fScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01 Ran by CL (administrator) on DC1RBG93 on 23-06-2015 12:59:55 Running from C:\Documents and Settings Loaded Profiles: CL (Available Profiles: CL & Tomek & admin & Administrator & Guest) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Dell Inc.) C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe () C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [729178 2005-06-24] (Synaptics, Inc.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [393216 2005-09-10] (SigmaTel, Inc.) HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998088 2015-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [MMTray] => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-11-28] (RealNetworks, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-2154615204-4275496255-3731553294-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk [2009-04-17] ShortcutTarget: DSLMON.lnk -> C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2012-10-31] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2154615204-4275496255-3731553294-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2154615204-4275496255-3731553294-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2154615204-4275496255-3731553294-1006 -> ${searchCLSID} URL = http://search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-20] (Oracle Corporation) BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-20] (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31] (AVAST Software) DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://extranet.uj.edu.pl/dana-cached/sc/JuniperSetupClient.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Documents and Settings\CL\Application Data\Mozilla\Firefox\Profiles\6ojqha1y.default-1416325790906 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-12] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Documents and Settings\CL\My Documents\www__Pomoce_do_kompa\Google\Picasa3\npPicasa3.dll [2009-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-09-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-20] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2012-11-28] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-11-28] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-28] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-28] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2007-12-21] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-11-28] (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-11-28] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-11-28] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012-11-28] (RealPlayer) FF Extension: NoScript - C:\Documents and Settings\CL\Application Data\Mozilla\Firefox\Profiles\6ojqha1y.default-1416325790906\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-18] FF Extension: Adblock Plus - C:\Documents and Settings\CL\Application Data\Mozilla\Firefox\Profiles\6ojqha1y.default-1416325790906\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-19] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-14] Chrome: ======= CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-06-14] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value Opera: ======= StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHTS541040G9AT00_MPB2PAX2F0194MF0194MX&ts=1377785095 ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software) R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [165160 2009-03-27] (Seagate Technology LLC) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-20] (Oracle Corporation) R2 NICCONFIGSVA; C:\Program Files\Dell\NICCONFIGSVA\NICCONFIGSVA.exe [356352 2005-06-09] (Dell Inc.) [File not signed] S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [229376 2010-05-17] (Puran Software) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [25256 2012-10-31] (AVAST Software) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S3 adiusbaw; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [118552 2007-02-07] (Analog Devices Inc.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2006-02-06] (Meetinghouse Data Communications) [File not signed] R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-03] (Dell Inc) [File not signed] R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-02-06] (Windows (R) 2000 DDK provider) [File not signed] R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software) R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [97608 2012-10-31] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [35928 2012-10-31] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [369024 2004-12-07] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] () R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed] R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed] S2 ELOADER; C:\WINDOWS\System32\Drivers\adildr.sys [56088 2007-02-07] (Analog Deivces) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk.sys [10240 2008-04-03] (Atola) [File not signed] S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed] R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed] R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1032472 2005-09-10] (SigmaTel, Inc.) R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed] R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U2 W32Time; %SystemRoot%\System32\svchost.exe -k netsvcs U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-23 12:59 - 2015-06-23 13:02 - 00016064 _____ C:\Documents and Settings\CL\My Documents\FRST.txt 2015-06-23 12:57 - 2015-06-23 12:57 - 00000000 ____D C:\Documents and Settings\CL\My Documents\FRST-OlderVersion 2015-06-22 12:46 - 2015-06-23 10:28 - 00000000 ____D C:\Documents and Settings\CL\My Documents\Pobrane 2015-06-19 18:23 - 2015-06-19 18:23 - 02231296 _____ C:\Documents and Settings\CL\My Documents\AdwCleaner.exe 2015-06-19 18:20 - 2015-06-23 12:57 - 01148928 _____ (Farbar) C:\Documents and Settings\CL\My Documents\FRST.exe 2015-06-15 12:49 - 2015-06-15 12:49 - 00713312 _____ (Internet ) C:\Documents and Settings\CL\My Documents\Opera(12614)-dp.exe 2015-06-08 23:29 - 2015-06-22 11:08 - 00000000 ____D C:\Documents and Settings\CL\My Documents\My PSP Files 2015-06-08 07:59 - 2015-06-23 12:53 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2154615204-4275496255-3731553294-1006.job 2015-06-03 09:20 - 2015-06-03 09:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-06-01 09:38 - 2015-06-01 09:38 - 00000000 ____D C:\Documents and Settings\CL\Application Data\OpenOffice 2015-06-01 09:36 - 2015-06-01 09:37 - 00000000 ___SD C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.1.1 2015-06-01 09:36 - 2015-06-01 09:36 - 00000907 _____ C:\Documents and Settings\All Users\Desktop\OpenOffice 4.1.1.lnk 2015-06-01 09:34 - 2015-06-01 09:34 - 00000000 ____D C:\Program Files\OpenOffice 4 2015-06-01 09:28 - 2015-06-01 09:28 - 00000000 ____D C:\Documents and Settings\CL\Desktop\OpenOffice 4.1.1 (pl) Installation Files ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-23 13:02 - 2009-04-13 16:50 - 00000000 ____D C:\Documents and Settings\CL\Local Settings\temp 2015-06-23 13:00 - 2013-10-10 13:24 - 00000000 ____D C:\FRST 2015-06-23 12:53 - 2012-11-28 23:23 - 00000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2154615204-4275496255-3731553294-1006.job 2015-06-23 12:53 - 2012-11-12 12:28 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-06-23 12:52 - 2014-11-16 23:13 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-23 12:52 - 2014-03-14 23:49 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-06-23 12:52 - 2004-08-10 21:02 - 01728534 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-23 12:51 - 2004-08-10 21:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-23 12:51 - 2004-08-10 20:59 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-06-23 12:51 - 2004-08-10 20:59 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-06-23 12:48 - 2004-08-10 21:08 - 00032512 _____ C:\WINDOWS\SchedLgU.Txt 2015-06-23 12:48 - 2004-08-10 21:08 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini 2015-06-23 12:47 - 2006-02-15 03:41 - 00000178 ___SH C:\Documents and Settings\CL\ntuser.ini 2015-06-23 12:46 - 2011-01-05 17:13 - 00000000 ____D C:\Program Files\Puran Defrag 2015-06-23 12:34 - 2013-09-30 15:34 - 00000416 _____ C:\WINDOWS\Tasks\At1.job 2015-06-23 12:25 - 2011-01-09 02:51 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-23 12:18 - 2012-09-09 21:12 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-06-23 11:08 - 2006-02-25 18:27 - 00113152 _____ C:\Documents and Settings\CL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-23 10:57 - 2012-09-14 00:26 - 00054156 ____H C:\WINDOWS\QTFont.qfn 2015-06-22 16:06 - 2011-01-14 15:49 - 00000000 ____D C:\Documents and Settings\CL\Application Data\vlc 2015-06-22 16:06 - 2009-04-13 16:54 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp 2015-06-22 11:08 - 2006-02-18 18:46 - 00007518 ___SH C:\WINDOWS\system32\KGyGaAvL.sys 2015-06-22 11:08 - 2006-02-18 18:46 - 00000152 __RSH C:\WINDOWS\system32\F66EE488CB.sys 2015-06-20 01:55 - 2006-02-15 03:41 - 00000000 ____D C:\Documents and Settings\CL 2015-06-15 10:00 - 2011-04-15 02:10 - 00703015 _____ C:\WINDOWS\setupapi.log 2015-06-15 09:59 - 2015-05-20 13:45 - 00000748 _____ C:\Documents and Settings\CL\Desktop\TP-LINK Modem Router Settings.txt 2015-06-12 13:20 - 2012-09-09 21:11 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-06-12 13:20 - 2011-07-15 18:39 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-06-10 23:44 - 2013-07-13 02:31 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-10 23:43 - 2015-02-12 03:17 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-08 17:24 - 2014-03-14 23:49 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2015-06-04 14:01 - 2006-02-18 18:47 - 00040000 _____ C:\Documents and Settings\CL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-06-01 12:13 - 2004-08-10 20:57 - 00198552 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-28 10:02 - 2011-08-23 08:16 - 00000000 ____D C:\Documents and Settings\CL\Local Settings\Application Data\Paint.NET ==================== Files in the root of some directories ======= 2013-05-06 09:33 - 2013-05-06 09:33 - 0050688 _____ (Atribune.org) C:\Program Files\ATF-Cleaner.exe 2014-11-15 15:06 - 2014-11-15 15:08 - 6000640 _____ () C:\Program Files\GUT117.tmp 2014-01-02 18:47 - 2014-01-02 18:56 - 4096000 _____ () C:\Program Files\GUT11F.tmp 2014-11-16 01:07 - 2014-11-16 01:08 - 6000640 _____ () C:\Program Files\GUT2AA.tmp 2006-02-21 16:08 - 2006-02-21 16:08 - 0012358 _____ () C:\Documents and Settings\CL\Application Data\PFP120JCM.{PB 2006-02-21 16:08 - 2006-02-21 16:08 - 0061678 _____ () C:\Documents and Settings\CL\Application Data\PFP120JPR.{PB 2011-10-01 23:56 - 2011-10-01 23:56 - 0210646 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\ars.cache 2011-10-01 23:57 - 2011-10-01 23:57 - 0203102 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\census.cache 2006-02-25 18:27 - 2015-06-23 11:08 - 0113152 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-03-11 17:06 - 2011-03-11 17:06 - 0000036 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\housecall.guid.cache 2014-10-18 08:56 - 2014-10-18 08:56 - 0000000 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\{13D58024-C667-4CD6-9287-6A13A8596C16} 2015-02-17 23:19 - 2015-02-17 23:19 - 0000000 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\{1CB4FFF0-7A45-43E5-835B-D31CBEAAFEF4} 2014-12-30 13:27 - 2014-12-30 13:27 - 0000000 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\{64999EF2-92D0-42E2-B7C5-E0327F3C2995} 2014-12-03 02:03 - 2014-12-03 02:03 - 0000000 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\{7E222488-274A-4934-9443-886E0869E054} 2015-05-03 22:19 - 2015-05-03 22:19 - 0000000 _____ () C:\Documents and Settings\CL\Local Settings\Application Data\{FA1EA392-F978-460E-A851-511DE9FA7EA7} Files to move or delete: ==================== C:\Windows\Tasks\At1.job ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================