Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014 Ran by 1 (administrator) on DELL on 18-02-2014 21:19:48 Running from C:\Documents and Settings\1\Pulpit\CZYSZCZENIE_KOMPA Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Oracle Corporation) C:\Program Files\Java\jre8\bin\jqs.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (TeamViewer GmbH) C:\Documents and Settings\1\Ustawienia lokalne\Temp\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) C:\Documents and Settings\1\Ustawienia lokalne\Temp\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) C:\Documents and Settings\1\Ustawienia lokalne\Temp\TeamViewer\Version7\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {0cdd190a-328b-11e3-94c8-0015c51806e9} - F:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {304b666a-99fb-11e2-916b-0015c51806e9} - F:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {4f206d3e-01bd-11e3-949e-0015c51806e9} - F:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {4f206d41-01bd-11e3-949e-0015c51806e9} - F:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {7f6db3e4-0266-11e3-94a3-0015c51806e9} - F:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {aa18a7d1-d110-11e1-9876-0015c51806e9} - F:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {c07ac506-1081-11e3-94b8-0015c51806e9} - F:\LaunchU3.exe -a HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {c776e887-defe-11e1-9060-0015c51806e9} - H:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {c776e88a-defe-11e1-9060-0015c51806e9} - H:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {f0e689fb-defa-11e1-b697-0015c51806e9} - F:\AutoRun.exe HKU\S-1-5-21-527237240-1958367476-1801674531-1003\...\MountPoints2: {f85d633b-6d24-11e2-902d-0015c51806e9} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22apple.com/newtab?utm_source=b&ch=sof&uid=FUJITSUXMHT2040AH_NP0JT4C2JAPAT4C2JAPAX®=1358960960 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0AEDE31F-9B47-4E6E-8342-FA272879163B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=61D9507C-254A-4A43-B28B-6A3B4A54542A&apn_sauid=D92772FE-0E3A-4C4E-A0CD-C50BB1173347 SearchScopes: HKCU - {4DC9D07E-8B4B-4985-A659-A5E5B5F5EC66} URL = http://szukaj.gazeta.pl/portalSearch.do?s.si(navigation).navigationEnabled=true&s.sm.query={searchTerms} SearchScopes: HKCU - {752ABF17-1A3C-CF08-4194-51A635E55672} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=010712_4&babsrc=SP_ss&mntrId=b0b3f6110000000000000015c51806e9 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\1\Dane aplikacji\Mozilla\Firefox\Profiles\eqhphdxz.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.0.0 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.0 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: No Name - C:\Documents and Settings\1\Dane aplikacji\Mozilla\Firefox\Profiles\eqhphdxz.default\Extensions\staged [2013-10-11] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR Extension: (Google Wallet) - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13] ========================== Services (Whitelisted) ================= R2 JavaQuickStarterService; C:\Program Files\Java\jre8\bin\jqs.exe [161752 2013-08-26] (Oracle Corporation) R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation) R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation) ==================== Drivers (Whitelisted) ==================== R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2014-02-18] (REALiX(tm)) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation) R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.) S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation) S0 cerc6; No ImagePath S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 UIUSys; system32\drivers\UIUSys.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-18 21:19 - 2014-02-18 21:19 - 00000000 ____D () C:\FRST 2014-02-18 21:02 - 2014-02-18 21:09 - 00000000 ____D () C:\AdwCleaner 2014-02-18 20:44 - 2014-02-18 20:44 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS 2014-02-18 20:44 - 2014-02-18 20:44 - 00017992 _____ () C:\WINDOWS\setupapi.log 2014-02-18 20:44 - 2014-02-18 20:44 - 00000000 ____D () C:\Program Files\HWiNFO32 2014-02-18 20:44 - 2014-02-18 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\HWiNFO32 2014-02-18 20:28 - 2014-02-18 20:29 - 00001503 _____ () C:\Documents and Settings\1\Pulpit\Paint.lnk 2014-02-18 20:21 - 2014-02-18 20:21 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-18 20:15 - 2014-02-18 21:19 - 00000000 ____D () C:\Documents and Settings\1\Pulpit\CZYSZCZENIE_KOMPA 2014-02-18 20:13 - 2012-10-29 21:47 - 03936848 _____ (TeamViewer GmbH) C:\Documents and Settings\1\Pulpit\TeamViewer_7_Setup_pl.exe 2014-02-18 18:59 - 2014-02-18 18:59 