Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by UserXP (ATTENTION: The logged in user is not administrator) on EWA on 20-03-2014 18:37:56 Running from C:\Documents and Settings\UserXP\Pulpit Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\EeePC ACPI\AsTray.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-18] (Synaptics, Inc.) HKLM\...\Run: [AsusTray] - C:\Program Files\Asus\EeePC ACPI\AsTray.exe [102400 2008-03-27] (ASUSTeK Computer Inc.) HKLM\...\Run: [AsusACPIServer] - C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe [544768 2008-03-20] (ASUSTeK Computer Inc.) HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16858112 2008-03-07] (Realtek Semiconductor Corp.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET) HKLM\...\Run: [vProt] - "C:\Program Files\AVG Secure Search\vprot.exe" HKLM\...\Run: [ROC_ROC_NT] - C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe [856160 2002-01-07] () HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\S-1-5-21-823518204-2025429265-515967899-1004\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKU\S-1-5-21-823518204-2025429265-515967899-1004\...\Policies\Explorer: [NoDriveAutoRun] 0xE0FFFF03 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={AD12BFE1-41B1-4883-9F5D-180A8C95D59A}&mid=c7e2edea352247dc9719d15ce90f3c7e-f5571237aa2fd7b8ec7ea582903554d222f1e1f1&lang=pl&ds=xn011&pr=sa&d=2002-01-07 04:37:09&v=12.2.5.34&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\UserXP\Dane aplikacji\Mozilla\Firefox\Profiles\xq9g0okq.default FF DefaultSearchEngine: AVG Secure Search FF Homepage: https://isearch.avg.com?cid=%7B50f957d1-fbce-4d10-81d5-1f2a5ac91805%7D&mid=c7e2edea352247dc9719d15ce90f3c7e-f5571237aa2fd7b8ec7ea582903554d222f1e1f1&ds=xn011&v=12.2.5.34&lang=pl&pr=sa&d=2002-01-07%2004%3A37%3A09&sap=hp FF Keyword.URL: https://isearch.avg.com/search?cid=%7B50f957d1-fbce-4d10-81d5-1f2a5ac91805%7D&mid=c7e2edea352247dc9719d15ce90f3c7e-f5571237aa2fd7b8ec7ea582903554d222f1e1f1&ds=xn011&v=12.2.5.34&lang=pl&pr=sa&d=2002-01-07%2004%3A37%3A09&sap=ku&q= FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\UserXP\Dane aplikacji\Mozilla\Firefox\Profiles\xq9g0okq.default\searchplugins\avg-secure-search.xml FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-27] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-09-09] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-07-27] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search\12.2.5.34\ FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search\12.2.5.34\ [] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: No Name - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-18] ========================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153392 2012-07-27] (Sun Microsystems, Inc.) R2 Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.) S2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [546976 2007-05-03] (Atheros Communications, Inc.) R3 AsusACPI; C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys [11264 2007-07-26] (ASUSTeK Computer Inc.) R3 AtcL002; C:\WINDOWS\System32\DRIVERS\l251x86.sys [30208 2008-12-31] (Atheros Communications, Inc.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [27496 2002-01-07] (AVG Technologies) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [160816 2012-03-14] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [104160 2012-03-14] (ESET) R3 hht_vmouse; C:\WINDOWS\System32\DRIVERS\hht_vmouse.sys [6656 2011-01-12] (Hitevision) R3 hhusb5; C:\WINDOWS\System32\DRIVERS\hhusb5.sys [30264 2010-01-13] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories) S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories) S3 catchme; \??\C:\DOCUME~1\WŁAŚCI~1\USTAWI~1\Temp\catchme.sys [X] U3 TlntSvr; S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-20 18:37 - 2014-03-20 18:37 - 00011149 _____ () C:\Documents and Settings\UserXP\Pulpit\FRST.txt 2014-03-20 18:31 - 2014-03-20 18:31 - 00000000 ____D () C:\FRST 2014-03-20 18:23 - 2014-03-20 18:23 - 00058184 _____ () C:\Documents and Settings\UserXP\Pulpit\OTL.Txt 2014-03-20 18:23 - 2014-03-20 18:23 - 00017932 _____ () C:\Documents and Settings\UserXP\Pulpit\Extras.Txt 2014-03-20 15:25 - 2014-03-20 15:25 - 00987448 _____ () C:\Documents and Settings\UserXP\Pulpit\SecurityCheck.exe 2014-03-20 15:25 - 2014-03-20 15:25 - 00000000 ____D () C:\Documents and Settings\UserXP\Moje dokumenty\Pobieranie 2014-03-20 15:17 - 2014-03-20 15:17 - 00380416 _____ () C:\Documents and Settings\UserXP\Pulpit\66pf90me.exe 2014-03-20 15:14 - 2014-03-20 15:14 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\UserXP\Pulpit\OTL.exe 2014-03-20 15:13 - 2014-03-20 15:13 - 01145856 _____ (Farbar) C:\Documents and Settings\UserXP\Pulpit\FRST.exe 2014-03-20 15:06 - 2014-03-20 15:06 - 01950720 _____ () C:\Documents and Settings\UserXP\Pulpit\adwcleaner.exe 2014-03-20 14:59 - 2014-03-20 14:59 - 00000000 ____D () C:\Documents and Settings\UserXP\Dane aplikacji\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D} 2014-03-20 14:55 - 2014-03-20 14:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache 2014-03-20 14:41 - 2014-03-20 14:41 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache 2014-03-20 14:40 - 2014-03-20 14:48 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-03-20 14:40 - 2010-09-02 14:59 - 00001503 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2014-03-20 14:40 - 2010-09-02 14:58 - 00000696 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk 2014-03-20 14:40 - 2010-09-02 14:55 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 __SHD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-03-20 14:40 - 2010-09-02 14:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty 2014-03-20 14:36 - 2014-03-20 14:36 - 00000087 _____ () C:\WINDOWS\system32\EpfwUser.dat 2014-03-20 14:15 - 2014-03-20 14:15 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868626$ 2014-03-20 14:13 - 2014-03-20 14:15 - 00014771 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-20 14:12 - 2014-03-20 14:13 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2916036$ 2014-03-20 14:12 - 2014-03-20 14:12 - 00006780 _____ () C:\WINDOWS\KB2900986.log 2014-03-20 14:12 - 2014-03-20 14:12 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2900986$ 2014-03-20 14:11 - 2014-03-20 14:12 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2847311$ 2014-03-20 14:11 - 2014-03-20 14:11 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-20 14:11 - 2014-03-20 14:11 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2898715$ 2014-03-20 14:09 - 2014-03-20 14:10 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2864063$ 2014-03-20 14:08 - 2014-03-20 14:08 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862152$ 2014-03-20 14:07 - 2014-03-20 14:07 - 00000000 ____D () C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Skype 2014-03-20 14:06 - 2014-03-20 14:06 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2876331$ 2014-03-20 14:05 - 2014-03-20 14:05 - 00001880 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-03-20 14:05 - 2014-03-20 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2014-03-20 14:04 - 2014-03-20 14:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2893294$ 2014-03-20 14:04 - 2014-03-20 14:04 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-20 14:02 - 2014-03-20 14:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2892075$ 2014-03-20 14:00 - 2014-03-20 14:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2914368$ 2014-03-20 13:59 - 2014-03-20 14:02 - 00004755 _____ () C:\WINDOWS\KB2914368.log 2014-03-18 16:31 - 2014-03-20 14:16 - 00016831 _____ () C:\WINDOWS\KB2868626.log 2014-03-18 16:28 - 2014-03-20 14:13 - 00012008 _____ () C:\WINDOWS\KB2916036.log 2014-03-18 16:28 - 2014-03-20 14:12 - 00011183 _____ () C:\WINDOWS\KB2847311.log 2014-03-18 16:27 - 2014-03-20 14:11 - 00011459 _____ () C:\WINDOWS\KB2898715.log 2014-03-18 16:26 - 2014-03-20 14:11 - 00010144 _____ () C:\WINDOWS\KB2929961.log 2014-03-18 16:19 - 2014-03-20 14:49 - 00000232 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-03-18 16:19 - 2014-03-20 13:56 - 00000226 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-03-18 16:14 - 2014-03-18 16:14 - 00004434 _____ () C:\WINDOWS\KB2862335.log 2014-03-18 16:14 - 2014-03-18 16:14 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862335$ 2014-03-18 16:13 - 2014-03-18 16:14 - 00003830 _____ () C:\WINDOWS\KB2904266.log 2014-03-18 16:13 - 2014-03-18 16:14 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2904266$ 2014-03-18 16:13 - 2014-03-18 16:13 - 00004776 _____ () C:\WINDOWS\KB2868038.log 2014-03-18 16:13 - 2014-03-18 16:13 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868038$ 2014-03-18 16:12 - 2014-03-18 16:13 - 00003729 _____ () C:\WINDOWS\KB2934207.log 2014-03-18 16:12 - 2014-03-18 16:12 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 16:11 - 2014-03-18 16:11 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862330$ 2014-03-18 16:07 - 2014-03-18 16:11 - 00004067 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-03-18 