OTL logfile created on: 2012-11-07 21:36:28 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mwlasna1\My Documents\Pobieranie Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.17184) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,97% Memory free 3,84 Gb Paging File | 3,32 Gb Available in Paging File | 86,48% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 51,45 Gb Free Space | 69,03% Space Free | Partition Type: NTFS Computer Name: WKL30001-440 | User Name: mwlasna1 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-02 00:43:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mwlasna1\My Documents\Pobieranie\OTL.exe PRC - [2012-10-29 18:33:19 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Mozilla Firefox\firefox.exe PRC - [2010-09-30 13:08:31 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe PRC - [2009-09-12 22:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2009-09-12 22:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2008-04-14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-02-19 14:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-10-29 18:33:18 | 002,295,264 | ---- | M] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Mozilla Firefox\mozjs.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-07-27 09:34:09 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Unknown] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012-07-27 09:33:57 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Unknown] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012-07-27 09:33:46 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Unknown] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012-07-27 09:33:34 | 000,806,912 | ---- | M] (Sophos Plc) [Auto | Unknown] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router) SRV - [2012-07-27 09:33:31 | 000,282,624 | ---- | M] (Sophos Plc) [Auto | Unknown] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent) SRV - [2012-04-11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Unknown] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012-02-20 13:00:00 | 001,052,528 | ---- | M] () [Auto | Unknown] -- C:\WINDOWS\ccmsetup\ccmsetup.exe -- (ccmsetup) SRV - [2009-10-27 23:37:00 | 000,069,632 | ---- | M] (http://www.ocsinventory-ng.org) [Auto | Unknown] -- C:\Program Files\OCS Inventory Agent\OcsService.exe -- (OCS INVENTORY) SRV - [2009-02-08 00:21:08 | 000,188,416 | ---- | M] (CA) [Auto | Unknown] -- C:\Program Files\CA\DSM\bin\caf.exe -- (caf) SRV - [2008-12-09 15:34:20 | 000,147,456 | ---- | M] (CA, Inc.) [Auto | Unknown] -- C:\Program Files\CA\SC\CAM\bin\cam.exe -- (CA-MessageQueuing) SRV - [2008-04-14 13:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) SRV - [2007-02-19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP) DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump) DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt) DRV - File not found [Kernel | System | Unknown] -- -- (Changer) DRV - [2012-07-27 09:34:07 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Unknown] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter) DRV - [2012-07-27 09:34:03 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Unknown] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2012-07-27 09:34:01 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2012-07-27 09:33:57 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Unknown] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl) DRV - [2009-03-17 20:36:54 | 000,026,128 | ---- | M] (CA) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rcSmCard.sys -- (rcSmCard) DRV - [2009-03-17 20:36:54 | 000,009,872 | ---- | M] (CA) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rcVidMpt.sys -- (rcVidCap) DRV - [2008-04-14 13:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) DRV - [2007-08-08 07:17:00 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007-04-23 16:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007-04-10 20:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007-03-26 10:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2007-03-13 13:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-02-19 14:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006-11-02 18:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006-11-02 18:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006-11-02 18:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006-10-05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pl/ [binary data] IE - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.tesco-europe.com;104.*;106.*;108.*;110.*;126.*;;10.* IE - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = plkraisa0001.pl.tesco-europe.com:8080 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Mozilla Firefox\components [2012-10-29 18:33:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Mozilla Firefox\plugins [2012-09-23 17:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mwlasna1\Application Data\mozilla\Extensions [2012-11-03 00:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mwlasna1\Application Data\mozilla\Firefox\Profiles\do7e4k20.default\extensions O1 HOSTS File: ([2008-04-14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O4 - HKLM..