Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01 Ran by Borowicz (administrator) on DELL on 25-02-2015 19:41:20 Running from C:\Documents and Settings\Borowicz\Pulpit Loaded Profiles: Borowicz (Available profiles: Borowicz) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TITUSPLUSSQL\MSSQL\Binn\sqlservr.exe (Panda Security, S.L.) D:\Program files\PANDA\PSANHost.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Microsoft Corporation) D:\Program files\Microsoft OFFICE\Office12\GrooveMonitor.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Panda Security, S.L.) D:\Program files\PANDA\PSUAMain.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation) HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2007-10-08] (Intel Corporation) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1122304 2008-11-12] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-08-12] (Brother Industries, Ltd.) HKLM\...\Run: [GrooveMonitor] => D:\Program files\Microsoft OFFICE\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [330240 2010-10-29] () HKLM\...\Run: [PSUAMain] => D:\Program files\PANDA\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-861567501-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110819&tt=060612_5_&babsrc=HP_ss&mntrId=ccddf50d000000000000001cbf4a0100 HKU\S-1-5-21-861567501-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://search.babylon.com/?affID=110819&tt=060612_5_&babsrc=NT_ss&mntrId=ccddf50d000000000000001cbf4a0100" <======= ATTENTION SearchScopes: HKU\S-1-5-21-861567501-484763869-682003330-1004 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_5_&babsrc=SP_ss&mntrId=ccddf50d000000000000001cbf4a0100 SearchScopes: HKU\S-1-5-21-861567501-484763869-682003330-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_5_&babsrc=SP_ss&mntrId=ccddf50d000000000000001cbf4a0100 SearchScopes: HKU\S-1-5-21-861567501-484763869-682003330-1004 -> {24979725-5596-4B9B-B829-4B2F8D0D21FC} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=EE28BC37-4157-49A6-ADC4-592A5CA9F98B&apn_sauid=48EFEF88-DC5F-48CE-9F68-1BA113641AA0 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program files\Microsoft OFFICE\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-861567501-484763869-682003330-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program files\Microsoft OFFICE\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Borowicz\Dane aplikacji\Mozilla\Firefox\Profiles\gljo4ke9.default FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-12] StartMenuInternet: FIREFOX.EXE - D:\Program files\Mozilla Firefox\firefox.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161664 2012-05-04] (Oracle Corporation) S3 Microsoft Office Groove Audit Service; D:\Program files\Microsoft OFFICE\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 MSSQL$TITUSPLUSSQL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TITUSPLUSSQL\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation) R2 NanoServiceMain; D:\Program files\PANDA\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) S2 PSUAService; D:\Program files\PANDA\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.) R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed] R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation ) [File not signed] S4 SQLAgent$TITUSPLUSSQL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TITUSPLUSSQL\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation) R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [356352 2007-10-08] (Intel Corporation) [File not signed] S2 XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [386560 2006-08-04] (Conexant Systems, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-10-12] (Cisco Systems, Inc.) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed] S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed] R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [986624 2006-11-02] (Conexant Systems, Inc.) [File not signed] R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [206848 2006-11-02] (Conexant Systems, Inc.) [File not signed] R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation) R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.) R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [46464 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.) R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.) R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140688 2014-10-13] (Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103312 2014-10-13] (Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172432 2014-10-02] (Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114704 2014-10-02] (Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [124944 2014-10-02] (Panda