Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02 Ran by DC5700 (administrator) on HP on 28-05-2014 14:59:17 Running from C:\Documents and Settings\DC5700\Moje dokumenty\Pobieranie Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe () C:\Program Files\fst_pl_30\fst_pl_30.exe () C:\Documents and Settings\DC5700\Ustawienia lokalne\Dane aplikacji\fst_pl_30\upfst_pl_30.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe () C:\Program Files\VLC Player GPU+\UsageLog.exe () C:\Program Files\fst_pl_19\fst_pl_19.exe () C:\Program Files\fst_pl_79\fst_pl_79.exe () C:\Program Files\fst_pl_99\fst_pl_99.exe (Adobe Systems Incorporated) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (SaveSense) C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe (Ufasoft) C:\Program Files\VLC Player GPU+\UsageMonitor.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe () C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (OldTimer Tools) C:\Documents and Settings\DC5700\Moje dokumenty\Pobieranie\OTL.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16871936 2008-06-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [fst_pl_30] => C:\Program Files\fst_pl_30\fst_pl_30.exe [4001224 2014-01-02] () HKLM\...\Run: [upfst_pl_30.exe] => C:\Documents and Settings\DC5700\Ustawienia lokalne\Dane aplikacji\fst_pl_30\upfst_pl_30.exe [3153904 2014-01-02] () HKLM\...\Run: [UsageTemp] => C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\UsageTemp.exe [1305824 2014-01-30] () <===== ATTENTION HKLM\...\Run: [UsageLoader] => C:\Program Files\VLC Player GPU+\UsageLog.exe [1358560 2014-01-14] () HKLM\...\Run: [fst_pl_19] => C:\Program Files\fst_pl_19\fst_pl_19.exe [11671024 2013-12-18] () HKLM\...\Run: [fst_pl_79] => C:\Program Files\fst_pl_79\fst_pl_79.exe [3985920 2014-03-10] () HKLM\...\Run: [fst_pl_99] => C:\Program Files\fst_pl_99\fst_pl_99.exe [3985920 2014-04-03] () HKU\S-1-5-21-748017608-3272634254-3442068131-1003\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\DC5700\Dane aplikacji\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-748017608-3272634254-3442068131-1003\...\Run: [RDReminder] => C:\Program Files\RegClean Pro\RegCleanPro.exe [7913304 2014-04-25] (Systweak Inc) HKU\S-1-5-21-748017608-3272634254-3442068131-1003\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe [841096 2014-02-28] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={C47134ED-DF6D-4E0E-BD60-FC9229775100}&mid=Unknown&lang=pl&ds=gm011&coid=avgtbdisgm&cmpid=&pr=sa&d=2014-01-12 15:55:59&v=18.1.6.542&pid=safeguard&sg=&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1397030415&from=tt4u&uid=ST380815AS_9RW1NCGJ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1397030415&from=tt4u&uid=ST380815AS_9RW1NCGJ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1397030415&from=tt4u&uid=ST380815AS_9RW1NCGJ&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1397030415&from=tt4u&uid=ST380815AS_9RW1NCGJ&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1397030415&from=tt4u&uid=ST380815AS_9RW1NCGJ SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1397030415&from=tt4u&uid=ST380815AS_9RW1NCGJ&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1397030415&from=tt4u&uid=ST380815AS_9RW1NCGJ&q={searchTerms} SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119535&tt=gc_&babsrc=SP_ss&mntrId=2C50001E0B63A29D SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119535&tt=gc_&babsrc=SP_ss&mntrId=2C50001E0B63A29D SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={C47134ED-DF6D-4E0E-BD60-FC9229775100}&mid=Unknown&lang=pl&ds=gm011&coid=avgtbdisgm&cmpid=&pr=sa&d=2014-01-12 15:55:59&v=18.1.6.542&pid=safeguard&sg=&sap=dsp&q={searchTerms} BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files\SaveSense\SaveSenseIE.dll (SaveSense) BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO: SquirrelWeb - {dd86af49-1ef1-4532-89f7-41eda1dbbe6d} - C:\Program Files\SquirrelWeb\SquirrelWebbho.dll (SquirrelWeb) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Tcpip\Parameters: [DhcpNameServer] 86.63.129.29 86.63.129.30 FireFox: ======== FF ProfilePath: C:\Documents and Settings\DC5700\Dane aplikacji\Mozilla\Firefox\Profiles\ih05j9kt.