Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014 Ran by Kadr (administrator) on KADRY on 07-11-2014 13:22:34 Running from D:\1234 Loaded Profile: Kadr (Available profiles: Kadr) Platform: Microsoft Windows XP Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe () C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Vulcan) C:\Program Files\VULCAN\Kadry Płace Optivum\Płace Optivum.exe (Vulcan) C:\Program Files\VULCAN\Kadry Płace Optivum\Płace Optivum.exe (Vulcan) C:\Program Files\VULCAN\Kadry Płace Optivum\Płace Optivum.exe (Vulcan) C:\Program Files\VULCAN\Kadry Płace Optivum\Płace Optivum.exe (Vulcan) C:\Program Files\VULCAN\Kadry Płace Optivum\Płace Optivum.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16380416 2007-07-05] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [CryptoCard Suite Cert Monitor] => C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe [524800 2012-05-08] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [515072 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1957994488-1450960922-842925246-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1957994488-1450960922-842925246-1003\...\Run: [Twoje TVN24] => [X] HKU\S-1-5-21-1957994488-1450960922-842925246-1003\...\Run: [Tiny download manager] => "C:\Documents and Settings\Kadr\Ustawienia lokalne\Dane aplikacji\DM\TinyDM.exe" /M BootExecute: autocheck autochk * sprestrtC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ SearchScopes: HKCU - {D0E0E971-A1F8-406D-BB6D-26EAA8701019} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EPL&gct=sb&itbv=12.10.3.34&apn_uid=32364B92-9F9F-4F4D-A1D8-E8113A2D1904&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EPL&apn_dbr=ie_8.0.6001.18702&doi=2014-03-14&trgb=IE&q={searchTerms}&psv= BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Przelewy24.BHO -> {8a194578-81ea-4850-9911-13ba2d71efbd} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{6CCFB2F8-B6E4-4D14-9C12-39EB4B95E96C}: [NameServer] 10.0.0.1,194.204.152.34 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Kadr\Dane aplikacji\Mozilla\Firefox\Profiles\wz021dr8.default FF Homepage: https://www.google.pl/?gws_rd=cr&ei=hqlfUuJbhZazBt_2gIAP FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-01-27] Chrome: ======= CHR Profile: C:\Documents and Settings\Kadr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Documents and Settings\Kadr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-01] (Oracle Corporation) S2 MSSQL$OPTIVUM_2008; C:\Program Files\Microsoft SQL Server\MSSQL10_50.OPTIVUM_2008\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation) S4 MSSQLFDLauncher$OPTIVUM_2008; C:\Program Files\Microsoft SQL Server\MSSQL10_50.OPTIVUM_2008\MSSQL\Binn\fdlauncher.exe [37832 2012-06-29] (Microsoft Corporation) S4 SQLAgent$OPTIVUM_2008; C:\Program Files\Microsoft SQL Server\MSSQL10_50.OPTIVUM_2008\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S4 RsFx0153; C:\WINDOWS\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation) S3 SCR3xx USB Smart Card Reader; C:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys [59520 2011-06-16] (SCM Microsystems Inc.) R3 SCR3XX2K; C:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys [59520 2011-06-16] (SCM Microsystems Inc.) S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) U2 CertPropSvc; No ImagePath S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-07 13:21 - 2014-11-07 13:22 - 00000000 ____D () C:\FRST 2014-11-07 08:25 - 2014-11-07 08:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-06 08:18 - 2014-11-06 08:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini110614-01.dmp 2014-11-05 08:27 - 2014-11-05 08:27 - 00065536 _____ () C:\WINDOWS\Minidump\Mini110514-01.dmp 2014-11-04 08:01 - 2014-11-04 08:01 - 00018561 _____ () C:\Documents and Settings\Kadr\Pulpit\Rozliczenie01102014.xml 2014-10-31 14:38 - 2014-10-31 14:38 - 00010768 _____ () C:\Documents and Settings\Kadr\Pulpit\ZS-n-le XI.2014 2014-10-29 16:03 - 2014-10-29 16:03 - 00004397 _____ () C:\Documents and Settings\Kadr\Pulpit\ZS-godz.10.2014+ Wyszyńska 2014-10-29 14:51 - 2013-06-06 10:40 - 00000724 _____ () C:\Documents and Settings\Kadr\Pulpit\wp.pl.lnk 2014-10-28 08:24 - 2014-10-28 08:24 - 00065536 _____ () C:\WINDOWS\Minidump\Mini102814-01.dmp 2014-10-27 15:57 - 2014-10-27 15:57 - 01997312 _____ () C:\Documents and Settings\Kadr\Pulpit\p_biblia_ksiega_nad_ksiegami.ppt 2014-10-27 15:21 - 2014-10-27 15:21 - 00252650 _____ () C:\Documents and Settings\Kadr\Pulpit\Prezentacja Biblia.pptx 2014-10-25 10:24 - 2014-10-25 10:24 - 00004385 _____ () C:\Documents and Settings\Kadr\Pulpit\ZS-adm i obs 10.2014 2014-10-20 07:19 - 2014-10-20 07:19 - 00065536 _____ () C:\WINDOWS\Minidump\Mini102014-01.dmp 2014-10-16 07:10 - 2014-10-16 07:10 - 00065536 _____ () C:\WINDOWS\Minidump\Mini101614-01.dmp 2014-10-11 09:44 - 2014-10-11 09:44 - 00065536 _____ () C:\WINDOWS\Minidump\Mini101114-01.dmp 2014-10-09 07:11 - 2014-10-09 07:11 - 00065536 _____ () C:\WINDOWS\Minidump\Mini100914-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-07 13:22 - 2011-01-26 21:38 - 00000000 ____D () C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp 2014-11-07 13:21 - 2011-01-26 