Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2013 Ran by User (administrator) on 25-05-2013 12:24:57 Running from C:\Temp\Temporary Internet Files\Content.IE5\A6HD94A3 Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Creative Technology Ltd) C:\windows\system32\CTHELPER.EXE (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe () C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe () C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\WINDOWS\system32\UTSCSI.EXE (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Farbar) C:\Temp\Temporary Internet Files\Content.IE5\A6HD94A3\FRST[1].exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2567272 2011-07-19] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1637496 2011-08-04] (CANON INC.) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [110184 2009-11-20] (NVIDIA Corporation) HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [CTHelper] CTHELPER.EXE [x] HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION HKLM\...\Winlogon: [System] HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-16] (Google Inc.) HKCU\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-05-19] (Google Inc.) HKU\Default User\...\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' [x] HKU\Default User\...\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe [ 2006-08-24] (Microsoft Corporation) HKU\Default User\...\RunOnce: [Second run install] C:\INSTALL\2ndrun.bat [x] Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=D055001A703BD279 BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKCU -Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) PDF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=pl PDF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://mail.sebn.pl:8644/dwa85W.cab PDF: {76B8A0E5-2705-46E2-8793-7BF7B2E3BDA2} https://epuap.gov.pl/epuap-styles/others/signing_plugin_25/EpuapSign.cab PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab PDF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\h32oumzw.default FF Homepage: hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=D055001A703BD279 FF SearchEngine: Delta Search FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @comarch.com/NOL,version=3.0 - C:\Program Files\Common Files\NOL3\npn30plugin.dll (COMARCH S.A.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.2163 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\h32oumzw.default\Extensions\ffxtlbr@babylon.com FF Extension: Delta Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\h32oumzw.default\Extensions\ffxtlbr@delta.com FF Extension: Flagfox - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\h32oumzw.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\h32oumzw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\h32oumzw.default\Extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\h32oumzw.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi Chrome: ======= CHR HomePage: hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=D055001A703BD279 CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=D055001A703BD279" CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=D055001A703BD279 CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Norton Confidential) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Google Update) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Delta Toolbar) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0 CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0 CHR Extension: (AT_CharlotteRonson) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obakimnhgahiedhcjlcnohielmendpen\3_0 CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 BrowserProtect; C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] () R2 MCLIENT; C:\Program Files\Norton Management\Engine\3.2.0.19\diMaster.dll [535416 2012-10-11] (Symantec Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 N360; C:\Program Files\Norton 360\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation) R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\diMaster.dll [554288 2013-03-29] (Symantec Corporation) S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-02-01] (Symantec, Inc.) R2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2011-12-27] () R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130515.001\BHDrvx86.sys [1000024 2013-05-03] (Symantec Corporation) R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENT\0302000.013\ccSetx86.sys [134304 2012-10-04] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys [134304 2012-11-15] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DD03030.013\ccSetx86.sys [134304 2012-11-16] (Symantec Corporation) S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [340704 2006-08-24] (Creative