OTL logfile created on: 2012-09-22 16:12:42 - Run 3 OTL by OldTimer - Version 3.1.4.0 Folder = G:\D2\bezpieczenstwo\OTL Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1023,37 Mb Total Physical Memory | 190,46 Mb Available Physical Memory | 18,61% Memory free 2,40 Gb Paging File | 1,72 Gb Available in Paging File | 71,75% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 5,86 Gb Total Space | 0,91 Gb Free Space | 15,58% Space Free | Partition Type: NTFS Drive D: | 15,63 Gb Total Space | 0,05 Gb Free Space | 0,35% Space Free | Partition Type: NTFS Drive E: | 15,70 Gb Total Space | 0,03 Gb Free Space | 0,18% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 27,92 Gb Total Space | 2,65 Gb Free Space | 9,48% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZXC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-17 20:04:18 | 00,924,600 | ---- | M] (Mozilla Corporation) -- C:\wazne-nie ruszac\firefox-12.0b6\firefox\firefox.exe PRC - [2012-03-08 21:27:00 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe PRC - [2011-02-24 22:00:08 | 00,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2009-11-06 15:54:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- G:\D2\bezpieczenstwo\OTL\OTL 3.1.4.0.exe PRC - [2009-11-03 15:48:54 | 00,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2009-11-03 15:45:48 | 01,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2009-11-03 15:42:00 | 00,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe PRC - [2009-11-03 15:35:14 | 01,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe PRC - [2009-11-03 15:33:48 | 00,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2009-10-30 13:28:54 | 00,135,592 | ---- | M] () -- C:\wazne-nie ruszac\vlc-1.0.3\vlc.exe PRC - [2007-05-14 00:00:00 | 00,577,536 | ---- | M] () -- C:\wazne-nie ruszac\notepad2\Notepad2.exe PRC - [2006-10-25 14:37:44 | 05,277,624 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopus.exe PRC - [2005-05-12 21:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2005-05-12 21:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2004-09-13 11:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2004-08-19 09:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe PRC - [2004-08-04 14:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 14:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2004-08-04 14:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2004-08-04 14:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2004-08-04 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2004-08-04 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-11-06 15:54:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- G:\D2\bezpieczenstwo\OTL\OTL 3.1.4.0.exe MOD - [2006-10-13 16:19:52 | 00,489,400 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll MOD - [2004-08-04 14:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 14:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-11-03 15:48:54 | 00,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009-11-03 15:42:00 | 00,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2009-11-03 15:33:48 | 00,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2005-05-12 21:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2004-08-04 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-04 19:58:18 | 00,085,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2011-07-04 19:58:18 | 00,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011-07-04 19:58:16 | 00,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009-11-11 04:26:02 | 02,216,064 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2008-08-13 16:23:56 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005-05-12 21:46:20 | 01,132,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005-03-22 22:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6) DRV - [2005-03-10 16:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) DRV - [2004-11-16 10:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2004-08-04 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2004-08-04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004-06-17 15:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2004-06-17 15:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004-06-17 15:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004-05-26 15:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004-03-17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2002-01-12 17:30:34 | 00,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-03-08 21:27:03 | 00,000,000 | ---D | M] [2009-11-06 21:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2009-11-06 21:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011-12-03 03:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5r08ovpw.Default User\extensions [2011-12-03 03:41:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5r08ovpw.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-09-16 20:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions [2010-02-15 01:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2012-01-06 18:43:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2012-05-26 18:37:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-05-26 18:37:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions\amin.eft_bmnotes@gmail.com [2011-03-03 23:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions\en-GB@dictionaries.addons.mozilla.org [2010-09-15 21:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions\linky@gemal.dk [2011-09-14 20:42:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nwx9x4pl.ultimate 2.0\extensions\pl@dictionaries.addons.mozilla.org [2011-05-03 20:34:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2011-01-20 12:35:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-01-20 12:34:50 | 00,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll (Xi) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [Plus Internet] C:\Program Files\Plus Internet\PlusInternetChecker.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html () O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html () O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-04-09 18:11:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3b9e871c-ad3e-11e0-8a42-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{3b9e871c-ad3e-11e0-8a42-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b9e871c-ad3e-11e0-8a42-0013ce1a187b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{4d3836cc-635f-11e0-899c-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{4d3836cc-635f-11e0-899c-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4d3836cc-635f-11e0-899c-0013ce1a187b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{515c809e-5ee3-11e0-8992-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{515c809e-5ee3-11e0-8992-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{515c809e-5ee3-11e0-8992-0013ce1a187b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{515c80a2-5ee3-11e0-8992-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{515c80a2-5ee3-11e0-8992-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{515c80a2-5ee3-11e0-8992-0013ce1a187b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{562e4ecc-ebc8-11e1-8cba-00123fe41894}\Shell - "" = AutoRun O33 - MountPoints2\{562e4ecc-ebc8-11e1-8cba-00123fe41894}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{562e4ecc-ebc8-11e1-8cba-00123fe41894}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{7fd4b3cc-b219-11e0-8a51-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{7fd4b3cc-b219-11e0-8a51-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7fd4b3cc-b219-11e0-8a51-0013ce1a187b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{93777143-acb6-11e0-8a41-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{93777143-acb6-11e0-8a41-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{93777143-acb6-11e0-8a41-0013ce1a187b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{97cf150c-dd93-11e1-8ca9-00123fe41894}\Shell - "" = AutoRun O33 - MountPoints2\{97cf150c-dd93-11e1-8ca9-00123fe41894}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{97cf150c-dd93-11e1-8ca9-00123fe41894}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{97cf1510-dd93-11e1-8ca9-00123fe41894}\Shell - "" = AutoRun O33 - MountPoints2\{97cf1510-dd93-11e1-8ca9-00123fe41894}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{97cf1510-dd93-11e1-8ca9-00123fe41894}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{a136f272-5aef-11e0-898a-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{a136f272-5aef-11e0-898a-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a136f272-5aef-11e0-898a-0013ce1a187b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{d1a6b593-5af3-11e0-898c-0013ce1a187b}\Shell - "" = AutoRun O33 - MountPoints2\{d1a6b593-5af3-11e0-898c-0013ce1a187b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d1a6b593-5af3-11e0-898c-0013ce1a187b}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{ec0962cc-907b-11dc-a29f-00123fe41894}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{fa120ddc-f05d-11e1-8cc1-00123fe41894}\Shell - "" = AutoRun O33 - MountPoints2\{fa120ddc-f05d-11e1-8cc1-00123fe41894}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fa120ddc-f05d-11e1-8cc1-00123fe41894}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-09-22 02:26:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent [2007-10-27 23:03:54 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-09-22 11:17:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2012-09-22 11:17:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-09-22 02:26:11 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT [2012-09-22 02:26:11 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2012-09-21 00:40:08 | 00,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1326574676-839522115-1003Core1cce13a38537c90.job [2012-09-16 20:47:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-09-15 15:41:54 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-09-13 18:41:09 | 00,400,081 | ---- | M] () -- C:\tumblr_m4vqfj0OWn1rrykiqo1_400.gif [2012-08-30 00:36:48 | 05,894,884 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-09-13 18:41:06 | 00,400,081 | ---- | C] () -- C:\tumblr_m4vqfj0OWn1rrykiqo1_400.gif [2011-07-20 15:11:33 | 00,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun [2011-07-08 18:14:31 | 00,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys [2011-07-08 18:13:27 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll [2009-03-22 20:07:51 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009-03-21 18:46:27 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc [2009-03-09 21:47:58 | 05,894,884 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2008-06-13 01:07:43 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll [2008-03-12 22:27:07 | 00,019,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008-03-12 22:03:24 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml [2008-03-12 20:51:38 | 00,000,032 | ---- | C] () -- C:\WINDOWS\SUBCONV.INI [2008-01-12 17:25:24 | 00,000,217 | ---- | C] () -- C:\WINDOWS\maketorrent.ini [2007-10-27 23:04:04 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log [2007-10-27 23:03:54 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe [2007-10-27 23:03:54 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat [2007-10-27 23:03:54 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf [2007-10-17 17:36:37 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini [2007-05-25 15:10:10 | 00,000,418 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-05-23 02:30:24 | 00,003,136 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mpauth.dat [2007-05-12 01:52:03 | 00,003,061 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2007-04-16 18:05:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-04-11 21:12:25 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-04-09 20:00:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2007-04-09 18:24:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll [2007-04-09 18:15:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini [2005-01-12 05:08:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\SafeIE.dll [2004-08-12 08:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll [2004-08-04 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-08-04 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004-08-04 14:00:00 | 00,000,528 | ---- | C] () -- C:\WINDOWS\win.ini [2004-08-04 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [1995-03-14 06:22:21 | 00,000,080 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll [color=#E56717]========== LOP Check ==========[/color] [2007-05-10 17:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2012-03-08 21:34:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2012-07-12 22:25:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2010-03-17 01:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2008-06-20 20:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla [2009-05-30 19:03:51 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore [2009-11-14 22:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009-11-17 19:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.oit [2007-04-09 22:56:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems [2010-07-20 01:12:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\avidemux [2011-04-11 00:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blueconnect [2009-02-01 19:33:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools [2010-03-17 01:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite [2009-02-01 19:33:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro [2010-12-05 20:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EAC [2009-05-17 14:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireShot [2007-06-12 18:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashFXP [2007-04-25 00:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genie-Soft [2007-04-09 18:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GPSoftware [2007-05-15 18:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hulubulu [2008-06-20 20:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ipla [2008-03-18 23:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JAM Software [2011-05-03 20:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mipony [2010-12-05 19:43:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mp3tag [2009-12-20 15:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MySQL [2007-06-29 04:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NeoDownloader [2007-04-12 01:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++ [2011-04-13 19:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera [2007-04-09 20:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit [2012-08-06 23:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plus Internet [2009-01-20 20:51:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Seven Zip [2007-06-10 14:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TextPad [2012-02-22 19:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird [2012-09-22 16:14:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent [2007-04-13 15:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VoipCheapCom [2009-03-09 18:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso [2007-04-11 21:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XnView [2004-08-04 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2012-09-22 11:17:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C45B1B5 < End of report >