16:00 - 2014-03-18 16:00 - 00000000 ____D () C:\Program Files\ESET 2014-03-18 16:00 - 2014-03-18 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ESET 2014-03-18 16:00 - 2014-03-18 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ESET 2014-03-18 14:44 - 2013-07-03 03:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2014-03-18 14:44 - 2013-07-03 02:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys 2014-03-18 14:39 - 2014-03-18 14:39 - 00000000 __SHD () C:\FOUND.011 2014-03-18 14:29 - 2014-03-20 14:10 - 00011903 _____ () C:\WINDOWS\KB2864063.log 2014-03-18 14:29 - 2014-03-18 14:30 - 00002705 _____ () C:\WINDOWS\KB2876217.log 2014-03-18 14:29 - 2014-03-18 14:29 - 00003008 _____ () C:\WINDOWS\KB2930275.log 2014-03-18 14:28 - 2014-03-20 14:09 - 00009997 _____ () C:\WINDOWS\KB2862152.log 2014-03-18 14:28 - 2014-03-20 14:07 - 00009388 _____ () C:\WINDOWS\KB2876331.log 2014-03-18 14:27 - 2014-03-20 14:06 - 00008715 _____ () C:\WINDOWS\KB2893294.log 2014-03-18 14:27 - 2013-07-17 01:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2014-03-18 14:27 - 2013-07-17 01:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys 2014-03-18 14:24 - 2014-03-20 14:03 - 00008230 _____ () C:\WINDOWS\KB2892075.log 2014-03-18 14:24 - 2014-02-27 00:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-18 14:24 - 2014-02-27 00:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-18 14:23 - 2013-08-09 01:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys 2014-03-18 14:23 - 2013-08-09 01:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2014-02-23 17:18 - 2014-02-23 17:18 - 00013104 _____ () C:\Documents and Settings\UserXP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT ==================== One Month Modified Files and Folders ======= 2014-03-20 18:37 - 2014-03-20 18:37 - 00011149 _____ () C:\Documents and Settings\UserXP\Pulpit\FRST.txt 2014-03-20 18:31 - 2014-03-20 18:31 - 00000000 ____D () C:\FRST 2014-03-20 18:23 - 2014-03-20 18:23 - 00058184 _____ () C:\Documents and Settings\UserXP\Pulpit\OTL.Txt 2014-03-20 18:23 - 2014-03-20 18:23 - 00017932 _____ () C:\Documents and Settings\UserXP\Pulpit\Extras.Txt 2014-03-20 16:15 - 2012-09-09 16:10 - 00001000 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-823518204-2025429265-515967899-1003Core.job 2014-03-20 15:55 - 2013-08-31 11:07 - 00001044 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-20 15:25 - 2014-03-20 15:25 - 00987448 _____ () C:\Documents and Settings\UserXP\Pulpit\SecurityCheck.exe 2014-03-20 15:25 - 2014-03-20 15:25 - 00000000 ____D () C:\Documents and Settings\UserXP\Moje dokumenty\Pobieranie 2014-03-20 15:17 - 2014-03-20 15:17 - 00380416 _____ () C:\Documents and Settings\UserXP\Pulpit\66pf90me.exe 2014-03-20 15:14 - 2014-03-20 15:14 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\UserXP\Pulpit\OTL.exe 2014-03-20 15:13 - 2014-03-20 15:13 - 01145856 _____ (Farbar) C:\Documents and Settings\UserXP\Pulpit\FRST.exe 2014-03-20 15:06 - 2014-03-20 15:06 - 01950720 _____ () C:\Documents and Settings\UserXP\Pulpit\adwcleaner.exe 2014-03-20 14:59 - 2014-03-20 14:59 - 00000000 ____D () C:\Documents and Settings\UserXP\Dane aplikacji\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D} 2014-03-20 14:58 - 2010-09-02 14:55 - 01451649 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-20 14:55 - 2014-03-20 14:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache 2014-03-20 14:50 - 2013-08-31 11:07 - 00001040 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-20 14:49 - 2014-03-18 16:19 - 00000232 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-03-20 14:49 - 2013-08-31 11:06 - 00000324 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-03-20 14:49 - 2010-09-02 15:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-20 14:49 - 2010-09-02 14:43 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-20 14:48 - 2014-03-20 14:40 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-03-20 14:41 - 2014-03-20 14:41 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache 2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-03-20 14:38 - 2010-09-02 15:09 - 00032538 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-20 14:38 - 2010-09-02 14:43 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-03-20 14:36 - 2014-03-20 14:36 - 00000087 _____ () C:\WINDOWS\system32\EpfwUser.dat 2014-03-20 14:35 - 2010-09-02 14:38 - 00095072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-20 14:31 - 2010-09-02 15:20 - 00000188 ___SH () C:\Documents and Settings\Właściciel\ntuser.ini 2014-03-20 14:16 - 2014-03-18 16:31 - 00016831 _____ () C:\WINDOWS\KB2868626.log 2014-03-20 14:16 - 2012-08-02 13:06 - 00256615 _____ () C:\WINDOWS\setupapi.log 2014-03-20 14:16 - 2010-09-03 13:50 - 00103585 _____ () C:\WINDOWS\updspapi.log 2014-03-20 14:16 - 2010-09-02 14:40 - 01353260 _____ () C:\WINDOWS\FaxSetup.