Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014 Ran by Milena (administrator) on MILENA-0F99D829 on 07-01-2014 12:07:33 Running from C:\Documents and Settings\Milena\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe (S3 Graphics Co., Ltd.) C:\WINDOWS\system32\VTTrayp.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Alcor Micro, Corp.) C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Spotify Ltd) C:\Documents and Settings\Milena\Application Data\Spotify\Data\SpotifyWebHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VTTimer] - C:\WINDOWS\system32\VTTimer.exe [53248 2005-03-08] (S3 Graphics, Inc.) HKLM\...\Run: [VTTrayp] - C:\WINDOWS\system32\VTTrayp.exe [163840 2005-11-01] (S3 Graphics Co., Ltd.) HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\WINDOWS\system32\HdAShCut.exe [61952 2005-01-08] (Windows (R) Server 2003 DDK provider) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136 2012-10-30] (AVAST Software) HKLM\...\Run: [Sunkist2k] - C:\Program Files\Multimedia Card Reader\shwicon2k.exe [131072 2005-02-25] (Alcor Micro, Corp.) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-02-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269 2012-12-06] (RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [ALLUpdate] - C:\Program Files\ALLPlayer\ALLUpdate.exe [2991616 2012-10-08] (ALLCinema) HKCU\...\Run: [FlashGet 3] - C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe [3372720 2012-11-08] (Trend Media Corporation Limited) HKCU\...\Run: [Spotify Web Helper] - C:\Documents and Settings\Milena\Application Data\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-09] (Spotify Ltd) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.) Startup: C:\Documents and Settings\Milena\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Milena\Application Data\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Milena\Application Data\Mozilla\Firefox\Profiles\9l18e9pq.default-1377617970546 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2105 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.2163 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1212 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [856064 2005-10-06] (Microsoft Corporation) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-10-30] (AVAST Software) R3 AEAudioService; C:\Windows\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software) R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-10-30] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-10-30] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-06] (DT Soft Ltd) R3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43008 2006-08-24] (VIA Technologies, Inc. ) S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [145920 2005-01-08] (Windows (R) Server 2003 DDK provider) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP) R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-08-24] (JMicron ) R0 jraid; C:\Windows\System32\DRIVERS\jraid.sys [42880 2006-08-24] (JMicron Technology Corp.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2006-08-24] () R1 nvport; C:\WINDOWS\system32\Drivers\nvport.sys [4608 2005-08-23] (NVIDIA Corporation.) R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2005-06-14] (Padus, Inc.) R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [393088 2005-08-11] (Sensaura) R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [38468 2004-12-08] (Alcor Micro Corp.) R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2006-08-24] (VIA Technologies, Inc.) R3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [244352 2006-02-08] (Copyright (C) VIA/S3 Graphics Co, Ltd.) S0 viamraid; C:\Windows\System32\Drivers\viamraid.sys [100992 2006-08-24] (VIA Technologies inc,.ltd) R0 videx32; C:\Windows\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc) S3 catchme; \??