\Run: [CAF_SystemTray] C:\Program Files\CA\DSM\bin\cfSysTray.exe (CA) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [DsmSxplog] C:\Program Files\CA\DSM\Bin\sxpstub.exe (CA) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xlReport - Clear Reports.lnk = C:\WINDOWS\Installer\{3D65668E-F9C4-470A-AF5B-F35AABE61480}\NewShortcut1.bat (InstallShield Software Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 15 O15 - HKU\.DEFAULT\..Trusted Domains: tesco-europe.com ([*.pl] * in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: tesco-europe.com ([kra-fs02.pl] file in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: tesco-europe.com ([*.pl] * in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: tesco-europe.com ([kra-fs02.pl] file in Local intranet) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Domains: tesco.org ([hub] http in Local intranet) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Domains: tesco.org ([info.hub] http in Local intranet) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Domains: tesco.org ([search.hub] http in Local intranet) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Domains: tesco.org ([team.hub] http in Local intranet) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Domains: tesco-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Domains: tesco-europe.com ([*.pl] * in Trusted sites) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Domains: tesco-europe.com ([elearning] https in Local intranet) O15 - HKU\S-1-5-21-1659004503-1580818891-682003330-129848\..Trusted Ranges: Range1 ([http] in Trusted sites) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317028154786 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.26) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.7.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pl.tesco-europe.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD6C065-7AD5-4245-9A97-1CA39E0E5053}: DhcpNameServer = 10.0.7.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\CAF: DllName - (C:\Program Files\CA\DSM\Bin\cfwlogon.dll) - C:\Program Files\CA\DSM\Bin\cfWlogon.dll (CA) O20 - Winlogon\Notify\rcHostExt: DllName - (C:\Program Files\CA\DSM\Bin\rcLoginExt.dll) - C:\Program Files\CA\DSM\Bin\rcLoginExt.dll (CA) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-09-26 08:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-07 08:40:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012-11-06 22:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\Application Data\Sun [2012-10-29 18:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Mozilla Firefox [2012-10-29 08:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Sophos [2012-10-15 18:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\FLVPlayer [2012-10-10 06:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\Application Data\Media Player Classic [2012-10-09 21:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Google [2012-10-09 21:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\Temp [2012-10-09 21:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mwlasna1\Application Data\uTorrent [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-07 21:15:41 | 000,355,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2012-11-07 21:15:41 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-11-07 21:15:41 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-11-07 21:10:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2012-11-07 21:10:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-11-07 21:10:36 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys [2012-11-07 08:53:52 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\mwlasna1\NTUSER.DAT [2012-11-07 08:53:52 | 000,000,590 | -HS- | M] () -- C:\Documents and Settings\mwlasna1\ntuser.ini [2012-11-07 08:53:43 | 002,690,034 | -H-- | M] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\IconCache.db [2012-11-07 08:29:40 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\d3d9caps.dat [2012-11-06 00:00:10 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-11-05 22:46:59 | 000,013,579 | ---- | M] () -- C:\Documents and Settings\mwlasna1\Desktop\pomarańczarnia 2009-2010.torrent [2012-11-04 23:32:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-07 08:46:26 | 2136,961,024 | -HS- | C] () -- C:\hiberfil.sys [2012-11-07 08:29:40 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\d3d9caps.dat [2012-11-05 22:47:03 | 000,013,579 | ---- | C] () -- C:\Documents and Settings\mwlasna1\Desktop\pomarańczarnia 2009-2010.torrent [2012-08-28 14:31:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2012-08-20 14:34:31 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-08-10 09:16:13 | 001,052,528 | ---- | C] () -- C:\WINDOWS\ccmsetup.exe.fnb0362@.a03624 [2012-07-31 10:12:02 | 000,045,672 | ---- | C] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2012-07-30 11:24:41 | 002,690,034 | -H-- | C] () -- C:\Documents and Settings\mwlasna1\Local Settings\Application Data\IconCache.db [2012-07-30 11:23:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-07-30 11:15:54 | 000,015,120 | RHS- | C] () -- C:\Documents and Settings\mwlasna1\ntuser.pol [2012-07-30 11:15:52 | 000,000,590 | -HS- | C] () -- C:\Documents and Settings\mwlasna1\ntuser.ini [2012-07-30 11:15:50 | 002,621,440 | -H-- | C] () -- C:\Documents and Settings\mwlasna1\NTUSER.DAT [2011-09-29 07:52:30 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2011-09-29 07:42:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011-09-26 10:25:52 | 000,355,944 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-09-26 10:25:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-09-26 10:25:04 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-09-26 09:11:14 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2011-09-26 08:44:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011-09-26 08:39:34 | 000,021,462 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2011-09-26 08:38:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-09-26 08:36:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2011-09-26 08:34:51 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2011-09-26 08:34:44 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2011-09-26 08:33:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-09-26 08:33:27 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2011-09-26 08:33:27 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2011-09-26 08:33:01 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2011-09-26 08:33:01 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011-06-21 19:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >