to die\7daystodie.exe" = protocol=6 | dir=in | app=c:\users\exhalation\desktop\7 days to die\7daystodie.exe | "TCP Query User{2AF9DD41-8165-49B7-886B-566ACEF64AF4}C:\gunz2\gunz2_europe.exe" = protocol=6 | dir=in | app=c:\gunz2\gunz2_europe.exe | "TCP Query User{64D28243-E625-4D11-B0CA-DCC654B6F5A5}C:\program files\mailshare\downloads\7 days to die\7daystodie.exe" = protocol=6 | dir=in | app=c:\program files\mailshare\downloads\7 days to die\7daystodie.exe | "TCP Query User{891B62C0-D982-4DD0-9A90-28AA5E91A516}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "TCP Query User{B699A142-B4DC-4EDC-B53E-BAE12B21E710}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe | "TCP Query User{CA22E481-A4B8-44A2-AD28-EB431E02A661}C:\program files (x86)\plaync\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\plaync\nclauncher\nclauncher.exe | "TCP Query User{DA7EFDB9-EF0C-4F63-913E-BA7D8BE72C76}C:\users\exhalation\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\exhalation\desktop\teamspeak3-server_win64\ts3server_win64.exe | "UDP Query User{1CFA6F81-D9C0-4B5F-AB34-25250E158B71}C:\program files (x86)\plaync\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\plaync\nclauncher\nclauncher.exe | "UDP Query User{3671F35E-24CE-459D-B3E4-78748B979E33}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "UDP Query User{3F799721-C705-4B8A-B909-773C3E8C1328}C:\users\exhalation\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\exhalation\desktop\teamspeak3-server_win64\ts3server_win64.exe | "UDP Query User{78FDDF20-C7EA-45BB-A54F-7BA489B9ACE5}C:\program files\mailshare\downloads\7 days to die\7daystodie.exe" = protocol=17 | dir=in | app=c:\program files\mailshare\downloads\7 days to die\7daystodie.exe | "UDP Query User{89CA3D42-A3D9-4431-B838-B12AF81150E3}C:\gunz2\gunz2_europe.exe" = protocol=17 | dir=in | app=c:\gunz2\gunz2_europe.exe | "UDP Query User{93416575-D5E3-443D-AD50-16670594BBD1}C:\users\exhalation\desktop\football manager 2014\fm.exe" = protocol=17 | dir=in | app=c:\users\exhalation\desktop\football manager 2014\fm.exe | "UDP Query User{A0F109BF-BF4C-4C8A-B544-7141EEF93848}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe | "UDP Query User{A5E7394F-CDBC-4961-B1DE-FCCD193F3EA1}C:\users\exhalation\desktop\7 days to die\7daystodie.exe" = protocol=17 | dir=in | app=c:\users\exhalation\desktop\7 days to die\7daystodie.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5846E720-C188-478F-B501-45EA1ACC44D1}_is1" = MailShare "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7424C6D8-2C8F-453D-B31F-480AB98345C3}" = AntispamEngine "{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel(R) Rapid Storage Technology "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{877C7A27-7529-4B0C-BA7B-4D697E90DDC1}" = FirewallEngine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013 "{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013 "{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 "{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}" = AdAwareUpdater "{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}_AdAwareUpdater" = Ad-Aware Antivirus "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1693 "{A8F67345-FA75-4E99-AEBA-DE9BFE708A49}" = OnlineThreatsEngine "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.48 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.48 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BB6E5AA0-BBE9-4009-B94E-2801F2D67DD7}" = AdAwareInstaller "{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine "{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "5AADE1068CF70DD983F763B20CF2CAAB72883915" = KB9X Radio Switch Driver "8461-7759-5462-8226" = Vuze "BatteryOptimizer" = Battery Optimizer "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 11.13.2.4_WHQL "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 5.10 beta 3 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}" = Cisco PEAP Module "{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel(R) Update Manager "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1B1C41CF-E86B-4D0F-BCD2-FEFEEEA80C97}" = XenoBot "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2D6AA12F-6925-45C0-AD48-F54333781705}" = 블레이드 & 소울 "{5333F308-39F2-4B2A-A510-573B5D35D34B}" = NCLauncher English Patch "{599276A7-F45D-40B1-A0B6-CF132A1CAD49}" = Battlefield™ Hardline Beta "{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends "{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1" = Uninstall LSI "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013 "{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013 "{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013 "{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013 "{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013 "{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013 "{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français "{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español "{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013 "{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013 "{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013 "{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013 "{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013 "{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013 "{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013 "{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013 "{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013 "{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013 "{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013 "{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D3D8C60-A5EF-4123-B2B9-172095903AB}" = REALTEK Bluetooth Driver "{9DAABC60-A5EF-41FF-B2B9-17329590CD5}" = REALTEK Wireless LAN Driver "{9F08B250-6805-4CBA-8014-6D927767A3F6}" = Zeus Pan Olimpu - Złota Edycja "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AF312B06-5C5C-468E-89B3-BE6DE2645722}" = Cisco LEAP Module "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}" = Aion "{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}" = Realtek PCIE Card Reader "{BDA0EB29-8B31-4BF4-8B05-04AA52340AC4}" = LogMeIn Hamachi "{C7B52FAF-58D8-438C-B810-F78C3C927504}" = ChomikBox "{CEF766E5-6E15-441F-B14A-C44CB168DBE7}" = Blade and Soul "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D831E399-50FE-84AE-F5F7-0A63AC282464}" = deal2Dealit "{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}" = Curse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "3DSexVilla2-093.001" = thriXXX 3DSexVilla2-093.001 "AC7F4E43-1023-443F-9746-58A93E04D717_is1" = Civilization 5 "Avast" = avast! Free Antivirus "Battle.net" = Battle.net "Battlelog Web Plugins" = Battlelog Web Plugins "C9(Continent of the Ninth Seal)_is1" = C9 "Cheat Engine 6.3_is1" = Cheat Engine 6.3 "DAEMON Tools Lite" = DAEMON Tools Lite "Glyph" = Glyph "Glyph RIFT" = RIFT "Google Chrome" = Google Chrome "GunZ2" = GunZ2 "Hearthstone" = Hearthstone "InstallShield_{2D6AA12F-6925-45C0-AD48-F54333781705}" = ???? & ?? "InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "League of Legends 3.0.1" = League of Legends "LogMeIn Hamachi" = LogMeIn Hamachi "NapiProjekt_is1" = NapiProjekt (2.2.0.2399) "NCLauncher_NCWest" = NCSOFT Game Launcher "NCLauncher_plaync" = NCLauncher (plaync) "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "Opera 21.0.1432.67" = Opera Stable 21.0.1432.67 "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "QWdlb2ZXb25kZXJzSUlJ_is1" = Age of Wonders III "TamagotchiSimulator2.5" = Tamagotchi Simulator 2.5 "thriXXX WebLaunch" = thriXXX WebLaunch "Tibia_is1" = Tibia "VLC media player" = VLC media player 2.1.3 "VMware_Workstation" = VMware Workstation "Winamp" = Winamp [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Poke-Evo Client 1.6" = Poke-Evo Client 1.6 "PriceMeter Express" = PriceMeter Express (remove only) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-07-24 20:02:49 | Computer Name = Rafal | Source = Perflib | ID = 1008 Description = Error - 2014-07-24 20:03:02 | Computer Name = Rafal | Source = Perflib | ID = 1023 Description = Error - 2014-07-24 20:05:17 | Computer Name = Rafal | Source = Perflib | ID = 1008 Description = Error - 2014-07-24 20:05:17 | Computer Name = Rafal | Source = Perflib | ID = 1008 Description = Error - 2014-07-24 20:05:17 | Computer Name = Rafal | Source = Perflib | ID = 1008 Description = Error - 2014-07-24 20:05:17 | Computer Name = Rafal | Source = Perflib | ID = 1008 Description = Error - 2014-07-24 21:00:00 | Computer Name = Rafal | Source = ESENT | ID = 455 Description = svchost (1900) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00551.log. Error - 2014-07-25 08:23:11 | Computer Name = Rafal | Source = Application Error | ID = 1000 Description = Faulting application name: delegate_execute.exe, version: 34.0.1847.131, time stamp: 0x53581dbc Faulting module name: delegate_execute.exe, version: 34.0.1847.131, time stamp: 0x53581dbc Exception code: 0xc0000005 Fault offset: 0x0003232d Faulting process id: 0x1ac8 Faulting application start time: 0x01cfa8032b29dde2 Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\delegate_execute.exe Faulting module path: C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\delegate_execute.exe Report Id: 70e2c0b5-13f6-11e4-be8d-240a64e9f04e Faulting package full name: Faulting package-relative application ID: Error - 2014-07-25 09:46:04 | Computer Name = Rafal | Source = MsiInstaller | ID = 11704 Description = Error - 2014-07-25 11:25:56 | Computer Name = Rafal | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "C:\Users\Exhalation\Downloads\launch.exe".Error in manifest or policy file "C:\Users\Exhalation\Downloads\launch.exe" on line 0. Invalid Xml syntax. [ System Events ] Error - 2014-07-24 19:53:08 | Computer Name = Rafal | Source = DCOM | ID = 10010 Description = Error - 2014-07-24 20:00:56 | Computer Name = Rafal | Source = Microsoft-Windows-Kernel-General | ID = 6 Description = Error - 2014-07-24 20:01:35 | Computer Name = Rafal | Source = NetBT | ID = 4321 Description = The name "RAFAL :0" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.104 did not allow the name to be claimed by this computer. Error - 2014-07-24 20:02:10 | Computer Name = Rafal | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect. Error - 2014-07-24 20:02:10 | Computer Name = Rafal | Source = Service Control Manager | ID = 7000 Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: %%1053 Error - 2014-07-24 20:02:20 | Computer Name = Rafal | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{4190F66C-228F-4B2B-970E-EFF61C924BE0} because another computer on the network has the same name. The server could not start. Error - 2014-07-24 20:02:20 | Computer Name = Rafal | Source = NetBT | ID = 4321 Description = The name "RAFAL :20" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.104 did not allow the name to be claimed by this computer. Error - 2014-07-25 09:44:03 | Computer Name = Rafal | Source = DCOM | ID = 10010 Description = Error - 2014-07-25 09:44:36 | Computer Name = Rafal | Source = Microsoft-Windows-Kernel-General | ID = 6 Description = Error - 2014-07-25 09:47:39 | Computer Name = Rafal | Source = Service Control Manager | ID = 7030 Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >