Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01 Ran by Właściciel (administrator) on AREK-C193AC5A6B on 10-03-2014 10:17:38 Running from C:\Documents and Settings\Właściciel\Ulubione\Pulpit\frst Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\daemon.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (IGN Entertainment Inc.) C:\Program Files\GameSpy\Comrade\Comrade.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Silicon Motion) C:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16857600 2008-02-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.) HKLM\...\Run: [Sony Ericsson PC Suite] - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [487424 2006-11-24] () HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-1390067357-1202660629-1177238915-1003\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd) HKU\S-1-5-21-1390067357-1202660629-1177238915-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1390067357-1202660629-1177238915-1003\...\Run: [Comrade.exe] - C:\Program Files\GameSpy\Comrade\Comrade.exe [36864 2007-06-08] (IGN Entertainment Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\STIMON.lnk ShortcutTarget: STIMON.lnk -> C:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe (Silicon Motion) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TMMonitor.lnk ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383625876&from=cor&uid=SAMSUNGXHD161HJ_S0V3J9CQ630488 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383625878&from=cor&uid=SAMSUNGXHD161HJ_S0V3J9CQ630488&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383625878&from=cor&uid=SAMSUNGXHD161HJ_S0V3J9CQ630488&q={searchTerms} SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B092001FD004D7AF&affID=119357&tt=250613_gr1&tsp=4927 SearchScopes: HKCU - {41721142-E1B3-4112-85B0-2AF542988E63} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=821CDAD1-6756-4487-BA7D-A9DA0748DE0B&apn_sauid=619F7A3B-9E8D-43B5-ADB8-1048E05E31D3 SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={200A5BC3-E9C3-41F0-9D4D-70420FA62F6E}&mid=e9798024f59847d09494d15696e03e5c-e158fd0ce3601e2df8f84997c6c2b58173f3f795&lang=pl&ds=AVG&pr=fr&d=2012-07-01 16:34:01&v=12.2.5.32&sap=dsp&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default FF user.js: detected! => C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\user.js FF NewTab: hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=B092001FD004D7AF&affID=119357&tt=250613_gr1&tsp=4927 FF SearchEngineOrder.1: Delta Search FF Homepage: hxxp://pl.yahoo.com?fr=fp-comodo FF Keyword.URL: hxxp://pl.search.yahoo.com/search?fr=ytff-comodo&p= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF SearchPlugin: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\searchplugins\askcom.xml FF SearchPlugin: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\searchplugins\babylon.xml FF SearchPlugin: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\searchplugins\conduit.xml FF SearchPlugin: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\searchplugins\delta.xml FF SearchPlugin: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF Extension: Delta Toolbar - C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\Extensions\ffxtlbr@delta.com [2013-06-28] FF Extension: BitComet Video Downloader - C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2010-02-16] FF Extension: uTorrentBar Community Toolbar - C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2013-07-05] FF Extension: PrivDog - C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\8rtqi8uq.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2013-11-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03] CHR Extension: (Dysk Google) - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03] CHR Extension: (YouTube) - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03] CHR Extension: (AdBlock) - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-08] CHR Extension: (Google Wallet) - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (Gmail) - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03] CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ [2014-02-03] CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2013-11-05] CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Właściciel\Dane aplikacji\BabSolution\CR\Delta.crx [2013-06-28] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search\ChromeExt\14.0.2.14\avg.crx [2013-06-28] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-08] (Oracle Corporation) R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.) R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-04-26] (PC Tools) R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.) R2 vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [945328 2013-01-21] () S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X] S2 WsysSvc; C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe [X] ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [278984 2009-01-10] () S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [31576 2013-01-21] () S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2008-12-03] (Windows (R) 2000 DDK provider) R3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.) S3 k510bus; C:\WINDOWS\System32\DRIVERS\k510bus.sys [58288 2006-02-17] (MCCI) S3 k510mdfl; C:\WINDOWS\System32\DRIVERS\k510mdfl.sys [8336 2006-02-17] (MCCI) S3 k510mdm; C:\WINDOWS\System32\DRIVERS\k510mdm.sys [94064 2006-02-17] (MCCI) S3 k510mgmt; C:\WINDOWS\System32\DRIVERS\k510mgmt.sys [85408 2006-02-17] (MCCI) S3 k510obex; C:\WINDOWS\System32\DRIVERS\k510obex.sys [83344 