Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by Administrator (administrator) on PIS on 01-06-2014 17:40:34
Running from C:\Documents and Settings\All Users\Dokumenty\Nowy folder
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(CANON INC.) C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CnwiDeviceAgent] => C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe [65536 2005-08-11] (CANON INC.)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GARO Status Monitor.lnk
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WIDEsystem.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=nav&pvid=20.4.0.40
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6qjs2xp1.default
FF Homepage: https://www.google.pl/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-14]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

========================== Services (Whitelisted) =================

R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [10936 2011-12-26] ()
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
S3 ENUM1394; C:\WINDOWS\System32\DRIVERS\enum1394.sys [6400 2001-08-17] (Microsoft Corporation)
R3 IDSxpx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140530.001\IDSxpx86.sys [383120 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140531.004\NAVENG.SYS [93272 2014-05-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140531.004\NAVEX15.SYS [1612376 2014-05-27] (Symantec Corporation)
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [88960 2005-01-20] (NVIDIA Corporation)
R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [94276 2004-09-01] (NVIDIA Corporation)
S3 PSMounter; C:\WINDOWS\system32\drivers\psmounter.sys [45208 2011-07-01] (Macrium Software)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation)
S3 scsiscan; C:\WINDOWS\System32\DRIVERS\scsiscan.sys [11520 2008-04-14] (Microsoft Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-11-14] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1503000.00C\SYMTDI.SYS [423256 2014-02-18] (Symantec Corporation)
S4 IntelIde; No ImagePath
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 16:58 - 2014-06-01 17:01 - 00000000 ____D () C:\AdwCleaner
2014-05-31 15:41 - 2014-06-01 17:40 - 00000000 ____D () C:\FRST
2014-05-15 14:59 - 2014-05-15 14:59 - 00000000 ____D () C:\Program Files\ffdshow
2014-05-15 14:59 - 2014-05-15 14:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow
2014-05-15 14:59 - 2014-02-09 20:36 - 00112640 _____ () C:\WINDOWS\system32\ff_vfw.dll
2014-05-15 14:59 - 2014-02-09 20:35 - 00047616 _____ () C:\WINDOWS\system32\ff_acm.acm
2014-05-15 14:59 - 2013-04-16 17:32 - 00000714 _____ () C:\WINDOWS\system32\ff_vfw.dll.manifest
2014-05-15 14:58 - 2014-05-15 14:58 - 04760957 _____ (ffdshow ) C:\Documents and Settings\Administrator\Moje dokumenty\ffdshow_rev4530_20140209_clsid.exe
2014-05-14 16:55 - 2014-05-14 16:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-11 14:54 - 2014-05-11 14:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 15:25 - 2014-05-08 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GARO Status Monitor
2014-05-08 15:25 - 2005-01-27 17:06 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\cnwiocNT.dll
2014-05-08 15:25 - 2005-01-27 17:05 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\cnwioc95.dll
2014-05-08 15:25 - 2005-01-27 17:04 - 00045056 _____ (CANON INC.) C:\WINDOWS\system32\cnwiopnt.exe
2014-05-08 15:25 - 2005-01-27 17:04 - 00045056 _____ (CANON INC.) C:\WINDOWS\system32\cnwiop95.exe
2014-05-08 15:25 - 2004-11-10 11:36 - 00069632 _____ (CANON INC.) C:\WINDOWS\system32\cnwiopp.dll
2014-05-08 15:25 - 2004-11-10 11:36 - 00045056 _____ (CANON INC.) C:\WINDOWS\system32\cnwioppt.exe
2014-05-08 15:25 - 2004-11-10 11:35 - 00102400 _____ (CANON INC.) C:\WINDOWS\system32\cnwiolt.dll
2014-05-08 15:22 - 2014-05-08 15:22 - 00000181 _____ () C:\WINDOWS\setupgaro.log
2014-05-08 15:22 - 2014-05-08 15:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Canon
2014-05-08 15:21 - 2005-11-11 01:26 - 00061551 _____ (CANON INC.) C:\WINDOWS\system32\CNWILMNT.DLL
2014-05-08 15:17 - 2014-05-08 15:25 - 00000000 ____D () C:\Program Files\Canon
2014-05-05 16:35 - 2014-05-05 16:35 - 00005483 _____ () C:\WINDOWS\KB2964358-IE8.log