20:16 - 00000188 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini 2014-11-07 11:45 - 2014-09-12 13:13 - 00002453 _____ () C:\Documents and Settings\Kadr\Pulpit\Płace Optivum.lnk 2014-11-07 11:45 - 2014-02-24 10:41 - 00002449 _____ () C:\Documents and Settings\All Users\Pulpit\Płace Optivum.lnk 2014-11-07 11:14 - 2011-01-31 12:49 - 00000000 ____D () C:\Documents and Settings\Kadr\Moje dokumenty\Kadry 2014-11-07 11:08 - 2011-01-26 21:38 - 00000000 ___RD () C:\Documents and Settings\Kadr\Moje dokumenty 2014-11-07 08:30 - 2013-06-06 10:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-07 08:16 - 2012-12-14 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2014-11-07 08:08 - 2011-01-26 21:37 - 00000188 ___SH () C:\Documents and Settings\LocalService\ntuser.ini 2014-11-07 08:08 - 2011-01-26 20:11 - 01662788 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-07 08:08 - 2010-10-16 12:24 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl 2014-11-06 15:52 - 2011-01-26 21:38 - 00000188 ___SH () C:\Documents and Settings\Kadr\ntuser.ini 2014-11-06 12:39 - 2014-05-30 11:48 - 00000000 ____D () C:\Documents and Settings\Kadr\Ustawienia lokalne\Dane aplikacji\Avg2014 2014-11-06 12:37 - 2011-01-26 21:38 - 00000000 ____D () C:\Documents and Settings\Kadr\Pulpit 2014-11-06 08:21 - 2014-05-29 03:04 - 1064517632 _____ () C:\WINDOWS\MEMORY.DMP 2014-11-06 08:18 - 2014-03-22 19:49 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-11-06 08:18 - 2013-06-05 14:08 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-06 08:18 - 2011-03-21 14:02 - 00000000 ____D () C:\WINDOWS\Minidump 2014-11-06 08:18 - 2011-01-26 21:37 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-06 08:09 - 2013-06-05 14:08 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-05 15:54 - 2011-01-26 21:37 - 00032450 _____ () C:\WINDOWS\SchedLgU.Txt 2014-11-05 15:40 - 2013-06-07 08:29 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-05 10:06 - 2011-01-26 20:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2014-11-05 08:30 - 2011-01-27 10:10 - 00000460 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{27255E80-3DA6-4C9E-9116-3D62D4F0EB74}.job 2014-11-03 12:55 - 2014-02-24 10:41 - 00002453 _____ () C:\Documents and Settings\All Users\Pulpit\Kadry Optivum.lnk 2014-10-29 09:09 - 2011-01-26 21:38 - 00000000 ___HD () C:\Documents and Settings\Kadr\Ustawienia lokalne\Dane aplikacji 2014-10-28 13:15 - 2013-06-05 14:11 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-10-27 08:06 - 2011-01-26 20:42 - 01497434 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-10-27 08:06 - 2010-10-16 12:24 - 00640282 _____ () C:\WINDOWS\system32\perfh015.dat 2014-10-27 08:06 - 2010-10-16 12:24 - 00138202 _____ () C:\WINDOWS\system32\perfc015.dat 2014-10-21 14:04 - 2014-07-07 13:40 - 00000000 ____D () C:\Documents and Settings\Kadr\Moje dokumenty\Pobrane 2014-10-21 14:04 - 2011-01-27 10:36 - 00000000 ____D () C:\Documents and Settings\Kadr\Ustawienia lokalne\Dane aplikacji\Adobe 2014-10-17 14:54 - 2013-10-08 13:46 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-10-17 14:48 - 2011-02-01 08:45 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-10-13 14:44 - 2014-05-29 01:14 - 00460448 _____ () C:\WINDOWS\setupapi.log 2014-10-09 07:11 - 2014-03-22 19:49 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job Some content of TEMP: ==================== C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\APNSetup.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\CCP11s.dll C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\install_reader11_pl_mssa_aaa_aih.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\jre-7u10-windows-i586-iftw.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\jre-7u17-windows-i586-iftw.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\jre-7u21-windows-i586-iftw.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\ose00000.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\ose00001.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\ose00002.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\Pit2013_7.0.19.47.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\Pit2013_7.0.19.48.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\Pit2013_7.0.20.49.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\Pit2013_7.0.21.52.exe C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\pkcs11wrapper.dll C:\Documents and Settings\Kadr\Ustawienia lokalne\Temp\usbenter.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2004-08-04 13:00] - [2008-04-14 21:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2004-08-04 13:00] - [2008-04-14 21:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] - [2008-04-14 21:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2004-08-04 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2004-08-04 13:00] - [2008-04-14 21:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2004-08-04 13:00] - [2008-04-14 21:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2004-08-04 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2004-08-04 13:00] - [2008-04-14 20:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================