CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{CB98387D-1F37-11D4-BD1C-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\dropdown.ocx (algotec) CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{CE5AA328-0B3F-4846-9348-64B97782AADB}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll No File CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D21DECB0-02E4-11D4-BD81-0090278D2C56}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D4E025BB-0595-11D4-BD83-0090278D2C56}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\MSVBVM60.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D648C576-A69C-11D5-9BF6-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ALGMPR.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D95DEB2F-4A47-467C-A78B-5D3038D089D5}\InprocServer32 -> D:\BIN\WIN32\omgdbp.ocx No File CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DA77449C-95F2-11D3-BD1E-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\LDRC.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DBDD261B-D027-11C4-BD24-11A0C9FBA123}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DD15AA4D-DF9E-48D8-B393-F78500B6166F}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DDA3EF8E-9187-439D-90D0-09FDB116BEB4}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{E085839A-0BA8-11D4-BDA3-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\dropdown.ocx (algotec) CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{E226A993-E837-11D3-BD77-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FP.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{E6E29E0E-0A05-11D4-BD93-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{EFF4A4FA-0865-11D4-BD92-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FILM.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F128A719-4822-11D3-BD80-00A0C9D4BB53}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ACMD.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F3DEEFF2-1F65-11D4-BDA5-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F4C855CB-F2F1-4303-95C7-FA8E37D4BAA5}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UI_MultiMon.ocx (Algotec) CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F5018CC5-4A5B-11D3-BD72-00A0C9D4BD79}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PGI.dll () CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{FA0C0B36-7B2A-11D3-8289-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\DSEL.dll () ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 13:00 - 2004-08-04 13:00 - 00000742 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-11 12:34 - 2014-12-11 12:34 - 02905600 _____ () C:\Program Files\Alwil Software\Avast5\defs\14121100\algo.dll 2014-12-13 07:57 - 2014-12-13 07:57 - 02905600 _____ () C:\Program Files\Alwil Software\Avast5\defs\14121201\algo.dll 2014-05-08 12:22 - 2014-05-08 12:22 - 00300544 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL 2007-12-11 10:28 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll 2013-10-24 05:54 - 2014-11-15 09:44 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll 2014-12-01 23:03 - 2014-12-01 23:04 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Documents and Settings\BOREK:zylomtest AlternateDataStreams: C:\Documents and Settings\BOREK:zylomtr{000HQ7FF-AD7A-3FG4-9VJM-21SJ3RB1CVVS} AlternateDataStreams: C:\Documents and Settings\BOREK:zylomtr{002AVPFP-JHLQ-ABE1-51HL-20PR0G667000} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" MSCONFIG\startupreg: HP Software Update => "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpeedTouch USB Diagnostics => "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TOSCDSPD => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe ========================= Accounts: ========================== Administrator (S-1-5-21-1229272821-1343024091-725345543-500 - Administrator - Enabled) ASPNET (S-1-5-21-1229272821-1343024091-725345543-1004 - Limited - Enabled) BOREK (S-1-5-21-1229272821-1343024091-725345543-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\BOREK Gość (S-1-5-21-1229272821-1343024091-725345543-501 - Limited - Disabled) Pomocnik (S-1-5-21-1229272821-1343024091-725345543-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1229272821-1343024091-725345543-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Name: Kontroler magistrali zarządzania systemem Description: Kontroler magistrali zarządzania systemem Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/12/2014 11:06:14 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error: (12/12/2014 11:06:14 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error: (11/23/2014 02:37:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Aplikacja zawieszająca subedit.exe, wersja 1.0.0.4060, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error: (11/22/2014 09:57:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd plugin-container.exe, wersja 33.1.1.5430, moduł powodujący błąd mozalloc.dll, wersja 33.1.1.5430, adres błędu 0x00001425. Przetwarzanie zdarzenia określonego nośnika dla [plugin-container.exe!ws!] Error: (11/22/2014 09:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Aplikacja zawieszająca firefox.exe, wersja 33.1.1.5430, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error: (10/19/2014 07:35:01 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: , wystąpił błąd: Nieprawidłowe dane. Error: (09/28/2014 01:45:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd plugin-container.exe, wersja 32.0.2.5373, moduł powodujący błąd mozalloc.dll, wersja 32.0.2.5373, adres błędu 0x0000141b. Przetwarzanie zdarzenia określonego nośnika dla [plugin-container.exe!ws!] Error: (05/28/2014 06:00:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Aplikacja zawieszająca msimn.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error: (05/27/2014 10:39:18 AM) (Source: Microsoft Office 11) (EventID: 2001) (User: ) Description: Rejected Safe Mode action : Microsoft Office Word. Error: (05/25/2014 10:10:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Aplikacja zawieszająca WINWORD.EXE, wersja 11.0.8169.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. System errors: ============= Error: (12/13/2014 07:53:40 AM) (Source: ipnathlp) (EventID: 32003) (User: ) Description: Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji przez moduł tłumaczący, pracujący w trybie jądra. Może to wskazywać na błąd konfiguracji, niewystarczające zasoby lub na błąd wewnętrzny. Dane zawierają kod błędu. Error: (12/13/2014 07:49:18 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (12/13/2014 07:46:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AmdK8 aswRvrt aswSnx aswSP aswTdi aswVmm Fips Error: (12/13/2014 07:46:20 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (12/12/2014 02:38:35 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort0 Error: (12/12/2014 02:38:25 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort0 Error: (12/12/2014 02:38:03 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort0 Error: (12/12/2014 02:37:49 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort0 Error: (12/12/2014 02:34:53 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort0 Error: (12/12/2014 02:34:46 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort0 Microsoft Office Sessions: ========================= Error: (12/12/2014 11:06:14 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabWymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error: (12/12/2014 11:06:14 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabWymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error: (11/23/2014 02:37:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: subedit.exe1.0.0.4060hungapp0.0.0.000000000 Error: (11/22/2014 09:57:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.1.1.5430mozalloc.dll33.1.1.543000001425 Error: (11/22/2014 09:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe33.1.1.5430hungapp0.0.0.000000000 Error: (10/19/2014 07:35:01 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabNieprawidłowe dane. Error: (09/28/2014 01:45:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe32.0.2.5373mozalloc.dll32.0.2.53730000141b Error: (05/28/2014 06:00:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000 Error: (05/27/2014 10:39:18 AM) (Source: Microsoft Office 11) (EventID: 2001) (User: ) Description: Microsoft Office Word Error: (05/25/2014 10:10:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: WINWORD.EXE11.0.8169.0hungapp0.0.0.000000000 ==================== Memory info =========================== Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52 Percentage of memory in use: 43% Total physical RAM: 893.97 MB Available physical RAM: 507.88 MB Total Pagefile: 2167 MB Available Pagefile: 1862.45 MB Total Virtual: 2047.88 MB Available Virtual: 1920.26 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:147.58 GB) (Free:25.57 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: 209B4B29) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=147.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================