Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2013 01 Ran by Domownik (administrator) on DOMOWY on 13-12-2013 11:32:38 Running from C:\Documents and Settings\Domownik\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe () C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe (Hewlett-Packard ) C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (WhenU.com) C:\Program Files\VVSN\VVSN.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe () C:\Program Files\HPQ\shared\HpqToaster.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\Setup\avast.setup (Google Inc.) C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-06] (Microsoft Corporation) HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-11-11] (ATI Technologies, Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [729178 2005-06-19] (Synaptics, Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [94208 2005-12-12] (CyberLink Corp.) HKLM\...\Run: [eabconfg.cpl] - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe [409600 2005-12-07] (Hewlett-Packard ) HKLM\...\Run: [RecGuard] - C:\WINDOWS\SMINST\Recguard.exe [1187840 2005-10-11] () HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [507904 2005-12-13] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858456 2013-05-02] (AVAST Software) HKLM\...\Run: [VVSN] - C:\Program Files\VVSN\VVSN.exe [107520 2005-10-25] (WhenU.com) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [36975 2005-11-10] (Sun Microsystems, Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\2b6d9a4c-9d44-446f-9080-d1af6bc2b1c7.exe [180184 2013-11-23] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKCU\...\Run: [Google Update] - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2010-12-25] (Google Inc.) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [706776 2013-03-15] (Adobe Systems Incorporated) MountPoints2: {34069470-dc01-11e1-a6ff-0014a578b3bd} - F:\AutoRun.exe MountPoints2: {3e621a02-1358-11e0-871a-d3508e94ed83} - F:\AutoRun.exe MountPoints2: {73d74892-18cb-11e0-871b-eda75909b092} - F:\AutoRun.exe MountPoints2: {74dba8b0-818d-11e1-a675-0014a578b3bd} - F:\AutoRun.exe MountPoints2: {88d4c466-4285-11e0-8759-aca431f1b947} - F:\AutoRun.exe MountPoints2: {88d4c469-4285-11e0-8759-ba68b25ab570} - F:\AutoRun.exe MountPoints2: {88d4c46b-4285-11e0-8759-001e101f6556} - G:\AutoRun.exe MountPoints2: {f2a64280-fd78-11e0-a55e-001e101f19a3} - F:\AutoRun.exe HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" HKU\MAT\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKU\MAT\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG) HKU\MAT\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\MAT\...\Run: [updateMgr] - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 HKU\MAT\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" HKU\Max Golonko\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\Max Golonko\...\Run: [updateMgr] - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 HKU\Max Golonko\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 HKU\Max Golonko\...\Run: [Google Update] - C:\Documents and Settings\Max Golonko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2009-02-13] (Google Inc.) HKU\Max Golonko\...\Run: [ALLUpdate] - C:\Program Files\ALLPlayer\ALLUpdate.exe [ 2010-11-02] () Lsa: [Notification Packages] scecli scecli Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk ShortcutTarget: HP Photosmart Premier Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) Startup: C:\Documents and Settings\MAT\Start Menu\Programs\Startup\Last.fm Helper.lnk ShortcutTarget: Last.fm Helper.lnk -> C:\Program Files\Last.fm\LastFMHelper.