Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014 Ran by SYSTEM on MiniXP on 21-05-2014 08:07:52 Running from D:\ Platform: Microsoft Windows XP (X86) OS Language: Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BatteryManager] => C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [1933312 2005-08-18] () HKLM\...\Run: [MagicKeyboard] => C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [151552 2005-04-11] () HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-07-27] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [860160 2004-08-06] (Analog Devices, Inc.) HKLM\...\Run: [AGRSMMSG] => C:\Windows\AGRSMMSG.exe [88209 2005-03-04] (Agere Systems) HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [102492 2005-02-02] (Synaptics, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [692316 2005-02-02] (Synaptics, Inc.) HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3744552 2011-11-28] (AVAST Software) HKLM\...\Run: [DataCardMonitor] => C:\Program Files\blueconnect\DataCardMonitor.exe [249856 2011-10-29] (Huawei Technologies Co., Ltd.) HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-18] (APN) HKLM\...\Run: [FromDocToPDF Search Scope Monitor] => C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [44784 2013-06-08] (MindSpark) HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-06-08] (VER_COMPANY_NAME) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\Daniel\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKU\Daniel\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\Daniel\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-27] (Google Inc.) HKU\Daniel\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\Daniel\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll => c:\docume~1\alluse~1\daneap~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll File Not Found ========================== Services (Whitelisted) ================= S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-18] (APN LLC.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-11-28] (AVAST Software) S2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) S2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-06-08] (COMPANYVERS_NAME) S2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1863984 2014-04-07] () S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [57344 2006-07-21] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) S2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) S2 Update LinkSwift; C:\Program Files\LinkSwift\updateLinkSwift.exe [317728 2014-05-17] () S2 Util LinkSwift; C:\Program Files\LinkSwift\bin\utilLinkSwift.exe [317728 2014-05-19] () S2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [217088 2006-08-04] (VMware, Inc.) S2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [106496 2006-08-04] (VMware, Inc.) S2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [262144 2006-08-04] (VMware, Inc.) S2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [135168 2006-08-04] (VMware, Inc.) S2 winmgmt; C:\Documents and Settings\All Users\Dane aplikacji\2992199F9A\0ve1t79.cpp [164864 2014-05-18] () S4 Browser Manager; C:\Documents and Settings\All Users\Dane aplikacji\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [X] ==================== Drivers (Whitelisted) ==================== S1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [30808 2011-11-28] (AVAST Software) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20568 2011-11-28] (AVAST Software) S2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [111320 2011-11-28] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [34392 2011-11-28] (AVAST Software) S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [435032 2011-11-28] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [314456 2011-11-28] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [52952 2011-11-28] (AVAST Software) S2 DOSMEMIO; C:\WINDOWS\system32\MEMIO.SYS [4300 2011-06-09] () S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-08-26] (DT Soft Ltd) S3 filtertdidriver; C:\Windows\System32\drivers\ewfiltertdidriver.sys [7552 2011-01-16] (Huawei Technologies Co., Ltd.) S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.) S2 hcmon; C:\WINDOWS\system32\Drivers\hcmon.sys [22016 2006-08-04] (VMware, Inc.