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF SearchPlugin: C:\Documents and Settings\DC5700\Dane aplikacji\Mozilla\Firefox\Profiles\ih05j9kt.default\searchplugins\babylon.xml FF SearchPlugin: C:\Documents and Settings\DC5700\Dane aplikacji\Mozilla\Firefox\Profiles\ih05j9kt.default\searchplugins\BitGuard.xml FF SearchPlugin: C:\Documents and Settings\DC5700\Dane aplikacji\Mozilla\Firefox\Profiles\ih05j9kt.default\searchplugins\BrowserProtect.xml FF SearchPlugin: C:\Documents and Settings\DC5700\Dane aplikacji\Mozilla\Firefox\Profiles\ih05j9kt.default\searchplugins\delta.xml FF Extension: SaveSense - C:\Documents and Settings\DC5700\Dane aplikacji\Mozilla\Firefox\Profiles\ih05j9kt.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} [2014-01-12] ========================== Services (Whitelisted) ================= R2 IePluginService; C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-12] (SaveSense) S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-12] (SaveSense) R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [493568 2014-02-02] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation) R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-28 14:56 - 2014-05-28 14:59 - 00000000 ____D () C:\FRST 2014-05-28 14:43 - 2014-05-28 14:43 - 00000412 _____ () C:\Documents and Settings\DC5700\Moje dokumenty\spider.sav 2014-05-28 14:38 - 2014-05-28 14:50 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-05-28 14:38 - 2014-05-28 14:38 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-28 14:38 - 2014-05-28 14:38 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-05-28 14:35 - 2014-05-28 14:35 - 00000725 _____ () C:\Documents and Settings\All Users\Pulpit\RegClean Pro.lnk 2014-05-28 14:35 - 2014-05-28 14:35 - 00000274 _____ () C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job 2014-05-28 14:35 - 2014-05-28 14:35 - 00000266 _____ () C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job 2014-05-28 14:35 - 2014-05-28 14:35 - 00000000 ____D () C:\Program Files\RegClean Pro 2014-05-28 14:35 - 2014-05-28 14:35 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\RegClean Pro 2014-05-28 14:32 - 2014-05-28 14:50 - 00000000 ____D () C:\WINDOWS\LastGood 2014-05-28 14:31 - 2014-05-28 14:50 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-05-28 14:26 - 2014-05-28 14:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-28 14:24 - 2014-05-28 14:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-05-28 14:22 - 2014-05-28 14:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_0414c 2014-05-28 14:21 - 2014-05-28 14:30 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-05-28 14:21 - 2014-05-28 14:28 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-05-08 08:27 - 2014-05-08 08:28 - 00005204 _____ () C:\WINDOWS\KB2934207.log 2014-05-08 08:27 - 2014-05-08 08:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-05-02 22:17 - 2014-05-02 22:17 - 00012279 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-05-02 22:17 - 2014-05-02 22:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-05-02 21:55 - 2014-05-28 14:32 - 00005745 _____ () C:\WINDOWS\KB2929961.log 2014-05-02 21:55 - 2014-05-28 14:24 - 00009911 _____ () C:\WINDOWS\KB2922229.log 2014-05-02 21:55 - 2014-02-27 01:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-05-02 21:55 - 2014-02-27 01:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe ==================== One Month Modified Files and Folders ======= 2014-05-28 14:59 - 2014-05-28 14:56 - 00000000 ____D () C:\FRST 2014-05-28 14:59 - 2013-05-22 16:36 - 00000000 ____D () C:\Documents and Settings\DC5700\Moje dokumenty\Pobieranie 2014-05-28 14:58 - 2014-03-16 11:58 - 00000432 _____ () C:\WINDOWS\Tasks\At2.job 2014-05-28 14:58 - 2014-01-12 16:58 - 00000428 _____ () C:\WINDOWS\Tasks\At1.job 