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\TeamViewer 2014-01-29 11:05 - 2014-01-29 11:05 - 00031744 _____ () C:\Documents and Settings\1\Moje dokumenty\Rescue.asd ==================== One Month Modified Files and Folders ======= 2014-02-18 21:19 - 2014-02-18 21:19 - 00000000 ____D () C:\FRST 2014-02-18 21:19 - 2014-02-18 20:15 - 00000000 ____D () C:\Documents and Settings\1\Pulpit\CZYSZCZENIE_KOMPA 2014-02-18 21:10 - 2012-07-07 13:16 - 00000000 ___RD () C:\Documents and Settings\1\Pulpit 2014-02-18 21:09 - 2014-02-18 21:02 - 00000000 ____D () C:\AdwCleaner 2014-02-18 21:08 - 2012-07-07 13:07 - 01929335 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-18 21:07 - 2012-07-24 01:22 - 00001022 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-18 21:07 - 2012-07-07 14:57 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-02-18 21:07 - 2012-07-07 14:57 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-02-18 21:07 - 2012-07-07 13:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-02-18 21:07 - 2008-04-15 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-02-18 21:06 - 2012-07-07 13:16 - 00000188 ___SH () C:\Documents and Settings\1\ntuser.ini 2014-02-18 21:06 - 2012-07-07 13:15 - 00032492 _____ () C:\WINDOWS\SchedLgU.Txt 2014-02-18 21:05 - 2012-07-07 14:53 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-02-18 21:05 - 2012-07-07 13:16 - 00000000 __RHD () C:\Documents and Settings\1\Dane aplikacji 2014-02-18 21:05 - 2012-07-07 13:16 - 00000000 ___HD () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji 2014-02-18 20:58 - 2012-07-24 01:22 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-18 20:44 - 2014-02-18 20:44 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS 2014-02-18 20:44 - 2014-02-18 20:44 - 00017992 _____ () C:\WINDOWS\setupapi.log 2014-02-18 20:44 - 2014-02-18 20:44 - 00000000 ____D () C:\Program Files\HWiNFO32 2014-02-18 20:44 - 2014-02-18 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\HWiNFO32 2014-02-18 20:44 - 2012-07-07 14:53 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-02-18 20:34 - 2012-07-07 13:48 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-02-18 20:29 - 2014-02-18 20:28 - 00001503 _____ () C:\Documents and Settings\1\Pulpit\Paint.lnk 2014-02-18 20:26 - 2012-07-07 14:53 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-02-18 20:26 - 2012-07-07 13:16 - 00000000 ___RD () C:\Documents and Settings\1\Menu Start\Programy\Autostart 2014-02-18 20:24 - 2012-07-07 13:16 - 00000000 ____D () C:\Documents and Settings\1 2014-02-18 20:21 - 2014-02-18 20:21 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-18 20:17 - 2012-07-07 13:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty\Moje obrazy 2014-02-18 20:17 - 2012-07-07 13:04 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty\Moja muzyka 2014-02-18 19:29 - 2012-08-27 13:34 - 00000000 ____D () C:\Documents and Settings\1\Moje dokumenty\Pobieranie 2014-02-18 19:28 - 2012-07-07 13:16 - 00000000 ___RD () C:\Documents and Settings\1\Moje dokumenty 2014-02-18 18:59 - 2014-02-18 18:59 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\TeamViewer 2014-02-18 18:39 - 2012-07-07 13:16 - 00001027 _____ () C:\Documents and Settings\1\Menu Start\Programy\Internet Explorer.lnk 2014-02-18 18:38 - 2012-07-07 14:45 - 00000000 ____D () C:\WINDOWS\system32\pl-pl 2014-02-18 18:38 - 2012-07-07 14:45 - 00000000 ____D () C:\WINDOWS\Help 2014-02-18 18:36 - 2012-08-18 17:24 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-02-18 18:24 - 2012-11-16 14:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-18 18:22 - 2012-07-07 14:53 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2014-02-18 18:14 - 2012-09-05 20:25 - 00000000 ____D () C:\Program Files\Java 2014-02-11 10:07 - 2012-07-08 21:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-02-04 22:13 - 2013-07-24 16:03 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-02-04 21:06 - 2012-07-24 01:25 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-02-04 20:37 - 2012-07-07 13:48 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-02-04 20:37 - 2012-07-07 13:48 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-02-04 20:35 - 2014-01-07 17:35 - 05556104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2014-02-04 20:25 - 2012-08-18 17:33 - 00030780 _____ () C:\WINDOWS\system32\TZLog.log 2014-02-04 20:13 - 2012-07-07 14:53 - 00269392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-01-29 11:05 - 2014-01-29 11:05 - 00031744 _____ () C:\Documents and Settings\1\Moje dokumenty\Rescue.asd Some content of TEMP: ==================== C:\Documents and Settings\1\Ustawienia lokalne\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================