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [69760 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.) S1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] () S2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) S0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [62336 2009-09-10] (Silicon Image, Inc.) S0 Si3114r5; C:\Windows\System32\Drivers\Si3114r5.sys [195072 2009-09-10] (Silicon Image, Inc) S0 Si3124; C:\Windows\System32\Drivers\Si3124.sys [69248 2009-09-10] (Silicon Image, Inc.) S0 Si3132; C:\Windows\System32\Drivers\Si3132.sys [74672 2009-09-10] (Silicon Image, Inc.) S0 Si3132r5; C:\Windows\System32\Drivers\Si3132r5.sys [215856 2009-09-10] (Silicon Image, Inc) S0 Si3531; C:\Windows\System32\Drivers\Si3531.sys [212520 2009-09-10] (Silicon Image, Inc) S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [9600 2006-08-04] (VMware, Inc.) S2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [23296 2006-08-04] (VMware, Inc.) S2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [15616 2006-08-04] (VMware, Inc.) S2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [94848 2006-08-04] (VMware, Inc.) S2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [11520 2006-08-04] (VMware, Inc.) S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [3281408 2005-04-30] (Intel® Corporation) S3 wowfilter; C:\Windows\System32\drivers\wowfilter.sys [17792 2005-06-08] () S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [9984 2011-08-10] (ZTE) S1 {25d71abf-7776-46f5-a269-9951331f9030}t; C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}t.sys [55224 2014-04-24] (StdLib) S3 ADDMEM; \??\C:\DOCUME~1\Daniel\USTAWI~1\Temp\__Samsung_Update\ADDMEM.SYS [X] S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.) S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-21 08:07 - 2014-05-21 08:07 - 00000000 ___DC () C:\FRST 2014-05-20 21:49 - 2014-05-20 21:49 - 00001543 _____ () C:\Windows\System32\Administrator_KBD.ini 2014-05-20 19:48 - 2014-05-20 21:51 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-05-20 19:48 - 2014-05-20 21:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji 2014-05-20 19:48 - 2014-05-20 21:49 - 00000000 ___RD () C:\Documents and Settings\Administrator\Ulubione 2014-05-20 19:48 - 2014-05-20 21:49 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty 2014-05-20 19:48 - 2011-09-26 08:16 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-05-20 19:48 - 2011-06-09 20:10 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2014-05-20 19:48 - 2011-06-09 20:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-05-20 19:48 - 2011-06-09 18:23 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache 2014-05-20 19:48 - 2011-06-09 18:18 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony 2014-05-20 19:44 - 2014-05-20 19:44 - 00000000 __SHD () C:\Windows\CSC 2014-05-19 19:06 - 2004-05-12 02:21 - 00090112 _____ () C:\Windows\System32\test.dll 2014-05-14 16:26 - 2014-05-14 16:26 - 00000000 ____D () C:\Windows\System32\jmdp 2014-05-13 16:50 - 2014-05-13 16:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-12 20:30 - 2014-05-12 20:30 - 00000000 ____D () C:\Program Files\Sony 2014-05-02 06:46 - 2014-05-02 06:46 - 00012983 _____ () C:\Windows\KB2964358-IE8.log 2014-04-27 13:20 - 2014-04-24 10:17 - 00055224 _____ (StdLib) C:\Windows\System32\Drivers\{25d71abf-7776-46f5-a269-9951331f9030}t.sys 2014-04-24 22:15 - 2014-04-24 22:15 - 00000000 __HDC () C:\Windows\$NtUninstallKB2922229$ 2014-04-24 22:11 - 2014-04-24 22:12 - 00019825 _____ () C:\Windows\KB2936068-IE8.log 2014-04-24 20:53 - 2014-04-24 22:16 - 00029246 _____ () C:\Windows\KB2922229.log ==================== One Month Modified Files and Folders ======= 2014-05-21 08:07 - 2014-05-21 08:07 - 00000000 ___DC () C:\FRST 2014-05-20 23:58 - 2011-06-09 18:55 - 00000000 ___RD () C:\Documents and Settings\Daniel\Moje dokumenty 2014-05-20 23:39 - 2011-06-09 18:21 - 01911008 _____ () C:\Windows\WindowsUpdate.log 2014-05-20 22:19 - 2011-09-15 18:28 - 08405015 _____ () C:\Windows\TempFile 2014-05-20 22:18 - 2011-08-26 11:37 - 00071672 _____ () C:\Windows\error.log 2014-05-20 22:18 - 2011-08-26 11:37 - 00023478 _____ () C:\Windows\errord.log 2014-05-20 22:18 - 2011-06-09 