2006-02-17] (MCCI) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [18048 2008-12-20] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation) R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.) R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [39520 2013-03-26] (Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.) R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52328 2013-05-29] (Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.) R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.) R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103528 2013-10-11] (Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [179944 2013-10-11] (Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [115048 2013-10-11] (Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [128232 2013-10-11] (Panda Security, S.L.) S3 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [97896 2013-10-11] (Panda Security, S.L.) R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) S3 SE27bus; C:\WINDOWS\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI) S3 SE27mdfl; C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys [9360 2006-09-18] (MCCI) S3 SE27mdm; C:\WINDOWS\System32\DRIVERS\SE27mdm.sys [97184 2006-09-18] (MCCI) S3 SE27mgmt; C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys [88688 2006-09-18] (MCCI) S3 se27nd5; C:\WINDOWS\System32\DRIVERS\se27nd5.sys [18704 2006-09-18] (MCCI) S3 SE27obex; C:\WINDOWS\System32\DRIVERS\SE27obex.sys [86560 2006-09-18] (MCCI) S3 se27unic; C:\WINDOWS\System32\DRIVERS\se27unic.sys [90800 2006-09-18] (MCCI) S3 se46bus; C:\WINDOWS\System32\DRIVERS\se46bus.sys [61536 2006-11-30] (MCCI) S3 se46mdfl; C:\WINDOWS\System32\DRIVERS\se46mdfl.sys [9360 2006-11-30] (MCCI) S3 se46mdm; C:\WINDOWS\System32\DRIVERS\se46mdm.sys [97088 2006-11-30] (MCCI) S3 se46mgmt; C:\WINDOWS\System32\DRIVERS\se46mgmt.sys [88624 2006-11-30] (MCCI) S3 se46nd5; C:\WINDOWS\System32\DRIVERS\se46nd5.sys [18704 2006-11-30] (MCCI) S3 se46obex; C:\WINDOWS\System32\DRIVERS\se46obex.sys [86432 2006-11-30] (MCCI) S3 se46unic; C:\WINDOWS\System32\DRIVERS\se46unic.sys [90800 2006-11-30] (MCCI) R0 sfsync04; C:\WINDOWS\System32\drivers\sfsync04.sys [49664 2005-12-12] (Protection Technology) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-12-07] () S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-14] (Microsoft Corporation) U3 aslbtgy4; C:\WINDOWS\system32\Drivers\aslbtgy4.sys [0 ] (Microsoft Corporation) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-10 10:15 - 2014-03-10 10:17 - 00000000 ____D () C:\FRST 2014-03-08 11:15 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys 2014-03-08 11:14 - 2014-03-09 09:23 - 00131072 _____ () C:\WINDOWS\system32\config\Nano.evt 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Program Files\Panda Security 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Documents and Settings\Właściciel\Dane aplikacji\Panda Security 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Panda Cloud Antivirus 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Panda Security 2014-03-08 11:00 - 2014-03-08 11:00 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-03-08 11:00 - 2014-03-08 11:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-03-08 11:00 - 2014-03-08 10:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-03-08 11:00 - 2014-03-08 10:59 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-03-08 11:00 - 2014-03-08 10:59 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-03-08 11:00 - 2014-03-08 10:59 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-02-14 15:44 - 2014-02-14 15:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-14 15:36 - 2014-02-14 15:37 - 00011773 _____ () C:\WINDOWS\KB2909921-IE8.log 2014-02-14 15:36 - 2014-02-14 15:36 - 00004761 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-02-14 09:43 - 2014-02-14 15:44 - 00013599 _____ () C:\WINDOWS\KB2916036.log ==================== One Month Modified Files and Folders ======= 2014-03-10 10:17 - 2014-03-10 10:15 - 00000000 ____D () C:\FRST 2014-03-10 10:15 - 2013-02-26 07:04 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-10 10:13 - 2008-12-03 19:16 - 01861953 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-10 10:12 - 2008-12-03 20:11 - 00000259 _____ () C:\WINDOWS\wiadebug.log 2014-03-10 10:12 - 2008-12-03 20:11 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-03-10 10:12 - 2008-12-03 19:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-10 10:12 - 2008-04-15 13:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-09 09:23 - 2014-03-08 11:14 - 00131072 _____ () C:\WINDOWS\system32\config\Nano.evt 2014-03-09 09:23 - 2008-12-03 19:19 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-09 09:23 - 2008-12-03 19:19 - 00000188 ___SH () C:\Documents and Settings\Właściciel\ntuser.ini 2014-03-09 09:18 - 2008-12-03 20:08 - 00165912 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-08 11:26 - 2010-07-15 20:51 - 00825921 _____ () C:\WINDOWS\setupapi.log 2014-03-08 11:17 - 2008-12-03 19:19 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Program Files\Panda Security 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Documents and Settings\Właściciel\Dane aplikacji\Panda Security 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Panda Cloud Antivirus 2014-03-08 11:14 - 2014-03-08 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Panda Security 2014-03-08 11:14 - 2008-12-03 20:09 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-03-08 11:14 - 2008-12-03 20:09 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-03-08 11:14 - 2008-12-03 19:29 - 00031392 _____ () C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-03-08 11:14 - 2008-12-03 19:19 - 00000000 __RHD () C:\Documents and Settings\Właściciel\Dane aplikacji 2014-03-08 11:00 - 2014-03-08 11:00 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-03-08 11:00 - 2014-03-08 11:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-03-08 10:59 - 2014-03-08 11:00 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-03-08 10:59 - 2014-03-08 11:00 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-03-08 10:59 - 2014-03-08 11:00 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-03-08 10:59 - 2014-03-08 11:00 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-03-08 10:59 - 2010-02-08 11:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-03-08 10:59 - 2010-02-08 11:30 - 00000000 ____D () C:\Program Files\Java 2014-03-08 10:50 - 2012-06-14 04:16 - 00000000 ____D () C:\Program Files\PC Tools Registry Mechanic 2014-03-07 18:34 - 2008-12-03 20:10 - 00000091 _____ () C:\Documents and Settings\Właściciel\default.pls 2014-03-07 18:34 - 2008-12-03 20:09 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2014-03-07 18:34 - 2008-12-03 19:19 - 00000000 ____D () C:\Documents and Settings\Właściciel 2014-03-07 10:03 - 2008-12-03 20:09 - 01117350 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-07 10:03 - 2008-04-15 13:00 - 00500480 _____ () C:\WINDOWS\system32\perfh015.dat 2014-03-07 10:03 - 2008-04-15 13:00 - 00089662 _____ () C:\WINDOWS\system32\perfc015.dat 2014-03-04 19:10 - 2008-12-03 19:19 - 00000000 __SHD () C:\Documents and Settings\Właściciel\Ustawienia lokalne\Historia 2014-03-04 19:01 - 2012-06-14 18:00 - 00006432 _____ () C:\WINDOWS\system32\AppLog.log 2014-03-03 18:00 - 2008-12-03 19:14 - 00099788 ____C () C:\WINDOWS\wmsetup.log 2014-02-22 15:53 - 2010-06-07 11:52 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-02-21 11:27 - 2013-06-28 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Drive 2014-02-21 11:17 - 2013-02-26 07:04 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-02-21 11:17 - 2013-02-26 07:04 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-02-15 09:29 - 2008-12-03 19:23 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-02-14 15:44 - 2014-02-14 15:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-14 15:44 - 2014-02-14 09:43 - 00013599 _____ () C:\WINDOWS\KB2916036.log 2014-02-14 15:44 - 2008-12-29 21:05 - 00232231 _____ () C:\WINDOWS\updspapi.log 2014-02-14 15:44 - 2008-12-03 20:09 - 02033226 _____ () C:\WINDOWS\FaxSetup.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00995382 _____ () C:\WINDOWS\ocgen.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00787679 _____ () C:\WINDOWS\tsoc.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00682201 _____ () C:\WINDOWS\comsetup.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00413586 _____ () C:\WINDOWS\ntdtcsetup.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00321500 _____ () C:\WINDOWS\iis6.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00127386 _____ () C:\WINDOWS\ocmsn.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00102513 _____ () C:\WINDOWS\msgsocm.log 2014-02-14 15:44 - 2008-12-03 20:09 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-02-14 15:40 - 2013-08-27 07:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-02-14 15:37 - 2014-02-14 15:36 - 00011773 _____ () C:\WINDOWS\KB2909921-IE8.log 2014-02-14 15:37 - 2010-02-08 16:42 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-02-14 15:37 - 2008-12-29 21:57 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-02-14 15:37 - 2008-12-03 20:09 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-02-14 15:36 - 2014-02-14 15:36 - 00004761 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-02-14 12:07 - 2010-12-08 05:36 - 00000000 ____D () C:\Documents and Settings\Właściciel\Moje dokumenty\Moje obrazy Some content of TEMP: ==================== C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\0fg0oe8e.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\APNStub.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\DevSetup32.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\DevSetup64.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\djvk3t_f.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\DriverInstall32.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\DriverInstall64.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\drm_dialogs.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\drm_dyndata_7400009.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\ed7arnen.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\fffvvtwt.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\GoogleUpdateSetup_latest.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\jre-7u11-windows-i586-iftw.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\jre-7u15-windows-i586-iftw.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\KillProcess.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\kxsq3wxa.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\pnzvezoe.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\q2xxkank.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\RDtemp.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\setup.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\UNINSTALL.EXE C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\w2b7sz_5.dll C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\_is38.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\_isA0.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\_isC6.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================