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 SearchScopes: HKCU - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab Handler: mpbook - {1D80410C-BBCF-4D08-AC3A-0BBAF4CE1D75} - C:\Program Files\Interna\InternaHandler.dll () Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Domownik\Application Data\Mozilla\Firefox\Profiles\hj95tk83.default FF Homepage: hxxp://limanowa.in/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR HomePage: hxxp://www.google.com CHR DefaultSearchKeyword: google.pl CHR DefaultSearchProvider: Google CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Google Update) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Blue Floral) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mndpkoimnhcijdanbkehgccnadibcceg\1.0_0 CHR Extension: (Google Wallet) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Domownik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-02] (AVAST Software) R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-05-08] () R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-06] (Microsoft Corporation) R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-10] (Advanced Micro Devices) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-02] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-02] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-02] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-02] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-02] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-02] () R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [424320 2005-11-28] (Broadcom Corporation) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [56648 2005-08-18] (Broadcom Corporation.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 eabfiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [7936 2005-05-05] (Hewlett-Packard Development Company, L.P.) S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5760 2005-05-05] (Hewlett-Packard Development Company, L.P.) R3 HSFHWATI; C:\Windows\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [36736 2011-07-06] (Fengtao Software Inc.) S4 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-12-13 11:32 - 2013-12-13 11:38 - 00018603 _____ C:\Documents and Settings\Domownik\Desktop\FRST.txt 2013-12-13 11:25 - 2013-12-13 11:26 - 00000000 ____D C:\FRST 2013-12-13 11:23 - 2013-12-13 11:17 - 00891200 _____ C:\Documents and Settings\Domownik\Desktop\SecurityCheck.exe 2013-12-13 11:23 - 2013-12-13 11:16 - 00377856 _____ C:\Documents and Settings\Domownik\Desktop\wuycrwd3.exe 2013-12-13 11:23 - 2013-12-13 11:15 - 01060575 _____ (Farbar) C:\Documents and Settings\Domownik\Desktop\FRST.exe 2013-12-13 11:23 - 2013-12-13 11:13 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Domownik\Desktop\OTL.exe 2013-11-14 16:26 - 2013-11-14 16:26 - 00010015 _____ C:\WINDOWS\KB2900986.log 2013-11-14 16:26 - 2013-11-14 16:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 16:26 - 2013-11-14 16:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 16:26 - 2013-11-14 16:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-14 16:25 - 2013-11-14 16:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 16:22 - 2013-11-14 16:25 - 00012292 _____ C:\WINDOWS\KB2888505-IE8.log 2013-11-14 15:24 - 2013-11-14 16:26 - 00016725 _____ C:\WINDOWS\KB2868626.log 2013-11-14 15:24 - 2013-11-14 16:26 - 00015696 _____ C:\WINDOWS\KB2862152.log 2013-11-14 15:23 - 2013-11-14 16:26 - 00015222 _____ C:\WINDOWS\KB2876331.log ==================== One Month Modified Files and Folders ======= 2013-12-13 11:38 - 2013-12-13 11:32 - 00018603 _____ C:\Documents and Settings\Domownik\Desktop\FRST.txt 2013-12-13 11:37 - 2011-04-28 15:52 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3932094685-2476051698-2439078746-1005UA.job 2013-12-13 11:37 - 2011-04-28 15:52 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3932094685-2476051698-2439078746-1005Core.job 2013-12-13 11:37 - 2005-08-17 18:39 - 01073861 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-13 11:26 - 2013-12-13 11:25 - 00000000 ____D C:\FRST 2013-12-13 11:22 - 2005-08-17 18:03 - 00356179 _____ C:\WINDOWS\setupact.log 2013-12-13 11:20 - 2011-07-29 09:51 - 00379387 _____ C:\WINDOWS\setupapi.log 2013-12-13 11:17 - 2013-12-13 11:23 - 00891200 _____ C:\Documents and Settings\Domownik\Desktop\SecurityCheck.exe 2013-12-13 11:16 - 2013-12-13 11:23 - 00377856 _____ C:\Documents and Settings\Domownik\Desktop\wuycrwd3.exe 2013-12-13 11:15 - 2013-12-13 11:23 - 01060575 _____ (Farbar) C:\Documents and Settings\Domownik\Desktop\FRST.exe 2013-12-13 11:13 - 2013-12-13 11:23 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Domownik\Desktop\OTL.exe 2013-12-13 11:07 - 2006-02-17 09:58 - 00002058 ___SH C:\hpqp.ini 2013-12-13 11:00 - 2005-08-17 18:21 - 00522638 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-13 10:58 - 2011-04-22 12:12 - 00000428 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8DEE7B1A-493B-4D3A-BF8D-0523CF4B42CC}.job 2013-12-13 10:57 - 2006-09-16 18:32 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-13 10:56 - 2012-12-22 23:44 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-12-13 10:55 - 2006-02-17 09:58 - 00000040 _____ C:\XP_TV.ini 2013-12-13 10:55 - 2006-02-17 08:50 - 00000000 ____D C:\WINDOWS\Registration 2013-12-13 10:55 - 2005-08-17 18:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-13 10:55 - 2005-08-17 10:49 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-12-13 10:55 - 2005-08-17 10:49 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-12-12 16:03 - 2010-12-26 04:26 - 00000178 ___SH C:\Documents and Settings\Domownik\ntuser.ini 2013-12-12 16:03 - 2005-08-17 18:39 - 00032604 _____ C:\WINDOWS\SchedLgU.Txt 2013-12-10 15:21 - 2005-08-17 18:39 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-06 15:29 - 2010-12-25 19:53 - 00002315 _____ C:\Documents and Settings\Domownik\Desktop\Google Chrome.lnk 2013-11-28 14:48 - 2010-12-26 04:26 - 00000000 ____D C:\Documents and Settings\Domownik 2013-11-14 16:26 - 2013-11-14 16:26 - 00010015 _____ C:\WINDOWS\KB2900986.log 2013-11-14 16:26 - 2013-11-14 16:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 16:26 - 2013-11-14 16:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 16:26 - 2013-11-14 16:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-14 16:26 - 2013-11-14 15:24 - 00016725 _____ C:\WINDOWS\KB2868626.log 2013-11-14 16:26 - 2013-11-14 15:24 - 00015696 _____ C:\WINDOWS\KB2862152.log 2013-11-14 16:26 - 2013-11-14 15:23 - 00015222 _____ C:\WINDOWS\KB2876331.log 2013-11-14 16:26 - 2005-08-17 18:38 - 00896547 _____ C:\WINDOWS\tsoc.log 2013-11-14 16:26 - 2005-08-17 18:38 - 00134944 _____ C:\WINDOWS\iis6.log 2013-11-14 16:26 - 2005-08-17 18:17 - 00223156 _____ C:\WINDOWS\MedCtrOC.log 2013-11-14 16:26 - 2005-08-17 18:11 - 00426253 _____ C:\WINDOWS\updspapi.log 2013-11-14 16:26 - 2005-08-17 18:03 - 00644547 _____ C:\WINDOWS\comsetup.log 2013-11-14 16:26 - 2005-08-17 18:03 - 00388903 _____ C:\WINDOWS\ntdtcsetup.log 2013-11-14 16:26 - 2005-08-17 18:03 - 00107774 _____ C:\WINDOWS\ehOCGen.log 2013-11-14 16:26 - 2005-08-17 18:03 - 00105483 _____ C:\WINDOWS\ocmsn.log 2013-11-14 16:26 - 2005-08-17 18:03 - 00098793 _____ C:\WINDOWS\tabletoc.log 2013-11-14 16:26 - 2005-08-17 18:03 - 00001393 _____ C:\WINDOWS\imsins.log 2013-11-14 16:26 - 2005-08-17 18:03 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-11-14 16:26 - 2005-08-17 17:54 - 01947443 _____ C:\WINDOWS\FaxSetup.log 2013-11-14 16:26 - 2005-08-17 17:54 - 00938409 _____ C:\WINDOWS\ocgen.log 2013-11-14 16:26 - 2005-08-17 17:54 - 00354994 _____ C:\WINDOWS\netfxocm.log 2013-11-14 16:26 - 2005-08-17 17:54 - 00220576 _____ C:\WINDOWS\plusoc.log 2013-11-14 16:26 - 2005-08-17 17:54 - 00097602 _____ C:\WINDOWS\msgsocm.log 2013-11-14 16:26 - 2005-08-17 17:52 - 00603924 _____ C:\WINDOWS\msmqinst.log 2013-11-14 16:25 - 2013-11-14 16:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 16:25 - 2013-11-14 16:22 - 00012292 _____ C:\WINDOWS\KB2888505-IE8.log 2013-11-14 16:25 - 2009-05-29 16:20 - 00000000 ____D C:\WINDOWS\ie8updates 2013-11-14 16:22 - 2013-07-18 17:50 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-11-14 16:19 - 2010-12-26 10:17 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Some content of TEMP: ==================== C:\Documents and Settings\Domownik\Local Settings\Temp\DataCard_Setup.exe C:\Documents and Settings\Domownik\Local Settings\Temp\install_reader10_en_gtbp_chra_aih[1].exe C:\Documents and Settings\Domownik\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Documents