Security, S.L.) R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100496 2014-10-13] (Panda Security, S.L.) S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.) S4 RsFx0151; C:\WINDOWS\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [477240 2012-06-13] (Duplex Secure Ltd.) R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2010-10-15] (Samsung Electronics) [File not signed] R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [659968 2006-11-02] (Conexant Systems, Inc.) [File not signed] R2 XAudio; C:\WINDOWS\System32\DRIVERS\xaudio.sys [8192 2006-08-04] (Conexant Systems, Inc.) [File not signed] R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}t; C:\WINDOWS\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys [55232 2014-04-24] (StdLib) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath U3 pxtdapob; \??\C:\DOCUME~1\Borowicz\USTAWI~1\Temp\pxtdapob.sys [X] U3 pxtdapod; \??\C:\DOCUME~1\Borowicz\USTAWI~1\Temp\pxtdapod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 19:12 - 2015-02-25 19:25 - 00054418 _____ () C:\Documents and Settings\Borowicz\Pulpit\Addition.txt 2015-02-25 19:11 - 2015-02-25 19:41 - 00014329 _____ () C:\Documents and Settings\Borowicz\Pulpit\FRST.txt 2015-02-25 19:10 - 2015-02-25 19:41 - 00000000 ____D () C:\FRST 2015-02-25 19:08 - 2015-02-25 19:08 - 01127424 _____ (Farbar) C:\Documents and Settings\Borowicz\Pulpit\FRST.exe 2015-02-25 18:58 - 2015-02-25 18:58 - 00370943 _____ () C:\Documents and Settings\Borowicz\Pulpit\gmer.zip 2015-02-25 18:34 - 2015-02-25 18:34 - 00380416 _____ () C:\Documents and Settings\Borowicz\Pulpit\ct6ehf5p.exe 2015-02-25 10:40 - 2015-02-25 10:40 - 00000426 _____ () C:\Documents and Settings\Borowicz\Pulpit\AS.lnk 2015-02-25 08:01 - 2015-02-25 08:01 - 04437680 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Dane aplikacji\APN 2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\Documents and Settings\Borowicz\Dane aplikacji\Babylon 2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Babylon 2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Ask 2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\APN 2015-02-24 17:01 - 2015-02-24 17:01 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-02-24 17:00 - 2015-02-24 17:00 - 00000000 ____D () C:\Program Files\Panda Security 2015-02-24 16:50 - 2015-02-24 16:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-24 16:49 - 2015-02-24 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\QuickTime 2015-02-24 16:49 - 2015-02-24 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2015-02-24 16:21 - 2015-02-24 16:22 - 00000000 ____D () C:\WINDOWS\pss 2015-02-21 15:03 - 2015-02-21 15:03 - 40601600 _____ () C:\Documents and Settings\Borowicz\Moje dokumenty\Firefox%20Setup%2035.0.1.exe 2015-02-09 18:18 - 2015-02-24 16:49 - 01432434 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-861567501-484763869-682003330-1004-0.dat 2015-02-09 18:18 - 2015-02-24 16:49 - 00271906 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2015-02-09 17:33 - 2015-02-24 17:00 - 00000000 ____D () C:\Documents and Settings\Borowicz\Pulpit\Nowy folder 2015-02-09 17:32 - 2015-02-24 17:00 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2015-02-09 17:32 - 2015-02-09 17:32 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2015-02-04 17:01 - 2015-02-24 17:01 - 00000000 ____D () C:\Program Files\Common Files\Java(2) 2015-02-02 17:12 - 2015-02-24 16:27 - 00000000 ____D () C:\AdwCleaner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 19:41 - 2012-11-12 10:04 - 00000000 ___RD () C:\Documents and Settings\Borowicz\Pulpit\Pliki skanowane 2015-02-25 19:41 - 2011-10-12 17:01 - 00000000 ____D () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp 2015-02-25 19:41 - 2011-10-12 17:01 - 00000000 ____D () C:\Documents and Settings\Borowicz\Pulpit 2015-02-25 19:01 - 2012-03-29 17:26 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-25 18:28 - 2011-10-12 18:44 - 00000257 _____ () C:\WINDOWS\wiadebug.log 2015-02-25 18:28 - 2011-10-12 16:54 - 01596009 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-25 18:27 - 2011-10-12 18:45 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-02-25 18:27 - 2011-10-12 16:59 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-25 18:26 - 2011-10-12 17:01 - 00000292 ___SH () C:\Documents and Settings\Borowicz\ntuser.ini 2015-02-25 18:26 - 2011-10-12 16:59 - 00032634 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-25 18:25 - 2014-06-20 06:53 - 00000000 ____D () C:\Documents and Settings\Borowicz\Moje dokumenty\Pobrane 2015-02-25 18:09 - 2011-10-12 18:42 - 01599214 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-25 18:09 - 2004-08-04 11:00 - 00678054 _____ () C:\WINDOWS\system32\perfh015.dat 