Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2013 Ran by ja (administrator) on DYSPOZYTOR on 09-09-2013 14:28:11 Running from C:\Dyspozytor 2010\WIRUS Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Cyberlink Corp.) C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (r2 studios) C:\Program Files\r2 Studios\HideOE2\HideOE.exe (Microsoft Corporation) C:\Program Files\outlook express\msimn.exe (Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe () C:\Program Files\Common Files\Protexis\License Service\PSIService.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2008-04-03] (Analog Devices, Inc.) HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.) HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-10-29] (HP) HKLM\...\Run: [ISUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1 HKCU\...\Run: [HideOE] - C:\Program Files\r2 Studios\HideOE2\HideOE.exe [67072 2010-10-28] (r2 studios) MountPoints2: {1878e83f-d402-11e2-941d-001143a5b425} - F:\AutoRun.exe MountPoints2: {c15afffb-8641-11de-8f8a-001143a5b425} - J:\AutoRunCardDetector.exe IMEO\Your Image File Name Here without a path: [Debugger] ntsd -d ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) DPF: {2A781DED-4153-C22D-9812-CEA98A32981C} http://cached.gamedesire.com/g_bin/pl/cardsmakao_2_0_0_33.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\..\Interfaces\{A4E1D26C-4C02-4083-A2E8-CD79E47B8F1F}: [NameServer]192.168.0.1 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] () R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2008-04-03] (Broadcom Corporation) S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [95744 2007-11-14] (Option NV) S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [51968 2007-11-14] (Option N.V.) S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-11-14] (Option N.V.) R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [804317 2008-04-03] (Intel Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2003-09-23] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2006-03-01] (Printing Communications Assoc., Inc. (PCAUSA)) R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.) R3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2008-04-03] (Creative Technology Ltd.) S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-08 22:08 - 2013-09-08 22:08 - 00000000 ____D C:\_OTL 2013-09-07 09:45 - 2013-09-07 09:44 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-09-07 09:44 - 2013-09-07 09:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-09-07 09:44 - 2013-09-07 09:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-09-07 09:44 - 2013-09-07 09:44 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-09-07 08:08 - 2013-09-07 08:08 - 00000000 ____D C:\FRST 2013-09-07 06:43 - 2013-09-07 11:39 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-09-07 06:43 - 2013-09-07 06:43 - 00000000 ____D C:\Documents and Settings\Administrator 2013-09-07 06:43 - 2008-10-02 12:04 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2013-09-07 06:43 - 2008-10-02 12:04 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start 2013-09-07 06:43 - 2008-10-02 12:04 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne 2013-09-07 06:43 - 2008-10-02 12:04 - 00000000 ____D C:\Documents and Settings\Administrator\Ulubione 2013-09-07 06:43 - 2008-10-02 12:04 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2013-09-07 06:43 - 2008-10-02 12:04 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty 2013-09-07 06:43 - 2008-10-02 10:27 - 00000000 ___HD C:\Documents and Settings\Administrator\Szablony 2013-09-06 09:55 - 2013-09-06 09:37 - 00028658 _____ C:\Kopia_zapasowa_Kopia_zapasowa_balustrada.cdr 2013-09-06 09:37 - 2013-09-06 09:55 - 00012814 _____ C:\Kopia_zapasowa_balustrada.cdr 2013-08-28 22:04 - 2013-08-28 22:04 - 00004132 _____ C:\WINDOWS\KB2834904-v2.log 2013-08-28 22:04 - 2013-08-28 22:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-08-21 15:58 - 2013-08-21 15:58 - 00022848 _____ C:\Documents and Settings\ja\Moje dokumenty\stopień.cdr 2013-08-17 18:36 - 2013-08-17 18:37 - 00011906 _____ C:\WINDOWS\KB2862772-IE8.log 2013-08-17 18:33 - 2013-08-17 18:36 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-17 18:32 - 2013-08-17 18:32 - 00005127 _____ C:\WINDOWS\KB2863058.log 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$ 