\C:\Temp\catchme.sys [x] S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-01-07 12:07 - 2014-01-07 12:07 - 00013028 _____ C:\Documents and Settings\Milena\Desktop\FRST.txt 2014-01-07 12:07 - 2014-01-07 12:07 - 00000000 ____D C:\FRST 2014-01-07 12:06 - 2014-01-07 12:07 - 01064805 _____ (Farbar) C:\Documents and Settings\Milena\Desktop\FRST.exe 2014-01-07 11:40 - 2014-01-07 11:50 - 00002267 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk 2014-01-07 11:40 - 2014-01-07 11:40 - 00000000 ____D C:\Program Files\Common Files\Skype 2014-01-07 11:40 - 2014-01-07 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Malwarebytes 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-01-07 11:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-01-07 11:16 - 2014-01-07 11:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Milena\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-07 11:13 - 2014-01-07 11:13 - 00008780 _____ C:\ComboFix.txt 2014-01-07 11:04 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2014-01-07 11:04 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2014-01-07 11:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-01-07 11:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-01-07 11:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-01-07 11:04 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-01-07 11:04 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe 2014-01-07 11:04 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe 2014-01-07 11:04 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe 2014-01-07 11:03 - 2014-01-07 11:13 - 00000000 ____D C:\Qoobox 2014-01-07 11:03 - 2014-01-07 11:12 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-07 10:29 - 2014-01-07 10:30 - 01551008 _____ (Skype Technologies S.A.) C:\Documents and Settings\Milena\Desktop\SkypeSetup.exe 2014-01-02 14:54 - 2014-01-02 10:42 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\Gif-animator 2013-12-31 01:58 - 2013-12-31 01:58 - 00065184 _____ C:\Documents and Settings\Milena\20131231015844.torrent.filelist 2013-12-31 01:58 - 2013-08-25 11:17 - 00037868 _____ C:\Documents and Settings\Milena\20131231015844.torrent 2013-12-30 13:41 - 2013-12-30 13:41 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\bohemia 2013-12-27 10:54 - 2013-12-27 10:54 - 00000000 ____D C:\WINDOWS\system32\LogFiles 2013-12-22 14:02 - 2013-12-22 14:02 - 00001524 _____ C:\Documents and Settings\Milena\Desktop\Lokalizacja_obiektu.kml 2013-12-16 10:31 - 2013-12-16 10:31 - 00061819 _____ C:\Documents and Settings\Milena\Desktop\Rush.2013.Webrip.x264.AC3.TiTAN.torrent 2013-12-15 12:58 - 2013-12-15 14:01 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\par 2013-12-08 17:42 - 2013-12-08 17:42 - 00000586 _____ C:\Documents and Settings\Milena\Desktop\polo.txt 2013-12-08 14:20 - 2013-12-08 14:20 - 00119600 _____ C:\Documents and Settings\Milena\Desktop\logusie.rar 2013-12-08 14:07 - 2013-12-08 15:34 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\logusie ==================== One Month Modified Files and Folders ======= 2014-01-07 12:07 - 2014-01-07 12:07 - 00013028 _____ C:\Documents and Settings\Milena\Desktop\FRST.txt 2014-01-07 12:07 - 2014-01-07 12:07 - 00000000 ____D C:\FRST 2014-01-07 12:07 - 2014-01-07 12:06 - 01064805 _____ (Farbar) C:\Documents and Settings\Milena\Desktop\FRST.exe 2014-01-07 12:07 - 2013-08-28 21:31 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-07 11:55 - 2013-08-13 16:50 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Skype 2014-01-07 11:50 - 2014-01-07 11:40 - 00002267 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk 2014-01-07 11:45 - 2013-02-06 03:12 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-07 11:40 - 2014-01-07 11:40 - 00000000 ____D C:\Program Files\Common Files\Skype 2014-01-07 11:40 - 2014-01-07 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype 2014-01-07 11:40 - 2013-06-04 09:02 - 00000000 ___RD C:\Program Files\Skype 2014-01-07 11:40 - 2012-12-06 19:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2014-01-07 11:39 - 2012-12-06 20:01 - 01571788 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-07 11:39 - 2012-12-06 19:59 - 00000000 ____D C:\WINDOWS\Registration 2014-01-07 11:39 - 2012-12-06 14:53 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-07 