OTL logfile created on: 2012-06-09 22:35:12 - Run 19 OTL by OldTimer - Version 3.2.48.0 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 503,37 Mb Total Physical Memory | 253,98 Mb Available Physical Memory | 50,46% Memory free 1,20 Gb Paging File | 1,03 Gb Available in Paging File | 85,51% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 34,21 Gb Total Space | 0,51 Gb Free Space | 1,49% Space Free | Partition Type: NTFS Drive E: | 3,73 Gb Total Space | 1,94 Gb Free Space | 51,98% Space Free | Partition Type: FAT32 Computer Name: DB0SCE82 | User Name: X | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== LOP Check ==========[/color] [2012-06-09 11:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C50A8000432F00009F8EBD151FC84 [2012-01-11 16:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2010-11-21 16:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elcomsoft Password Recovery [2011-03-11 18:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2011-05-19 20:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla [2010-11-30 22:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2009-07-16 20:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery [2008-06-15 12:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2008-11-05 09:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011-03-11 19:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\ArcaVirMicroScan [2012-01-11 16:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Babylon [2011-11-07 19:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Broad Intelligence [2007-01-15 09:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\ContentGuard [2011-03-11 18:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\f-secure [2010-09-18 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\FreeFileViewer [2011-08-26 18:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\GrabIt [2011-05-20 09:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\ipla [2010-11-30 22:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Juniper Networks [2006-04-13 21:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Leadertech [2010-11-15 20:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\OpenOffice.org [2008-12-09 12:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Opera [2008-03-09 14:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Publish or Perish [2012-06-09 18:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\QuickScan [2011-03-31 21:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\RDRM [2009-01-07 22:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Snapter Images [2006-11-02 19:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Tlen.pl [2012-01-11 16:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Toolbar4 [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color] "" = Microsoft WBEM New Event Subsystem [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color] "" = MruPidlList [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011-11-01 22:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009-02-06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008-04-14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2008-04-14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2008-04-14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe [2009-02-06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009-02-06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [2004-08-04 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe [2004-08-04 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 < End of report >