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$ 2013-08-15 03:15 - 2013-08-17 18:32 - 00010682 _____ C:\WINDOWS\KB2859537.log 2013-08-15 03:15 - 2013-08-17 18:32 - 00008994 _____ C:\WINDOWS\KB2850869.log ==================== One Month Modified Files and Folders ======= 2013-09-09 14:27 - 2013-04-12 11:18 - 00000000 ____D C:\Dyspozytor 2013 2013-09-09 14:27 - 2008-11-21 15:21 - 00013030 _____ C:\PDOXUSRS.NET 2013-09-09 14:27 - 2008-10-02 10:30 - 01698573 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-09 14:26 - 2012-07-09 01:38 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-09-09 14:26 - 2012-06-13 13:18 - 00001024 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-09 14:26 - 2008-10-02 10:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-09 14:26 - 2004-08-04 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-09-09 14:25 - 2011-06-18 06:31 - 00389118 _____ C:\WINDOWS\setupapi.log 2013-09-09 14:25 - 2008-10-02 10:37 - 00000292 ___SH C:\Documents and Settings\ja\ntuser.ini 2013-09-09 14:25 - 2008-10-02 10:37 - 00000000 ____D C:\Documents and Settings\ja 2013-09-09 14:25 - 2008-10-02 10:34 - 00032616 _____ C:\WINDOWS\SchedLgU.Txt 2013-09-09 14:24 - 2013-09-09 14:23 - 00000000 ____D C:\AdwCleaner 2013-09-09 14:24 - 2008-10-02 10:37 - 00000000 ___HD C:\DOCUME~1\ja\USTAWI~1\Dane aplikacji 2013-09-09 14:22 - 2008-10-02 10:37 - 00000000 __RHD C:\Documents and Settings\ja\Dane aplikacji 2013-09-09 14:02 - 2012-04-30 08:22 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-09-09 13:55 - 2012-06-13 13:18 - 00001028 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-09 10:48 - 2011-04-14 14:46 - 00000000 ____D C:\Raporty 2013-09-09 08:40 - 2008-10-02 10:27 - 00208510 ____C C:\WINDOWS\wmsetup.log 2013-09-08 23:18 - 2008-10-02 12:03 - 00205364 _____ C:\WINDOWS\setupact.log 2013-09-08 22:09 - 2008-10-02 12:03 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-09-08 22:08 - 2013-09-08 22:08 - 00000000 ____D C:\_OTL 2013-09-07 11:39 - 2013-09-07 06:43 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-09-07 09:45 - 2012-05-29 09:20 - 00000000 ____D C:\Program Files\Common Files\Java 2013-09-07 09:44 - 2013-09-07 09:45 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-09-07 09:44 - 2013-09-07 09:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-09-07 09:44 - 2013-09-07 09:44 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-09-07 09:44 - 2013-09-07 09:44 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-09-07 09:44 - 2012-06-16 23:11 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2013-09-07 09:44 - 2012-06-16 23:11 - 00789416 ____C (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-09-07 09:44 - 2012-06-16 23:11 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-09-07 09:44 - 2012-05-29 09:21 - 00000000 ____D C:\Program Files\Java 2013-09-07 08:08 - 2013-09-07 08:08 - 00000000 ____D C:\FRST 2013-09-07 08:02 - 2009-12-30 13:40 - 00000000 ____D C:\Dyspozytor 2010 2013-09-07 06:43 - 2013-09-07 06:43 - 00000000 ____D C:\Documents and Settings\Administrator 2013-09-06 18:37 - 2008-10-02 10:37 - 00000000 ___RD C:\Documents and Settings\ja\Menu Start\Programy\Autostart 2013-09-06 16:48 - 2010-07-27 09:04 - 00002551 _____ C:\Documents and Settings\ja\Pulpit\CorelDRAW X3.lnk 2013-09-06 16:48 - 2008-11-26 12:57 - 00002516 ___SH C:\WINDOWS\system32\KGyGaAvL.sys 2013-09-06 16:31 - 2008-12-07 09:42 - 00018838 _____ C:\Documents and Settings\ja\Moje dokumenty\Zmiany.cdr 2013-09-06 16:31 - 2008-10-02 10:37 - 00000000 ___RD C:\Documents and Settings\ja\Moje dokumenty 2013-09-06 09:55 - 2013-09-06 09:37 - 00012814 _____ C:\Kopia_zapasowa_balustrada.cdr 2013-09-06 09:37 - 2013-09-06 09:55 - 00028658 _____ C:\Kopia_zapasowa_Kopia_zapasowa_balustrada.cdr 2013-09-02 13:30 - 2008-10-02 10:37 - 00000000 ____D C:\Documents and Settings\ja\Pulpit 2013-09-02 06:18 - 2012-06-13 13:18 - 00000000 ____D C:\Program Files\Google 2013-09-02 06:18 - 2008-10-02 12:04 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2013-09-02 04:00 - 2008-11-26 12:40 - 00000000 ____D C:\Program Files\Microsoft Office 2013-09-02 04:00 - 2008-10-02 12:04 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-09-01 21:05 - 2008-10-02 10:37 - 00000000 ___RD C:\Documents and Settings\ja\Ulubione 2013-09-01 13:36 - 2008-10-02 10:37 - 00000000 ___RD C:\Documents and Settings\ja\Moje dokumenty\Moje