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00697968 _____ () C:\WINDOWS\ocgen.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00522629 _____ () C:\WINDOWS\tsoc.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00460896 _____ () C:\WINDOWS\comsetup.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00277839 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00213813 _____ () C:\WINDOWS\iis6.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00084647 _____ () C:\WINDOWS\ocmsn.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00066531 _____ () C:\WINDOWS\msgsocm.log 2014-03-20 14:16 - 2010-09-02 14:40 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-20 14:15 - 2014-03-20 14:15 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868626$ 2014-03-20 14:15 - 2014-03-20 14:13 - 00014771 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-20 14:15 - 2010-09-02 14:40 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-20 14:13 - 2014-03-20 14:12 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2916036$ 2014-03-20 14:13 - 2014-03-18 16:28 - 00012008 _____ () C:\WINDOWS\KB2916036.log 2014-03-20 14:12 - 2014-03-20 14:12 - 00006780 _____ () C:\WINDOWS\KB2900986.log 2014-03-20 14:12 - 2014-03-20 14:12 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2900986$ 2014-03-20 14:12 - 2014-03-20 14:11 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2847311$ 2014-03-20 14:12 - 2014-03-18 16:28 - 00011183 _____ () C:\WINDOWS\KB2847311.log 2014-03-20 14:11 - 2014-03-20 14:11 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-20 14:11 - 2014-03-20 14:11 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2898715$ 2014-03-20 14:11 - 2014-03-18 16:27 - 00011459 _____ () C:\WINDOWS\KB2898715.log 2014-03-20 14:11 - 2014-03-18 16:26 - 00010144 _____ () C:\WINDOWS\KB2929961.log 2014-03-20 14:10 - 2014-03-20 14:09 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2864063$ 2014-03-20 14:10 - 2014-03-18 14:29 - 00011903 _____ () C:\WINDOWS\KB2864063.log 2014-03-20 14:09 - 2014-03-18 14:28 - 00009997 _____ () C:\WINDOWS\KB2862152.log 2014-03-20 14:08 - 2014-03-20 14:08 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862152$ 2014-03-20 14:07 - 2014-03-20 14:07 - 00000000 ____D () C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Skype 2014-03-20 14:07 - 2014-03-18 14:28 - 00009388 _____ () C:\WINDOWS\KB2876331.log 2014-03-20 14:06 - 2014-03-20 14:06 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2876331$ 2014-03-20 14:06 - 2014-03-18 14:27 - 00008715 _____ () C:\WINDOWS\KB2893294.log 2014-03-20 14:05 - 2014-03-20 14:05 - 00001880 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-03-20 14:05 - 2014-03-20 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2014-03-20 14:04 - 2014-03-20 14:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2893294$ 2014-03-20 14:04 - 2014-03-20 14:04 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-20 14:04 - 2013-09-02 08:32 - 00009185 _____ () C:\WINDOWS\KB2803821-v2.log 2014-03-20 14:03 - 2014-03-18 14:24 - 00008230 _____ () C:\WINDOWS\KB2892075.log 2014-03-20 14:02 - 2014-03-20 14:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2892075$ 2014-03-20 14:02 - 2014-03-20 13:59 - 00004755 _____ () C:\WINDOWS\KB2914368.log 2014-03-20 14:00 - 2014-03-20 14:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2914368$ 2014-03-20 13:56 - 2014-03-18 16:19 - 00000226 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-03-20 13:55 - 2010-09-02 08:51 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-18 16:14 - 2014-03-18 16:14 - 00004434 _____ () C:\WINDOWS\KB2862335.log 2014-03-18 16:14 - 2014-03-18 16:14 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862335$ 2014-03-18 16:14 - 2014-03-18 16:13 - 00003830 _____ () C:\WINDOWS\KB2904266.log 2014-03-18 16:14 - 2014-03-18 16:13 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2904266$ 2014-03-18 16:14 - 2010-09-06 14:48 - 00037020 _____ () C:\WINDOWS\system32\TZLog.log 2014-03-18 16:13 - 2014-03-18 16:13 - 00004776 _____ () C:\WINDOWS\KB2868038.log 2014-03-18 16:13 - 2014-03-18 16:13 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868038$ 2014-03-18 16:13 - 2014-03-18 16:12 - 00003729 _____ () C:\WINDOWS\KB2934207.log 2014-03-18 16:12 - 2014-03-18 16:12 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 16:11 - 2014-03-18 16:11 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862330$ 2014-03-18 16:11 - 2014-03-18 16:07 - 00004067 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-03-18 16:09 - 2010-09-02 14:38 - 00277227 _____ () C:\WINDOWS\setupact.log 2014-03-18 16:00 - 2014-03-18 16:00 - 00000000 ____D () C:\Program Files\ESET 2014-03-18 16:00 - 2014-03-18 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ESET 2014-03-18 16:00 - 2014-03-18 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ESET 2014-03-18 14:39 - 2014-03-18 14:39 - 00000000 __SHD () C:\FOUND.011 2014-03-18 14:30 - 2014-03-18 14:29 - 00002705 _____ () C:\WINDOWS\KB2876217.log 2014-03-18 14:29 - 2014-03-18 14:29 - 00003008 _____ () C:\WINDOWS\KB2930275.log 2014-02-27 00:28 - 2014-03-18 14:24 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-02-27 00:28 - 2014-03-18 14:24 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-02-24 17:05 - 2010-09-02 10:50 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 17:05 - 2010-09-02 08:50 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 12:35 - 2012-07-27 13:40 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 12:35 - 2010-09-06 14:28 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 12:35 - 2010-09-06 14:28 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 12:35 - 2010-09-06 14:28 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 12:35 - 2010-09-06 14:28 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 12:35 - 2010-09-06 14:28 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 12:35 - 2010-09-06 14:28 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 12:35 - 2010-09-06 14:28 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 12:35 - 2010-09-02 14:53 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 12:35 - 2010-09-02 10:50 - 01216000 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 12:35 - 2010-09-02 10:50 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 12:35 - 2010-09-02 08:50 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 12:35 - 2010-09-02 08:50 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 12:35 - 2010-09-02 08:49 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 12:35 - 2010-09-02 08:49 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 12:35 - 2010-09-02 08:49 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 12:35 - 2010-09-02 08:49 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 06022144 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 12:35 - 2010-09-02 08:48 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 12:35 - 2010-09-02 08:48 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 12:35 - 2010-09-02 08:48 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 12:35 - 2010-09-02 08:47 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 12:35 - 2010-09-02 08:47 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 12:35 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 12:35 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 12:35 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 12:35 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 11:59 - 2010-09-02 08:48 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-24 11:59 - 2010-09-02 08:48 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 11:59 - 2010-09-02 08:48 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-23 17:18 - 2014-02-23 17:18 - 00013104 _____ () C:\Documents and Settings\UserXP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-02-23 09:46 - 2010-09-02 14:58 - 00002596 _____ () C:\WINDOWS\system32\CONFIG.NT Some content of TEMP: ==================== C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2010-09-02 08:47] - [2008-04-15 12:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2010-09-02 08:50] - [2008-04-15 12:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2010-09-02 08:50] - [2008-04-15 12:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2010-09-02 08:50] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2010-09-02 08:50] - [2008-04-15 12:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2010-09-02 08:50] - [2008-04-15 12:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2010-09-02 08:50] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2010-09-02 08:50] - [2008-04-15 12:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================