Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Tadek (administrator) on TADEK-2009-03 on 19-10-2013 17:44:52 Running from F:\vir Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (THOMSON Telecom Belgium) C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (France Télécom R&D) C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (France Telecom) C:\WINDOWS\System32\FTRTSVC.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [77824 2005-08-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [SpeedTouch USB Diagnostics] - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [866816 2004-01-26] (THOMSON Telecom Belgium) HKLM\...\Run: [WOOWATCH] - C:\PROGRA~1\NEOSTR~1\Watch.exe [20480 2004-08-23] (France Télécom R&D) HKLM\...\Run: [WOOTASKBARICON] - C:\PROGRA~1\NEOSTR~1\GestMaj.exe [32768 2004-10-14] (France Télécom R&D) HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-29] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.) SearchScopes: HKLM - DefaultScope value is missing. BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 18 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 194.63.133.4 194.63.132.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Tadek\Dane aplikacji\Mozilla\Firefox\Profiles\x7a4m7um.default-1382196325562 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll No File FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-29] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] () R2 FTRTSVC; C:\WINDOWS\System32\FTRTSVC.exe [40960 2004-08-23] (France Telecom) S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) S3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2324480 2005-08-11] (Realtek Semiconductor Corp.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [21664 2004-10-25] (EnTech Taiwan) R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] () S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP) R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-18] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [33408 2005-01-13] (NVIDIA Corporation) R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-01-13] (NVIDIA Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-12-09] () S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-19 17:29 - 2013-10-19 17:31 - 00000000 ____D C:\AdwCleaner 2013-10-19 17:25 - 2013-10-19 17:25 - 00000000 ____D C:\Documents and Settings\Tadek\Pulpit\Stare dane programu Firefox 2013-10-18 19:26 - 2013-10-19 17:18 - 00000000 ____D C:\FRST 2013-10-18 09:36 - 2013-10-18 09:46 - 00000441 _____ C:\WINDOWS\nsw.log 2013-10-18 09:31 - 2013-10-18 09:31 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-10-03 12:02 - 2013-10-03 18:01 - 99131034 _____ C:\WINDOWS\system32\촕㭒善; 2013-10-02 22:40 - 2013-10-03 12:01 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-01 22:09 - 2013-10-01 22:53 - 00000000 ____D C:\Documents and Settings\Tadek\Pulpit\ślub 2013-09-26 20:32 - 2013-09-27 22:15 - 00000000 ____D C:\Documents and Settings\Tadek\Pulpit\Chorwacja ==================== One Month Modified Files and Folders ======= 2013-10-19 17:40 - 2009-04-01 19:50 - 00000000 ____D C:\Program Files\neostrada tp 2013-10-19 17:40 - 2009-03-31 23:17 - 00000441 _____ C:\WINDOWS\wiadebug.log 2013-10-19 17:40 - 2009-03-31 23:17 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-19 17:39 - 2009-03-31 21:27 - 00000292 ___SH C:\Documents and Settings\Tadek\ntuser.ini 2013-10-19 17:39 - 2009-03-31 21:27 - 00000000 ____D C:\Documents and Settings\Tadek 2013-10-19 17:39 - 2009-03-31 21:22 - 00414006 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-19 17:31 - 2013-10-19 17:29 - 00000000 ____D C:\AdwCleaner 2013-10-19 17:31 - 2009-03-31 23:15 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-10-19 17:31 - 2009-03-31 21:26 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2013-10-19 17:25 - 2013-10-19 17:25 - 00000000 ____D C:\Documents and Settings\Tadek\Pulpit\Stare dane programu Firefox 2013-10-19 17:25 - 2009-03-31 21:27 - 00000000 ____D C:\Documents and Settings\Tadek\Pulpit 2013-10-19 17:22 - 2009-03-31 23:15 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2013-10-19 17:22 - 2009-03-31 23:15 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2013-10-19 17:21 - 2009-03-31 21:27 - 00000000 __RHD C:\Documents and Settings\Tadek\Dane aplikacji 2013-10-19 17:20 - 2009-03-31 21:27 - 00000000 ___RD