2014-05-28 14:56 - 2012-04-05 03:15 - 01714808 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-28 14:50 - 2014-05-28 14:38 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-05-28 14:50 - 2014-05-28 14:32 - 00000000 ____D () C:\WINDOWS\LastGood 2014-05-28 14:50 - 2014-05-28 14:31 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-05-28 14:50 - 2012-04-05 05:07 - 00391407 _____ () C:\WINDOWS\setupapi.log 2014-05-28 14:50 - 2012-04-05 05:07 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-05-28 14:50 - 2012-04-05 03:24 - 00000000 ___RD () C:\Documents and Settings\DC5700\Menu Start\Programy 2014-05-28 14:50 - 2012-04-05 03:24 - 00000000 ___HD () C:\Documents and Settings\DC5700\Ustawienia lokalne\Dane aplikacji 2014-05-28 14:50 - 2012-04-05 03:24 - 00000000 ____D () C:\Documents and Settings\DC5700\Pulpit 2014-05-28 14:49 - 2012-04-05 05:07 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-05-28 14:49 - 2012-04-05 03:24 - 00000000 __RHD () C:\Documents and Settings\DC5700\Dane aplikacji 2014-05-28 14:43 - 2014-05-28 14:43 - 00000412 _____ () C:\Documents and Settings\DC5700\Moje dokumenty\spider.sav 2014-05-28 14:43 - 2012-04-05 03:24 - 00000000 ___RD () C:\Documents and Settings\DC5700\Moje dokumenty 2014-05-28 14:42 - 2012-04-05 03:24 - 00001599 _____ () C:\Documents and Settings\DC5700\Menu Start\Programy\Pomoc zdalna.lnk 2014-05-28 14:42 - 2012-04-05 03:16 - 00001607 _____ () C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2014-05-28 14:42 - 2012-04-05 03:16 - 00001599 _____ () C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk 2014-05-28 14:42 - 2012-04-05 03:16 - 00001507 _____ () C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2014-05-28 14:38 - 2014-05-28 14:38 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-28 14:38 - 2014-05-28 14:38 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-05-28 14:35 - 2014-05-28 14:35 - 00000725 _____ () C:\Documents and Settings\All Users\Pulpit\RegClean Pro.lnk 2014-05-28 14:35 - 2014-05-28 14:35 - 00000274 _____ () C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job 2014-05-28 14:35 - 2014-05-28 14:35 - 00000266 _____ () C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job 2014-05-28 14:35 - 2014-05-28 14:35 - 00000000 ____D () C:\Program Files\RegClean Pro 2014-05-28 14:35 - 2014-05-28 14:35 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\RegClean Pro 2014-05-28 14:35 - 2014-01-30 14:00 - 00001316 _____ () C:\Documents and Settings\DC5700\Pulpit\Wyczyść rejestr za darmo!.lnk 2014-05-28 14:35 - 2013-05-22 16:33 - 00000000 ____D () C:\Documents and Settings\DC5700\Dane aplikacji\Systweak 2014-05-28 14:35 - 2012-04-05 05:07 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-05-28 14:34 - 2012-04-05 05:08 - 00763814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-28 14:34 - 2008-09-06 14:00 - 00355830 _____ () C:\WINDOWS\system32\perfh015.dat 2014-05-28 14:34 - 2008-09-06 14:00 - 00049712 _____ () C:\WINDOWS\system32\perfc015.dat 2014-05-28 14:33 - 2014-01-12 16:59 - 00000000 ____D () C:\Documents and Settings\DC5700\Ustawienia lokalne\Dane aplikacji\fst_pl_30 2014-05-28 14:32 - 2014-05-02 21:55 - 00005745 _____ () C:\WINDOWS\KB2929961.log 2014-05-28 14:30 - 2014-05-28 14:21 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-05-28 14:30 - 2014-01-12 16:59 - 00000916 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-05-28 14:30 - 2014-01-12 16:59 - 00000000 ____D () C:\Documents and Settings\DC5700\Dane aplikacji\newnext.me 2014-05-28 14:30 - 2013-06-01 18:40 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2014-05-28 14:30 - 2013-05-22 16:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-28 14:30 - 2012-04-05 03:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-28 14:30 - 2008-09-06 14:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-28 14:29 - 2012-04-05 03:24 - 00000188 ___SH () C:\Documents and Settings\DC5700\ntuser.ini 2014-05-28 14:29 - 2012-04-05 03:21 - 00032568 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-28 14:28 - 2014-05-28 14:21 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-05-28 14:27 - 2014-05-28 14:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-28 14:24 - 2014-05-28 14:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-05-28 14:24 - 2014-05-02 21:55 - 00009911 _____ () C:\WINDOWS\KB2922229.log 2014-05-28 14:24 - 2012-04-05 05:08 - 01157945 _____ () C:\WINDOWS\iis6.log 2014-05-28 14:24 - 2012-04-05 05:08 - 01044118 _____ () C:\WINDOWS\FaxSetup.