obrazy 2013-09-01 13:01 - 2013-04-17 03:34 - 00000000 ____D C:\Program Files\MSECache 2013-09-01 05:51 - 2008-10-02 10:31 - 00002596 ____C C:\WINDOWS\system32\CONFIG.NT 2013-08-31 12:14 - 2009-01-16 22:06 - 00018812 _____ C:\Documents and Settings\ja\Moje dokumenty\Kopia_zapasowa_Zmiany.cdr 2013-08-30 09:48 - 2013-03-17 03:22 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-30 09:48 - 2013-03-17 03:22 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-08-30 09:48 - 2013-03-17 03:22 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-08-30 09:48 - 2011-03-11 08:57 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-30 09:48 - 2008-11-25 14:32 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-30 09:48 - 2008-11-25 14:32 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-08-30 09:48 - 2008-11-25 14:32 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2013-08-30 09:48 - 2008-11-25 14:32 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-08-30 09:47 - 2011-03-11 08:57 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-30 09:47 - 2008-11-25 14:31 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-08-28 22:04 - 2013-08-28 22:04 - 00004132 _____ C:\WINDOWS\KB2834904-v2.log 2013-08-28 22:04 - 2013-08-28 22:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-08-28 22:04 - 2008-10-02 12:04 - 02147380 _____ C:\WINDOWS\FaxSetup.log 2013-08-28 22:04 - 2008-10-02 12:04 - 01071166 _____ C:\WINDOWS\ocgen.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00997357 _____ C:\WINDOWS\tsoc.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00695134 _____ C:\WINDOWS\comsetup.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00693518 _____ C:\WINDOWS\msmqinst.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00437058 _____ C:\WINDOWS\iis6.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00423194 _____ C:\WINDOWS\ntdtcsetup.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00377676 _____ C:\WINDOWS\netfxocm.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00151111 _____ C:\WINDOWS\MedCtrOC.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00128506 _____ C:\WINDOWS\ocmsn.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00110875 _____ C:\WINDOWS\tabletoc.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00108576 _____ C:\WINDOWS\msgsocm.log 2013-08-28 22:04 - 2008-10-02 12:04 - 00001374 _____ C:\WINDOWS\imsins.log 2013-08-21 15:58 - 2013-08-21 15:58 - 00022848 _____ C:\Documents and Settings\ja\Moje dokumenty\stopień.cdr 2013-08-21 09:02 - 2012-04-30 08:22 - 00692104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-08-21 09:02 - 2012-04-30 08:22 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-08-17 18:37 - 2013-08-17 18:36 - 00011906 _____ C:\WINDOWS\KB2862772-IE8.log 2013-08-17 18:37 - 2008-11-21 16:29 - 00429236 _____ C:\WINDOWS\updspapi.log 2013-08-17 18:37 - 2008-10-02 12:04 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-08-17 18:36 - 2013-08-17 18:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-17 18:36 - 2013-04-03 20:50 - 00000000 ____D C:\WINDOWS\ie8updates 2013-08-17 18:33 - 2008-11-21 16:30 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-08-17 18:32 - 2013-08-17 18:32 - 00005127 _____ C:\WINDOWS\KB2863058.log 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$ 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-08-17 18:32 - 2013-08-17 18:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$ 2013-08-17 18:32 - 2013-08-15 03:15 - 00010682 _____ C:\WINDOWS\KB2859537.log 2013-08-17 18:32 - 2013-08-15 03:15 - 00008994 _____ C:\WINDOWS\KB2850869.log 2013-08-17 18:32 - 2008-11-21 16:29 - 00488010 ____C C:\WINDOWS\system32\TZLog.log Files to move or delete: ==================== C:\DOCUME~1\ja\USTAWI~1\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 11:00] - [2008-04-14 19:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 11:00] - [2008-04-14 19:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 11:00] - [2008-04-14 19:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 11:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2004-08-04 11:00] - [2008-04-14 19:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 11:00] - [2008-04-14 19:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 11:00] - [2008-04-14 18:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================