19:06 - 00001543 _____ () C:\Windows\System32\Daniel_KBD.ini 2014-05-20 22:17 - 2011-06-09 18:34 - 00032426 _____ () C:\Windows\SchedLgU.Txt 2014-05-20 22:10 - 2011-06-09 18:55 - 00000188 ___SH () C:\Documents and Settings\Daniel\ntuser.ini 2014-05-20 22:07 - 2011-06-09 18:55 - 00000000 __RHD () C:\Documents and Settings\Daniel\Dane aplikacji 2014-05-20 21:51 - 2014-05-20 19:48 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-05-20 21:50 - 2014-05-20 19:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji 2014-05-20 21:49 - 2014-05-20 21:49 - 00001543 _____ () C:\Windows\System32\Administrator_KBD.ini 2014-05-20 21:49 - 2014-05-20 19:48 - 00000000 ___RD () C:\Documents and Settings\Administrator\Ulubione 2014-05-20 21:49 - 2014-05-20 19:48 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty 2014-05-20 21:49 - 2013-12-21 14:54 - 00098116 _____ () C:\Windows\setupapi.log 2014-05-20 21:49 - 2011-06-09 18:18 - 00007082 ____C () C:\Windows\wmsetup.log 2014-05-20 19:44 - 2014-05-20 19:44 - 00000000 __SHD () C:\Windows\CSC 2014-05-19 17:49 - 2009-09-10 13:45 - 00002206 _____ () C:\Windows\System32\wpa.dbl 2014-05-18 18:34 - 2009-09-10 13:45 - 00000609 _____ () C:\Windows\win.ini 2014-05-18 18:24 - 2011-06-09 20:10 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji 2014-05-17 16:53 - 2011-06-19 13:45 - 00387422 _____ () C:\Windows\KB2481109.log 2014-05-16 18:38 - 2013-12-19 09:30 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2014-05-16 18:38 - 2013-12-19 09:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-05-14 16:30 - 2013-09-09 20:55 - 00000000 ____D () C:\Windows\System32\MRT 2014-05-14 16:27 - 2011-06-19 14:13 - 90547776 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-05-14 16:26 - 2014-05-14 16:26 - 00000000 ____D () C:\Windows\System32\jmdp 2014-05-14 15:45 - 2013-06-08 09:49 - 00000000 ____D () C:\Windows\System32\WNLT 2014-05-14 15:45 - 2012-11-10 18:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-14 15:44 - 2013-06-08 09:49 - 00000000 ____D () C:\Windows\System32\ARFC 2014-05-13 16:50 - 2014-05-13 16:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-13 16:50 - 2011-06-09 20:10 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-05-12 21:39 - 2011-06-19 13:01 - 00446862 ____C () C:\Windows\DPINST.LOG 2014-05-12 20:30 - 2014-05-12 20:30 - 00000000 ____D () C:\Program Files\Sony 2014-05-12 20:30 - 2014-04-07 15:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-05-12 20:23 - 2011-06-09 20:10 - 00231544 _____ () C:\Windows\setupact.log 2014-05-05 18:33 - 2013-11-17 15:31 - 00000000 ____D () C:\Program Files\LinkSwift 2014-05-02 06:46 - 2014-05-02 06:46 - 00012983 _____ () C:\Windows\KB2964358-IE8.log 2014-05-02 06:46 - 2011-06-19 14:05 - 00000000 ____D () C:\Windows\ie8updates 2014-05-02 06:46 - 2011-06-19 14:04 - 00113821 _____ () C:\Windows\updspapi.log 2014-05-02 06:46 - 2011-06-09 20:11 - 01641346 _____ () C:\Windows\iis6.log 2014-05-02 06:46 - 2011-06-09 20:11 - 01418208 _____ () C:\Windows\FaxSetup.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00855897 _____ () C:\Windows\ocgen.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00669740 _____ () C:\Windows\tsoc.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00483164 _____ () C:\Windows\comsetup.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00458526 _____ () C:\Windows\msmqinst.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00295364 _____ () C:\Windows\ntdtcsetup.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00252107 _____ () C:\Windows\netfxocm.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00100736 _____ () C:\Windows\MedCtrOC.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00089117 _____ () C:\Windows\ocmsn.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00073035 _____ () C:\Windows\tabletoc.