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00508424 _____ () C:\WINDOWS\ocgen.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00485110 _____ () C:\WINDOWS\tsoc.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00359969 _____ () C:\WINDOWS\comsetup.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00329640 _____ () C:\WINDOWS\msmqinst.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00216180 _____ () C:\WINDOWS\ntdtcsetup.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00183651 _____ () C:\WINDOWS\netfxocm.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00072462 _____ () C:\WINDOWS\MedCtrOC.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00065347 _____ () C:\WINDOWS\ocmsn.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00054533 _____ () C:\WINDOWS\tabletoc.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00052474 _____ () C:\WINDOWS\msgsocm.log 2014-05-28 14:24 - 2012-04-05 05:08 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-05-28 14:22 - 2014-05-28 14:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_0414c 2014-05-28 14:22 - 2014-01-30 14:00 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-05-08 08:28 - 2014-05-08 08:27 - 00005204 _____ () C:\WINDOWS\KB2934207.log 2014-05-08 08:28 - 2012-04-05 05:08 - 00001355 _____ () C:\WINDOWS\imsins.BAK 2014-05-08 08:27 - 2014-05-08 08:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-05-08 08:25 - 2012-04-05 05:07 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-05-02 22:17 - 2014-05-02 22:17 - 00012279 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-05-02 22:17 - 2014-05-02 22:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-05-02 22:17 - 2014-04-24 18:16 - 00014917 _____ () C:\WINDOWS\KB2930275.log 2014-05-02 22:17 - 2013-06-01 18:36 - 00097875 _____ () C:\WINDOWS\updspapi.log 2014-05-02 22:03 - 2014-01-12 16:59 - 00000920 _____ () C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job Files to move or delete: ==================== C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\UsageTemp.exe C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job Some content of TEMP: ==================== C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\CleanSchedule.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\GPUTemp.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\ICReinstall_nsj3D.tmp.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\Mobogenie_Setup_2-1-35_517.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\nsk4E.tmp.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\OpenCL.dll C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\prefetch.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\Setup1.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\setup_fsu_cid.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\SHSetup.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\Softonic_PL_1-5-4_PL-Production_10_CleanRelease.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\uninst1.exe C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\UNINSTALL.EXE C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp\UsageTemp.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-09-06 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-09-06 14:00] - [2008-09-06 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-09-06 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-09-06 14:00] - [2008-09-06 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================