==================== One Month Modified Files and Folders =======

2014-06-01 17:40 - 2014-05-31 15:41 - 00000000 ____D () C:\FRST
2014-06-01 17:40 - 2013-06-17 16:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp
2014-06-01 17:37 - 2013-06-07 17:25 - 00000000 ____D () C:\WYDRUKI
2014-06-01 17:31 - 2014-03-28 11:44 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
2014-06-01 17:31 - 2013-05-13 09:00 - 01220742 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-01 17:31 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-01 17:30 - 2013-05-13 09:08 - 00000188 ___SH () C:\Documents and Settings\PC\ntuser.ini
2014-06-01 17:22 - 2013-05-13 19:47 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-01 17:22 - 2013-05-13 09:08 - 00000000 ___RD () C:\Documents and Settings\PC\Moje dokumenty\Moje obrazy
2014-06-01 17:22 - 2013-05-13 09:08 - 00000000 ____D () C:\Documents and Settings\PC\Pulpit
2014-06-01 17:12 - 2013-05-13 11:55 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-01 17:12 - 2013-05-13 11:55 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-06-01 17:11 - 2013-06-17 16:19 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-01 17:11 - 2013-05-13 09:06 - 00032632 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-01 17:11 - 2013-05-13 09:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-01 17:10 - 2013-05-13 09:08 - 00000000 ____D () C:\Documents and Settings\PC\Ustawienia lokalne\Temp
2014-06-01 17:01 - 2014-06-01 16:58 - 00000000 ____D () C:\AdwCleaner
2014-06-01 17:01 - 2013-06-17 16:19 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2014-06-01 17:01 - 2013-06-17 16:19 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-01 17:01 - 2013-05-13 09:08 - 00000000 __RHD () C:\Documents and Settings\PC\Dane aplikacji
2014-06-01 17:01 - 2013-05-13 09:08 - 00000000 ___HD () C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji
2014-06-01 17:01 - 2013-05-13 09:08 - 00000000 ____D () C:\Documents and Settings\PC
2014-06-01 16:54 - 2013-06-07 17:29 - 00000410 _____ () C:\Documents and Settings\PC\Pulpit\Skrót do WYDRUKI.lnk
2014-06-01 15:51 - 2013-05-13 11:50 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-06-01 15:47 - 2013-05-13 11:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-05-31 17:03 - 2013-09-03 13:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
2014-05-31 16:24 - 2013-11-06 18:19 - 00734859 _____ () C:\WINDOWS\setupapi.log
2014-05-30 12:59 - 2013-05-13 15:50 - 00000000 ____D () C:\Documents and Settings\PC\Moje dokumenty\Pobieranie
2014-05-29 16:46 - 2013-09-09 18:19 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-05-29 16:39 - 2013-10-29 10:26 - 00002499 _____ () C:\Documents and Settings\PC\Pulpit\Microsoft Word 2010.lnk
2014-05-27 15:32 - 2013-09-30 09:46 - 00000000 ____D () C:\ATI
2014-05-26 16:54 - 2013-05-13 11:55 - 00511377 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-22 08:57 - 2013-11-14 14:02 - 00001973 _____ () C:\Documents and Settings\All Users\Pulpit\Norton Internet Security.LNK
2014-05-22 08:57 - 2013-11-14 14:01 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NIS
2014-05-22 08:57 - 2013-11-14 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Norton Internet Security
2014-05-22 08:57 - 2013-05-13 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-05-21 17:16 - 2013-05-13 17:04 - 00000260 _____ () C:\WINDOWS\Tasks\DriverDoc_UPDATES.job
2014-05-15 17:01 - 2013-11-25 17:06 - 00415312 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2014-05-15 17:01 - 2013-05-13 09:06 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji
2014-05-15 14:59 - 2014-05-15 14:59 - 00000000 ____D () C:\Program Files\ffdshow
2014-05-15 14:59 - 2014-05-15 14:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow
2014-05-15 14:59 - 2013-05-13 11:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-05-15 14:58 - 2014-05-15 14:58 - 04760957 _____ (ffdshow ) C:\Documents and Settings\Administrator\Moje dokumenty\ffdshow_rev4530_20140209_clsid.exe
2014-05-15 14:58 - 2013-06-17 16:19 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty
2014-05-15 14:55 - 2013-05-16 22:18 - 00012288 _____ () C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-15 14:44 - 2014-02-24 15:44 - 04760957 _____ (ffdshow ) C:\Documents and Settings\PC\Moje dokumenty\ffdshow_rev4530_20140209_clsid.exe
2014-05-15 14:44 - 2013-05-13 09:08 - 00000000 ___RD () C:\Documents and Settings\PC\Moje dokumenty
2014-05-15 09:22 - 2013-05-13 19:47 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-15 09:22 - 2013-05-13 19:47 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-14 16:59 - 2013-09-09 17:44 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2014-05-14 16:55 - 2014-05-14 16:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 16:54 - 2013-09-03 14:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 16:50 - 2013-05-13 18:57 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-11 14:54 - 2014-05-11 14:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 15:25 - 2014-05-08 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GARO Status Monitor
2014-05-08 15:25 - 2014-05-08 15:17 - 00000000 ____D () C:\Program Files\Canon
2014-05-08 15:25 - 2013-05-13 18:29 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-08 15:25 - 2013-05-13 11:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
2014-05-08 15:22 - 2014-05-08 15:22 - 00000181 _____ () C:\WINDOWS\setupgaro.log
2014-05-08 15:22 - 2014-05-08 15:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Canon
2014-05-08 15:00 - 2014-03-28 11:44 - 00000210 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
2014-05-05 16:35 - 2014-05-05 16:35 - 00005483 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-05 16:35 - 2013-05-13 18:36 - 00095541 _____ () C:\WINDOWS\updspapi.log
2014-05-05 16:35 - 2013-05-13 11:53 - 01221197 _____ () C:\WINDOWS\iis6.log
2014-05-05 16:35 - 2013-05-13 11:53 - 01094118 _____ () C:\WINDOWS\FaxSetup.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00534932 _____ () C:\WINDOWS\ocgen.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00507660 _____ () C:\WINDOWS\tsoc.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00374578 _____ () C:\WINDOWS\comsetup.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00348604 _____ () C:\WINDOWS\msmqinst.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00225799 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00192824 _____ () C:\WINDOWS\netfxocm.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00076167 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00068518 _____ () C:\WINDOWS\ocmsn.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00057127 _____ () C:\WINDOWS\tabletoc.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00055116 _____ () C:\WINDOWS\msgsocm.log
2014-05-05 16:35 - 2013-05-13 11:53 - 00001355 _____ () C:\WINDOWS\imsins.log

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2008-04-15 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f 

C:\WINDOWS\system32\User32.dll
[2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2008-04-15 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================