and Settings\Domownik\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe C:\Documents and Settings\Domownik\Local Settings\Temp\ResetDevice.exe C:\Documents and Settings\Domownik\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\MAT\Local Settings\Temp\AutoRun.exe C:\Documents and Settings\MAT\Local Settings\Temp\AutoRunGUI.dll C:\Documents and Settings\MAT\Local Settings\Temp\binkw32.dll C:\Documents and Settings\MAT\Local Settings\Temp\CDASilentInstall0501.exe C:\Documents and Settings\MAT\Local Settings\Temp\Core.dll C:\Documents and Settings\MAT\Local Settings\Temp\d2l_Install.exe C:\Documents and Settings\MAT\Local Settings\Temp\d2l_PlayD2.exe C:\Documents and Settings\MAT\Local Settings\Temp\drm_dialogs.dll C:\Documents and Settings\MAT\Local Settings\Temp\drm_dyndata_7300015.dll C:\Documents and Settings\MAT\Local Settings\Temp\drm_dyndata_7320012.dll C:\Documents and Settings\MAT\Local Settings\Temp\drm_dyndata_7330014.dll C:\Documents and Settings\MAT\Local Settings\Temp\EASOUNInstaller.exe C:\Documents and Settings\MAT\Local Settings\Temp\eauninstall.exe C:\Documents and Settings\MAT\Local Settings\Temp\Engine.dll C:\Documents and Settings\MAT\Local Settings\Temp\IFC23.dll C:\Documents and Settings\MAT\Local Settings\Temp\InstHelp.dll C:\Documents and Settings\MAT\Local Settings\Temp\Last.fm-1.4.2.59470.exe C:\Documents and Settings\MAT\Local Settings\Temp\MSVCR70.dll C:\Documents and Settings\MAT\Local Settings\Temp\Need For Speed Underground_uninst.exe C:\Documents and Settings\MAT\Local Settings\Temp\ogg.dll C:\Documents and Settings\MAT\Local Settings\Temp\Setup.exe C:\Documents and Settings\MAT\Local Settings\Temp\setup_wm.exe C:\Documents and Settings\MAT\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\MAT\Local Settings\Temp\vorbis.dll C:\Documents and Settings\MAT\Local Settings\Temp\vorbisfile.dll C:\Documents and Settings\MAT\Local Settings\Temp\WinampPluginSetup_2.1.0.8.exe C:\Documents and Settings\MAT\Local Settings\Temp\Window.dll C:\Documents and Settings\MAT\Local Settings\Temp\WmpPluginSetup_2.1.0.5.exe C:\Documents and Settings\MAT\Local Settings\Temp\_is13.exe C:\Documents and Settings\MAT\Local Settings\Temp\_is14.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\CDASilentInstall0501.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\CmdLineExt02.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\DataCard_Setup.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\drm_dialogs.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\drm_dyndata_7370014.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\gimme.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\install_flash_player.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\Install_Nokia_Ovi_Suite.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\jre-6u13-windows-i586-p-iftw.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\mpsystem_v21.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\mrbupd.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\NEventMessages.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\Porsche.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\ResetDevice.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\SIntf16.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\SIntf32.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\SIntfNT.dll C:\Documents and Settings\Max Golonko\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\Uharc.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\Uninst.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\Unzip.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\Updater.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\war3_Install.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\wmpfirefoxplugin.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\zip.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\_is6A.exe C:\Documents and Settings\Max Golonko\Local Settings\Temp\_is9B.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================