OTL logfile created on: 2013-05-26 18:02:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dom\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,50 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 78,87% Memory free 5,33 Gb Paging File | 4,76 Gb Available in Paging File | 89,22% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 30,71 Gb Free Space | 62,89% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 83,52 Gb Free Space | 57,02% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 68,01 Gb Free Space | 46,43% Space Free | Partition Type: NTFS Drive G: | 123,96 Gb Total Space | 30,23 Gb Free Space | 24,39% Space Free | Partition Type: NTFS Computer Name: XXX-8250A80B693 | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-05-26 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe PRC - [2013-05-14 19:58:52 | 000,181,664 | ---- | M] (Oracle Corporation) -- F:\Rock\bin\jqs.exe PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-08-30 21:10:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2009-09-30 14:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009-09-30 14:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009-08-04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009-08-04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2008-04-15 00:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-12-10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exe PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office 2003 PL\Office12\GrooveMonitor.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-05-10 09:57:54 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2009-07-30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013-05-15 17:19:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-05-14 19:58:52 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- F:\Rock\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- E:\Malwarebytes\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-08-30 21:10:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2009-09-30 14:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009-09-30 14:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009-08-04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2006-10-27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft Office 2003 PL\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [File_System | On_Demand | Stopped] -- E:\Nowy folder\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-10-12 16:39:10 | 000,461,952 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2010-06-12 15:16:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009-12-08 12:03:00 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-09-17 06:54:14 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) DRV - [2009-07-28 10:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009-05-25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009-05-25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029bus.sys -- (s1029bus) DRV - [2009-05-25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009-05-25 11:49:08 | 000,109,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029unic.sys -- (s1029unic) DRV - [2009-05-25 11:49:08 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mgmt.sys -- (s1029mgmt) DRV - [2009-05-25 11:49:08 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009-05-25 11:49:08 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029nd5.sys -- (s1029nd5) DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes,DefaultScope = {B5E7DC98-16FF-4db7-96FE-A6D4304E0435} IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes\{09F79657-9B88-4d02-A87B-5D677C8B4A2F}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=040180910000000000006cf0497816b2 IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\SearchScopes\{B5E7DC98-16FF-4db7-96FE-A6D4304E0435}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: F:\Rock\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: E:\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: E:\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.6h: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Eset Nod 32\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{20978f0f-2978-4992-ae97-7d373c44e04e}: E:\edyta\English Translator\MozillaTranslator Hosts file not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 2003 PL\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Rock\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Rock\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [GrooveMonitor] E:\Microsoft Office 2003 PL\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKU\S-1-5-21-2025429265-515967899-1801674531-1003..\Run: [Nowe Gadu-Gadu] E:\Gadu-gadu\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-21-2025429265-515967899-1801674531-1005..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - Startup: C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = E:\Microsoft Office 2003 PL\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2025429265-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2025429265-515967899-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Microsoft Office 2003 PL\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2003 PL\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2003 PL\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office 2003 PL\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.151.32.3 83.151.32.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03BE65C6-1520-493E-8FFF-4D050A04BC0A}: DhcpNameServer = 83.151.32.3 83.151.32.7 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office 2003 PL\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\fdewuqe: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office 2003 PL\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-30 18:19:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{608cac22-5588-11e2-b2fb-6cf0497816b2}\Shell - "" = AutoRun O33 - MountPoints2\{608cac22-5588-11e2-b2fb-6cf0497816b2}\Shell\AutoRun\command - "" = H:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-05-26 17:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013-05-26 13:20:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2013-05-25 11:17:46 | 012,555,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys [2013-05-25 11:17:46 | 004,494,208 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll [2013-05-25 10:17:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dom\Recent [2013-05-25 10:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation [2013-05-25 09:04:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-05-25 09:03:05 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3232018.dll [2013-05-25 09:03:05 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3232018.dll [2013-05-25 08:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\HD Tune Pro [2013-05-25 08:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HD Tune Pro [2013-05-24 12:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Temp [2013-05-23 10:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\World of Tanks [2013-05-23 10:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Game Booster 3 [2013-05-23 10:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2013-05-23 07:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2013-05-22 10:06:35 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll [2013-05-22 10:06:35 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll [2013-05-22 09:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013-05-14 19:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-05-14 19:59:01 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-05-14 16:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\FreeVideoConverter [2011-12-01 17:25:46 | 001,510,160 | ---- | C] (Rovio Mobile) -- C:\Documents and Settings\Dom\Dane aplikacji\AngryBirdsSeasons.exe [12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-05-26 17:19:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-05-26 16:25:41 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job [2013-05-26 16:25:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-05-26 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2013-05-26 11:29:15 | 001,095,368 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013-05-26 11:29:15 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2013-05-26 11:29:13 | 001,095,368 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013-05-25 11:26:12 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2013-05-25 09:22:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013-05-25 09:09:06 | 000,558,678 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013-05-25 09:09:06 | 000,496,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-05-25 09:09:06 | 000,105,750 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013-05-25 09:09:06 | 000,084,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-05-23 10:22:54 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Tanks.lnk [2013-05-22 09:48:02 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2013-05-15 17:19:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-05-15 17:19:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-05-14 19:58:52 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-05-14 19:58:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-05-14 19:58:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-05-14 19:58:52 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013-05-14 19:58:52 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-05-14 19:58:51 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013-05-14 19:58:51 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013-05-12 23:37:35 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3232018.dll [2013-05-12 23:37:35 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3232018.dll [12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-05-26 10:13:53 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2013-05-25 11:17:46 | 004,494,208 | ---- | C] () -- C:\WINDOWS\System32\nv4_disp.dll [2013-05-23 10:52:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013-05-23 10:22:54 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\World of Tanks.lnk [2013-05-23 10:15:14 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job [2013-05-22 09:48:02 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2013-05-22 09:48:02 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2013-03-31 12:13:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2013-03-31 12:12:31 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2013-02-18 20:26:14 | 000,436,736 | ---- | C] () -- C:\WINDOWS\System32\promedin.dll [2013-02-12 09:43:07 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\4ee6a02ca947714f.sys [2012-08-22 14:07:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\clofghls.dll [2012-08-20 20:34:25 | 000,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2012-04-12 15:32:06 | 001,095,368 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012-04-12 15:32:06 | 001,095,368 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012-04-12 15:32:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012-04-12 15:31:50 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012-03-31 08:26:01 | 000,000,687 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2012-03-31 08:25:58 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI [2011-02-21 13:08:20 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\Dom\Dane aplikacji\XTDocSettings_et.ini [2010-08-23 16:21:19 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-07 17:30:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Dom\Dane aplikacji\PnkBstrK.sys [color=#E56717]========== ZeroAccess Check ==========[/color] [2010-05-30 18:31:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-15 00:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008-04-15 00:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 00:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011-06-25 15:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-12-10 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astroburn Pro [2013-02-13 11:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2013-04-13 09:16:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2010-06-12 15:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-10-26 14:40:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DSS [2010-11-24 16:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core [2010-11-24 16:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2013-04-13 10:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2013-03-25 23:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\firebird [2010-05-30 19:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2013-05-23 10:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2013-04-13 09:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2013-01-15 11:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-04-02 13:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Solidshield [2012-01-04 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\VideoMach [2010-12-10 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Astroburn Pro [2013-02-13 11:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\DAEMON Tools Lite [2012-02-20 10:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\e-pity [2013-05-14 16:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\FreeVideoConverter [2010-05-30 20:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Gadu-Gadu [2011-07-10 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Gadu-Gadu 10 [2013-05-25 08:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\HD Tune Pro [2010-08-13 13:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Leadertech [2012-12-08 12:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mumble [2011-09-15 12:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu [2011-07-10 15:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\OpenFM [2013-03-09 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\PIT Projekt 2012 [2012-03-13 10:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Podatnik.info [2011-09-04 12:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\RayV [2012-03-25 15:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Rovio [2013-03-31 12:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Samsung [2011-11-14 15:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Softland [2013-05-14 19:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\TS3Client [2013-03-30 12:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\uTorrent [2012-10-18 14:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\wargaming.net [2013-02-13 12:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Delta [2011-11-14 15:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Softland [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color] [C:\WINDOWS\$NtUninstallKB1123$] -> Error: Cannot create file handle -> Unknown point type < End of report >