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00072624 _____ () C:\Windows\msgsocm.log 2014-05-02 06:46 - 2011-06-09 20:11 - 00001355 _____ () C:\Windows\imsins.log 2014-04-30 08:12 - 2009-09-10 13:45 - 06022144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll 2014-04-30 08:12 - 2009-09-10 13:45 - 06022144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll 2014-04-30 08:12 - 2009-09-10 13:45 - 06022144 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-04-24 22:16 - 2014-04-24 20:53 - 00029246 _____ () C:\Windows\KB2922229.log 2014-04-24 22:16 - 2011-06-09 20:11 - 00001374 _____ () C:\Windows\imsins.BAK 2014-04-24 22:15 - 2014-04-24 22:15 - 00000000 __HDC () C:\Windows\$NtUninstallKB2922229$ 2014-04-24 22:12 - 2014-04-24 22:11 - 00019825 _____ () C:\Windows\KB2936068-IE8.log 2014-04-24 21:49 - 2011-06-09 18:55 - 00000000 ___RD () C:\Documents and Settings\Daniel\Ulubione 2014-04-24 10:17 - 2014-04-27 13:20 - 00055224 _____ (StdLib) C:\Windows\System32\Drivers\{25d71abf-7776-46f5-a269-9951331f9030}t.sys ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2009-09-10 13:45] - [2009-09-10 13:45] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2009-09-10 13:45] - [2009-09-10 13:45] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2009-09-10 13:45] - [2009-09-10 13:45] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2009-09-10 13:45] - [2009-09-10 13:45] - 0111104 ____A (Microsoft Corporation) 8816e60bf654353e8e0d35ed98875445 C:\Windows\System32\User32.dll [2009-09-10 13:45] - [2009-09-10 13:45] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2009-09-10 13:45] - [2009-09-10 13:45] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2009-09-10 13:45] - [2009-09-10 13:45] - 0401408 ____A (Microsoft Corporation) c9e5ac78d9a00b1de8ce2ad1bdde7e42 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2009-09-10 13:45] - [2009-09-10 13:45] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== Restore Points (XP) ===================== RP: -> 2014-05-20 18:29 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP137 RP: -> 2014-05-17 20:41 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP136 RP: -> 2014-05-16 20:38 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP135 RP: -> 2014-05-14 16:26 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP134 RP: -> 2014-05-12 21:35 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP133 RP: -> 2014-05-12 20:33 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP132 RP: -> 2014-05-02 06:46 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP131 RP: -> 2014-05-01 22:20 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP130 RP: -> 2014-04-24 22:10 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP129 RP: -> 2014-04-07 15:35 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP128 RP: -> 2014-04-07 01:00 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP127 RP: -> 2014-04-06 21:42 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP126 RP: -> 2014-03-16 14:21 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP125 RP: -> 2014-03-16 09:40 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP124 RP: -> 2014-03-08 20:25 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP123 RP: -> 2014-03-08 15:19 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP122 RP: -> 2014-03-06 17:14 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP121 RP: -> 2014-03-06 17:12 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP120 RP: -> 2014-03-06 17:11 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP119 RP: -> 2014-03-06 17:10 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP118 RP: -> 2014-03-06 17:09 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP117 RP: -> 2014-03-06 15:55 - 028672 _restore{0D659D0C-A9BF-4229-B94E-93A5CD919FA4}\RP116 ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 1022.18 MB Available physical RAM: 762.15 MB Total Pagefile: 846.96 MB Available Pagefile: 512.11 MB Total Virtual: 2047.88 MB Available Virtual: 2007.25 MB ==================== Drives ================================ Drive b: (RamDrive) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS Drive c: (dysk) (Fixed) (Total:67.31 GB) (Free:45.82 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (XP_SP3_PL) (Removable) (Total:3.73 GB) (Free:3.06 GB) NTFS Drive e: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS Drive x: (Mini Xp) (Fixed) (Total:0.23 GB) (Free:0.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 67 GB) (Disk ID: 99889988) Partition 1: (Active) - (Size=67 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 01750989) No partition Table on disk 1. ==================== End Of Log ============================