Technology Ltd) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-05-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-05-11] (Symantec Corporation) R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-30] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-30] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-30] (HP) R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130524.001\IDSxpx86.sys [373728 2013-05-10] (Symantec Corporation) R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130524.022\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation) R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130524.022\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation) S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation) R1 nvport; C:\WINDOWS\system32\Drivers\nvport.sys [4608 2005-08-22] (NVIDIA Corporation.) R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2005-06-13] (Padus, Inc.) R3 RT61; C:\Windows\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.) R3 SRTSP; C:\Windows\system32\drivers\N360\1403010.016\SRTSP.SYS [602712 2013-01-28] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS [32344 2013-01-28] (Symantec Corporation) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1403010.016\SYMDS.SYS [367704 2013-01-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1403010.016\SYMEFA.SYS [934488 2013-01-30] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-05-11] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS [175264 2012-11-15] (Symantec Corporation) R1 SYMTDI; C:\Windows\system32\drivers\N360\1403010.016\SYMTDI.SYS [394656 2013-01-30] (Symantec Corporation) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S3 catchme; \??\C:\Temp\catchme.sys [x] S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S4 IntelIde; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 WDICA; No ImagePath U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-05-25 12:24 - 2013-05-25 12:24 - 00000000 ____D C:\FRST 2013-05-25 12:14 - 2013-05-25 12:14 - 00109350 ____A C:\Documents and Settings\User\Desktop\OTL.Txt 2013-05-25 12:14 - 2013-05-25 12:14 - 00058298 ____A C:\Documents and Settings\User\Desktop\Extras.Txt 2013-05-25 12:06 - 2013-05-25 12:06 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe 2013-05-19 13:10 - 2013-05-19 13:23 - 00000000 ____D C:\Documents and Settings\User\Application Data\Google 2013-05-19 13:10 - 2013-05-19 13:10 - 00000688 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2013-05-19 13:10 - 2013-05-19 13:10 - 00000000 ____D C:\Program Files\CCleaner 2013-05-19 13:10 - 2013-05-19 13:10 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-05-19 13:09 - 2013-05-25 12:20 - 00001032 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-19 13:09 - 2013-05-25 08:25 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-19 13:09 - 2013-05-19 13:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google 2013-05-19 13:09 - 2013-05-19 13:09 - 00000000 ____D C:\Program Files\Google 2013-05-16 00:16 - 2013-05-16 00:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-05-16 00:14 - 2013-05-16 00:14 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-05-11 14:23 - 2013-05-11 14:23 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS 2013-05-11 14:23 - 2013-05-11 14:23 - 00007446 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT 2013-05-11 14:23 - 2013-05-11 14:23 - 00001825 ____A C:\Documents and Settings\All Users\Desktop\Norton 360.LNK 2013-05-11 14:23 - 2013-05-11 14:23 - 00000000 ____D C:\Program Files\Symantec 2013-05-11 14:22 - 2013-05-11 14:22 - 00000000 ____D C:\Windows\System32\Drivers\N360 2013-05-11 14:22 - 2013-05-11 14:22 - 00000000 ____D C:\Program Files\Norton 360 2013-05-11 10:29 - 2010-08-21 06:59 - 00026600 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2013-04-27 11:35 - 2013-04-27 11:56 - 00011641 ____A C:\Documents and Settings\User\Desktop\Spis_Mickiewicza.xlsx ==================== One Month Modified Files and Folders ======== 2013-05-25 12:24 - 2013-05-25 12:24 - 00000000 ____D C:\FRST 2013-05-25 12:20 - 2013-05-19 13:09 - 00001032 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-25 12:14 - 2013-05-25 12:14 - 00109350 ____A C:\Documents and Settings\User\Desktop\OTL.Txt 2013-05-25 12:14 - 2013-05-25 12:14 - 00058298 ____A C:\Documents and Settings\User\Desktop\Extras.Txt 2013-05-25 12:06 - 2013-05-25 12:06 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe 2013-05-25 12:01 - 2010-02-05 22:03 - 00000000 ____D C:\Documents and Settings\User\My Documents\Bogdan 2013-05-25 11:37 - 2011-04-16 12:10 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1364589140-839522115-1004UA.job 2013-05-25 08:37 - 2013-02-09 00:08 - 00196608 ____A