11:38 - 2013-03-09 15:47 - 00001656 _____ C:\WINDOWS\system32\secustat.dat 2014-01-07 11:38 - 2013-03-09 15:40 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\BITS 2014-01-07 11:38 - 2013-02-06 03:12 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-07 11:38 - 2012-12-06 20:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-07 11:38 - 2012-12-06 11:54 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-07 11:38 - 2012-12-06 11:54 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-07 11:38 - 2012-12-06 11:37 - 00000000 _____ C:\WINDOWS\MEMORY.DMP 2014-01-07 11:32 - 2012-12-06 21:04 - 00000000 __SHD C:\Documents and Settings\NetworkService 2014-01-07 11:32 - 2012-12-06 20:51 - 00032476 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-07 11:32 - 2012-12-06 18:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$ 2014-01-07 11:31 - 2012-12-06 21:06 - 00000178 ___SH C:\Documents and Settings\Milena\ntuser.ini 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Malwarebytes 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-01-07 11:17 - 2014-01-07 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-01-07 11:17 - 2014-01-07 11:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Milena\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-07 11:13 - 2014-01-07 11:13 - 00008780 _____ C:\ComboFix.txt 2014-01-07 11:13 - 2014-01-07 11:03 - 00000000 ____D C:\Qoobox 2014-01-07 11:12 - 2014-01-07 11:03 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-07 11:12 - 2006-08-24 13:00 - 00000227 _____ C:\WINDOWS\system.ini 2014-01-07 10:30 - 2014-01-07 10:29 - 01551008 _____ (Skype Technologies S.A.) C:\Documents and Settings\Milena\Desktop\SkypeSetup.exe 2014-01-07 10:26 - 2012-12-06 19:20 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\AIMP3 2014-01-07 10:26 - 2012-12-06 16:14 - 00000000 __SHD C:\Documents and Settings\Milena\UserData 2014-01-02 10:42 - 2014-01-02 14:54 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\Gif-animator 2013-12-31 01:58 - 2013-12-31 01:58 - 00065184 _____ C:\Documents and Settings\Milena\20131231015844.torrent.filelist 2013-12-31 01:58 - 2012-12-06 21:06 - 00000000 ____D C:\Documents and Settings\Milena 2013-12-30 13:41 - 2013-12-30 13:41 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\bohemia 2013-12-30 13:35 - 2013-09-11 12:16 - 02473984 _____ C:\Documents and Settings\Milena\Desktop\logo.indd 2013-12-27 10:54 - 2013-12-27 10:54 - 00000000 ____D C:\WINDOWS\system32\LogFiles 2013-12-22 14:02 - 2013-12-22 14:02 - 00001524 _____ C:\Documents and Settings\Milena\Desktop\Lokalizacja_obiektu.kml 2013-12-20 03:44 - 2012-12-06 20:35 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2013-12-19 12:27 - 2013-10-10 07:45 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Spotify 2013-12-16 18:03 - 2012-12-06 14:56 - 00000000 ____D C:\Program Files\Opera 2013-12-16 10:31 - 2013-12-16 10:31 - 00061819 _____ C:\Documents and Settings\Milena\Desktop\Rush.2013.Webrip.x264.AC3.TiTAN.torrent 2013-12-15 14:01 - 2013-12-15 12:58 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\par 2013-12-15 12:57 - 2012-12-06 21:29 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Image Zone Express 2013-12-12 12:43 - 2013-08-22 13:28 - 00001083 _____ C:\Documents and Settings\Milena\Desktop\lek.txt 2013-12-08 17:42 - 2013-12-08 17:42 - 00000586 _____ C:\Documents and Settings\Milena\Desktop\polo.txt 2013-12-08 17:09 - 2013-04-08 15:09 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\konki 2013-12-08 17:08 - 2013-12-04 15:58 - 00000695 _____ C:\Documents and Settings\Milena\Desktop\psz.ini 2013-12-08 17:08 - 2013-12-04 15:58 - 00000000 _____ C:\Documents and Settings\Milena\Desktop\History.dat 2013-12-08 15:34 - 2013-12-08 14:07 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\logusie 2013-12-08 14:20 - 2013-12-08 14:20 - 00119600 _____ C:\Documents and Settings\Milena\Desktop\logusie.rar 2013-12-08 09:28 - 2012-12-06 11:49 - 00395160 _____ C:\WINDOWS\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================