Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014 Ran by Ewa (administrator) on KOMPUTRONIK on 28-04-2014 19:24:24 Running from C:\Users\Ewa\Desktop\pobierane Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (PC Tools ) C:\Program Files (x86)\Registry Mechanic\RMTray.exe (IVONA Software Sp. z o.o.) C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2009-11-25] (PC Tools) HKLM-x32\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKU\.DEFAULT\...\RunOnce: [panda2_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f HKU\.DEFAULT\...\RunOnce: [panda2_0dn_XP] - reg.exe delete "HKCU\Software\panda2_0dn" /f HKU\.DEFAULT\...\RunOnce: [panda4_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f HKU\.DEFAULT\...\RunOnce: [panda4_0dn_XP] - reg.exe delete "HKCU\Software\panda4_0dn" /f HKU\.DEFAULT\...\RunOnce: [panda4_1dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f HKU\.DEFAULT\...\RunOnce: [panda4_1dn_XP] - reg.exe delete "HKCU\Software\panda4_1dn" /f HKU\S-1-5-21-3700859145-951129843-735961314-1000\...\Run: [RegistryMechanic] => C:\Program Files (x86)\Registry Mechanic\RMTray.exe [292824 2009-11-25] (PC Tools ) HKU\S-1-5-21-3700859145-951129843-735961314-1000\...\Run: [IVONA ControlCenter] => C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe [2251128 2013-06-11] (IVONA Software Sp. z o.o.) HKU\S-1-5-21-3700859145-951129843-735961314-1000\...\Run: [IVONA Reader] => C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe [1735024 2013-05-31] (IVONA Software Sp. z o.o.) Startup: C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tlen.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.komputronik.pl/runpage HKCU\Software\Microsoft\Internet Explorer\Main,Strona wyszukiwania = http://www.msn.com/access/allinone.asp HKCU\Software\Microsoft\Internet Explorer\Main,Strona początkowa = http://www.microsoft.com/msoffice/ SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=A6CDD85D4C90965F SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVONA Software Sp. z o.o.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll () BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVONA Software Sp. z o.o.) Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll () Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: HKLM-x32 {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\d51b2sku.default FF user.js: detected! => C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\d51b2sku.default\user.js FF Homepage: hxxp://www.google.com/webhp?complete=0 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\d51b2sku.default\searchplugins\delta.xml FF Extension: Panda Security Toolbar - C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\d51b2sku.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2012-07-27] FF Extension: Transferuj.pl - C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\d51b2sku.default\Extensions\trtransferfill@transferuj.pl.xpi [2014-02-02] FF Extension: LeechBlock - C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\d51b2sku.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013-11-17] FF Extension: Adblock Plus - C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\d51b2sku.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-10] Chrome: ======= CHR HomePage: hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=A6CDD85D4C90965F CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File CHR Extension: (Dokumenty Google) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-25] CHR Extension: (Dysk Google) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-25] CHR Extension: (YouTube) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-25] CHR Extension: (Szukaj w Google) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-25] CHR Extension: (Google Wallet) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13] CHR Extension: (Gmail) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-25] ==================== Services (Whitelisted) ================= R2 MSSQL$RESET2; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.) R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2012-07-18] (PC Tools) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.) ==================== Drivers (Whitelisted) ==================== R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [91368 2013-05-29] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [122088 2013-05-29] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109288 2013-05-29] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114920 2013-05-29] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69864 2013-05-29] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [119016 2013-05-29] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [305896 2013-05-29] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [118504 2013-05-29] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114920 2013-05-29] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [246504 2013-05-29] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106216 2013-05-29] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [169192 2013-10-17] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [122600 2013-10-11] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206056 2013-10-11] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124648 2013-10-11] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [137960 2013-10-11] (Panda Security, S.L.) S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [105704 2013-10-11] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58808 2013-04-29] (Panda Security, S.L.) S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2010-04-27] (MCCI Corporation) S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2010-04-27] (MCCI Corporation) S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2010-04-27] (MCCI Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-28 19:22 - 2014-04-28 19:24 - 00000000 ____D () C:\FRST 2014-04-24 17:01 - 2013-04-29 09:17 - 00058808 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-04-13 21:39 - 2014-04-13 21:39 - 00000000 __SHD () C:\Users\Ewa\AppData\Local\EmieUserList 2014-04-13 21:39 - 2014-04-13 21:39 - 00000000 __SHD () C:\Users\Ewa\AppData\Local\EmieSiteList 2014-04-11 12:24 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-11 12:24 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-11 12:24 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-11 12:24 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-11 12:24 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-11 12:24 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-11 12:24 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-11 12:24 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-11 12:24 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-11 12:24 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-11 12:24 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-11 12:24 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-11 12:24 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-11 12:24 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-11 12:24 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-11 12:24 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-11 12:24 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-11 12:24 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-11 12:24 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-11 12:24 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-11 12:24 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-11 12:24 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-11 12:24 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-11 12:24 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-11 12:24 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-11 12:24 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-11 12:24 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-11 12:24 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-11 12:24 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-11 12:24 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-11 12:24 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-11 12:24 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-11 12:24 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-11 12:24 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-11 12:24 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-11 12:24 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-11 12:24 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-11 12:24 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-11 12:24 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-11 12:24 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-11 12:24 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-11 12:24 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-11 12:24 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-11 12:24 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-11 12:24 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-11 12:24 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-11 12:24 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-11 12:24 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 21:30 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 21:30 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 21:30 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 21:30 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 21:30 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 21:30 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 21:30 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 21:30 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 21:30 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 21:30 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 21:30 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 21:30 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 21:30 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 21:30 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 21:30 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 21:30 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 21:30 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-04-28 19:24 - 2014-04-28 19:22 - 00000000 ____D () C:\FRST 2014-04-28 19:24 - 2011-09-16 11:00 - 00000000 ____D () C:\Users\Ewa\Desktop\pobierane 2014-04-28 19:13 - 2012-12-01 20:37 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-28 18:53 - 2009-07-14 06:45 - 00013776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-28 18:53 - 2009-07-14 06:45 - 00013776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-28 18:30 - 2010-11-30 18:20 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-28 18:24 - 2011-10-10 09:58 - 00000000 ____D () C:\Users\Ewa\Desktop\inne 2014-04-28 18:11 - 2010-11-28 19:20 - 01930844 _____ () C:\Windows\WindowsUpdate.log 2014-04-28 16:54 - 2010-12-19 15:58 - 00415744 _____ () C:\Users\Ewa\Desktop\ZLECENIA.xls 2014-04-28 16:37 - 2012-07-14 10:49 - 01341082 _____ () C:\Windows\setupact.log 2014-04-28 16:36 - 2010-12-03 20:39 - 00000440 _____ () C:\Windows\Tasks\PCConfidential.job 2014-04-28 16:36 - 2010-11-30 18:20 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-28 16:36 - 2010-09-14 13:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-28 16:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-28 14:43 - 2010-12-02 10:38 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{ED009385-F9E1-44C7-8075-C0B606A0DDDE} 2014-04-27 13:02 - 2009-07-14 19:55 - 00791444 _____ () C:\Windows\system32\perfh015.dat 2014-04-27 13:02 - 2009-07-14 19:55 - 00175494 _____ () C:\Windows\system32\perfc015.dat 2014-04-27 13:02 - 2009-07-14 07:13 - 01814152 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-27 13:01 - 2011-11-13 11:26 - 11403264 ___SH () C:\Users\Ewa\Desktop\Thumbs.db 2014-04-26 18:29 - 2012-12-01 20:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-26 18:29 - 2012-12-01 20:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-26 18:29 - 2012-12-01 20:37 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-26 18:29 - 2010-11-30 18:22 - 00000000 ____D () C:\Users\Ewa\AppData\Local\Adobe 2014-04-17 11:01 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-14 15:50 - 2010-11-28 20:40 - 00000000 ____D () C:\Users\Ewa\AppData\Roaming\SoftGrid Client 2014-04-14 14:04 - 2011-03-28 17:00 - 00000000 ____D () C:\Users\Ewa\Desktop\zdjecia 2014-04-13 21:39 - 2014-04-13 21:39 - 00000000 __SHD () C:\Users\Ewa\AppData\Local\EmieUserList 2014-04-13 21:39 - 2014-04-13 21:39 - 00000000 __SHD () C:\Users\Ewa\AppData\Local\EmieSiteList 2014-04-11 13:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-10 18:32 - 2014-03-02 12:03 - 00002196 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-10 13:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-09 21:55 - 2009-07-14 04:34 - 00000499 _____ () C:\Windows\win.ini 2014-04-09 21:54 - 2013-08-15 21:10 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 21:53 - 2010-09-14 13:38 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 15:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-07 08:38 - 2011-04-17 18:11 - 00000000 ___RD () C:\Users\Ewa\Desktop\poczekalnia 2014-04-01 21:00 - 2010-11-28 21:49 - 00120168 _____ () C:\Users\Ewa\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-31 09:35 - 2010-09-14 13:30 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-29 22:10 - 2012-07-22 18:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 22:10 - 2010-12-30 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 17:18 - 2011-03-28 17:01 - 00000000 ____D () C:\Users\Ewa\Desktop\ZADANIA 2014-03-29 12:25 - 2010-11-30 18:20 - 00004038 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-29 12:25 - 2010-11-30 18:20 - 00003786 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 10:26 ==================== End Of Log ============================