C:\Documents and Settings\Tadek\Menu Start\Programy 2013-10-19 17:18 - 2013-10-18 19:26 - 00000000 ____D C:\FRST 2013-10-19 17:18 - 2009-03-31 21:27 - 00000000 ___HD C:\Documents and Settings\Tadek\Ustawienia lokalne\Dane aplikacji 2013-10-19 17:16 - 2009-04-28 20:39 - 00000000 ____D C:\Program Files\Google 2013-10-19 17:13 - 2009-04-01 21:43 - 00000000 ____D C:\Documents and Settings\Tadek\Dane aplikacji\Skype 2013-10-18 18:48 - 2011-12-03 16:32 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2013-10-18 18:47 - 2009-03-31 21:21 - 00000000 ____D C:\WINDOWS\Registration 2013-10-18 09:46 - 2013-10-18 09:36 - 00000441 _____ C:\WINDOWS\nsw.log 2013-10-18 09:46 - 2009-03-31 23:15 - 00523472 _____ C:\WINDOWS\setupapi.log 2013-10-18 09:39 - 2009-03-31 23:15 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2013-10-18 09:32 - 2009-03-31 23:15 - 00121568 _____ C:\WINDOWS\iis6.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00086340 _____ C:\WINDOWS\FaxSetup.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00052973 _____ C:\WINDOWS\ocgen.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00044963 _____ C:\WINDOWS\tsoc.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00040827 _____ C:\WINDOWS\comsetup.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00023024 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00015969 _____ C:\WINDOWS\netfxocm.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00008652 _____ C:\WINDOWS\MedCtrOC.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00005419 _____ C:\WINDOWS\ocmsn.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00005244 _____ C:\WINDOWS\tabletoc.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00004593 _____ C:\WINDOWS\msgsocm.log 2013-10-18 09:32 - 2009-03-31 23:15 - 00001943 _____ C:\WINDOWS\imsins.log 2013-10-18 09:31 - 2013-10-18 09:31 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-10-18 09:31 - 2009-03-31 23:15 - 00033420 _____ C:\WINDOWS\msmqinst.log 2013-10-18 08:26 - 2009-03-31 23:15 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2013-10-18 08:25 - 2009-03-31 23:11 - 00000000 ____D C:\WINDOWS\Help 2013-10-18 07:21 - 2011-04-16 12:37 - 00000000 ____D C:\Documents and Settings\Tadek\Moje dokumenty\Pobieranie 2013-10-17 18:28 - 2001-07-22 03:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-16 19:30 - 2009-04-07 17:14 - 00000023 _____ C:\WINDOWS\popcinfo.dat 2013-10-10 20:52 - 2009-04-16 13:03 - 00000000 ____D C:\Program Files\Jewel Quest 2013-10-10 20:26 - 2001-07-22 03:16 - 00000783 _____ C:\WINDOWS\win.ini 2013-10-08 20:15 - 2009-03-31 22:05 - 00000000 ____D C:\ATI 2013-10-08 15:23 - 2009-03-31 21:27 - 00000000 ___RD C:\Documents and Settings\Tadek\Moje dokumenty 2013-10-08 15:19 - 2009-05-03 21:16 - 00002545 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office Word 2003.lnk 2013-10-07 17:26 - 2009-04-18 21:01 - 00000000 ____D C:\Documents and Settings\Tadek\Dane aplikacji\Image Zone Express 2013-10-06 18:19 - 2009-03-31 21:27 - 00000000 ___RD C:\Documents and Settings\Tadek\Moje dokumenty\Moje obrazy 2013-10-04 16:14 - 2012-04-24 22:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-03 18:01 - 2013-10-03 12:02 - 99131034 _____ C:\WINDOWS\system32\촕㭒善; 2013-10-03 12:23 - 2009-04-18 21:01 - 00000000 ____D C:\Documents and Settings\Tadek\Moje dokumenty\Moje zeskanowane obrazy 2013-10-03 12:01 - 2013-10-02 22:40 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-01 22:53 - 2013-10-01 22:09 - 00000000 ____D C:\Documents and Settings\Tadek\Pulpit\ślub 2013-09-27 22:15 - 2013-09-26 20:32 - 00000000 ____D C:\Documents and Settings\Tadek\Pulpit\Chorwacja 2013-09-26 20:27 - 2010-11-14 17:35 - 00000151 _____ C:\WINDOWS\PhotoSnapViewer.INI Files to move or delete: ==================== ZeroAccess: C:\Program Files\Google\Desktop\Install ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 01:44] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 01:44] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 01:44] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 01:44] - [2008-04-14 22:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\Windows\System32\User32.dll [2004-08-04 01:44] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 01:44] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 01:36] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================