2015-02-25 18:09 - 2004-08-04 11:00 - 00151408 _____ () C:\WINDOWS\system32\perfc015.dat 2015-02-25 16:44 - 2013-11-03 14:52 - 00000000 ____D () C:\SS_AGENT 2015-02-25 13:11 - 2011-10-12 18:41 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-02-25 11:16 - 2011-11-07 07:09 - 00000822 _____ () C:\WINDOWS\BRWMARK.INI 2015-02-25 08:42 - 2014-08-22 06:34 - 00000000 ____D () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Dane aplikacji\Adobe 2015-02-25 08:34 - 2012-03-29 17:26 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-02-25 08:34 - 2011-10-16 20:08 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-02-25 08:10 - 2014-11-03 09:57 - 00000000 ____D () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Dane aplikacji\Deployment 2015-02-25 08:10 - 2011-10-12 20:24 - 00069648 _____ () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-02-24 17:29 - 2013-07-15 19:49 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-24 17:24 - 2011-11-30 12:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2015-02-24 17:24 - 2011-10-16 20:10 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-24 17:04 - 2011-10-12 18:40 - 00319544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-24 17:04 - 2004-08-04 11:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-24 17:03 - 2011-10-12 17:01 - 00000000 ____D () C:\Documents and Settings\Borowicz 2015-02-24 17:03 - 2011-10-12 16:59 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-02-24 17:03 - 2011-10-12 16:59 - 00000000 __SHD () C:\Documents and Settings\LocalService 2015-02-24 17:03 - 2011-10-12 16:51 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-24 17:02 - 2011-10-12 17:01 - 00000000 __RHD () C:\Documents and Settings\Borowicz\Dane aplikacji 2015-02-24 17:02 - 2011-10-12 17:01 - 00000000 ___HD () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Dane aplikacji 2015-02-24 17:00 - 2014-04-16 15:46 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Panda Security 2015-02-24 16:59 - 2011-10-12 18:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-02-24 16:49 - 2012-07-06 15:46 - 00000000 ____D () C:\Program Files\QuickTime 2015-02-24 16:23 - 2012-01-11 17:57 - 01026697 _____ () C:\WINDOWS\setupapi.log 2015-02-24 16:22 - 2004-08-04 11:00 - 00000828 _____ () C:\WINDOWS\win.ini 2015-02-24 16:22 - 2004-08-04 11:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-02-21 15:09 - 2011-10-12 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-02-21 15:03 - 2011-10-12 17:01 - 00000000 ___RD () C:\Documents and Settings\Borowicz\Moje dokumenty 2015-02-12 15:07 - 2012-03-31 14:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-02-11 07:53 - 2011-10-12 20:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-02-10 17:01 - 2012-09-25 22:18 - 00000000 ____D () C:\Documents and Settings\Borowicz\Pulpit\Dokumenty firmowe 2015-02-09 17:29 - 2011-10-12 20:21 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-02-09 17:23 - 2014-04-16 15:47 - 00065536 _____ () C:\WINDOWS\system32\config\Nano.evt 2015-02-09 17:21 - 2014-04-16 15:47 - 00000000 ____D () C:\Documents and Settings\Borowicz\Dane aplikacji\Panda Security 2015-02-04 17:02 - 2013-07-27 17:58 - 00000000 ____D () C:\Program Files\Java ==================== Files in the root of some directories ======= 2011-12-22 12:01 - 2012-12-08 17:19 - 0007680 _____ () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-10-16 20:07 - 2011-10-16 20:07 - 0000133 _____ () C:\Documents and Settings\Borowicz\Ustawienia lokalne\Dane aplikacji\fusioncache.dat Some content of TEMP: ==================== C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\7z.dll C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\AIRRuntimeInstaller.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\APNSetup.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\APNStub.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\AskSLib.dll C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\autorun.dll C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\firefoxjre_exe-1.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\firefoxjre_exe.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\gg10.upgr.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\jre-7u65-windows-i586-iftw.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\jre-7u9-windows-i586-iftw.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\jre-8u31-windows-au.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\ose00000.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\setup.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\Borowicz\Ustawienia lokalne\Temp\{3F56A4F3-9084-483F-AE84-438F202B7830}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================