C:\Windows\System32\config\WindowsPowerShell.evt 2013-05-25 08:28 - 2010-01-16 23:41 - 01224353 ____A C:\Windows\WindowsUpdate.log 2013-05-25 08:26 - 2010-01-17 00:34 - 00000159 ____A C:\Windows\wiadebug.log 2013-05-25 08:26 - 2010-01-17 00:34 - 00000050 ____A C:\Windows\wiaservc.log 2013-05-25 08:25 - 2013-05-19 13:09 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-25 08:25 - 2010-01-17 01:23 - 00000062 __ASH C:\Documents and Settings\User\Local Settings\desktop.ini 2013-05-25 08:25 - 2010-01-17 01:23 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-05-25 08:25 - 2010-01-17 01:09 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-05-25 08:25 - 2010-01-17 00:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-24 23:49 - 2010-01-17 01:23 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini 2013-05-24 23:49 - 2010-01-17 01:08 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm 2013-05-24 23:49 - 2010-01-17 01:08 - 00001080 ____A C:\Windows\System32\settings.sfm 2013-05-24 23:49 - 2010-01-17 00:58 - 00032630 ____A C:\Windows\SchedLgU.Txt 2013-05-24 22:37 - 2011-04-16 12:10 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1364589140-839522115-1004Core.job 2013-05-24 21:23 - 2006-08-24 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-05-19 22:58 - 2013-04-14 17:41 - 00000262 ____A C:\Windows\Tasks\EPUpdater.job 2013-05-19 13:23 - 2013-05-19 13:10 - 00000000 ____D C:\Documents and Settings\User\Application Data\Google 2013-05-19 13:10 - 2013-05-19 13:10 - 00000688 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2013-05-19 13:10 - 2013-05-19 13:10 - 00000000 ____D C:\Program Files\CCleaner 2013-05-19 13:10 - 2013-05-19 13:10 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-05-19 13:10 - 2013-05-19 13:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google 2013-05-19 13:10 - 2011-04-16 12:10 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google 2013-05-19 13:09 - 2013-05-19 13:09 - 00000000 ____D C:\Program Files\Google 2013-05-16 09:34 - 2010-01-16 23:39 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-16 09:09 - 2010-01-17 00:28 - 00215264 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 00:18 - 2010-01-17 00:29 - 00608134 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-16 00:16 - 2013-05-16 00:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-05-16 00:16 - 2010-01-17 01:03 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-05-16 00:14 - 2013-05-16 00:14 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-05-16 00:14 - 2010-01-17 01:05 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-13 19:22 - 2013-04-14 17:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BrowserProtect 2013-05-13 06:57 - 2010-01-17 20:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe 2013-05-12 20:02 - 2012-10-07 19:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2013-05-11 14:46 - 2010-01-17 00:57 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-05-11 14:24 - 2010-01-23 00:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton 2013-05-11 14:23 - 2013-05-11 14:23 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS 2013-05-11 14:23 - 2013-05-11 14:23 - 00007446 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT 2013-05-11 14:23 - 2013-05-11 14:23 - 00001825 ____A C:\Documents and Settings\All Users\Desktop\Norton 360.LNK 2013-05-11 14:23 - 2013-05-11 14:23 - 00000000 ____D C:\Program Files\Symantec 2013-05-11 14:22 - 2013-05-11 14:22 - 00000000 ____D C:\Windows\System32\Drivers\N360 2013-05-11 14:22 - 2013-05-11 14:22 - 00000000 ____D C:\Program Files\Norton 360 2013-05-11 14:12 - 2010-03-06 00:31 - 00000766 ____A C:\Documents and Settings\User\Desktop\Pliki instalacyjne Norton.lnk 2013-05-11 13:55 - 2012-07-22 00:33 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\NPE 2013-05-11 10:01 - 2010-01-22 22:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-05-11 09:51 - 2010-01-17 00:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec 2013-05-07 06:27 - 2009-10-29 21:08 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll 2013-05-07 06:27 - 2006-08-24 14:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-06 06:45 - 2013-04-07 15:32 - 00010752 ____A C:\Documents and Settings\User\Desktop\mikroSUBIEKT.i01 2013-05-06 06:45 - 2011-02-26 03:10 - 00644096 ____A C:\Documents and Settings\User\Desktop\mikroSUBIEKT.iar 2013-05-05 23:39 - 2011-04-24 20:37 - 00000000 ____D C:\Documents and Settings\User\Application Data\TransEngPol70 2013-05-05 22:32 - 2010-01-30 15:45 - 00016416 ____A C:\Documents and Settings\User\Desktop\Biezace.xlsx 2013-04-27 11:56 - 2013-04-27 11:35 - 00011641 ____A C:\Documents and Settings\User\Desktop\Spis_Mickiewicza.xlsx ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================