Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02 Ran by Joanna (administrator) on ASIUUUNIA on 22-12-2013 12:15:21 Running from C:\Users\Joanna\Downloads Windows 8 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications)) HKCU\...\Run: [Facebook Update] - C:\Users\Joanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-03] (Facebook Inc.) MountPoints2: {47417fa8-5549-11e3-be88-1867b070a3bc} - "E:\AutoRun.exe" MountPoints2: {5a85935d-3d84-11e3-be83-1867b070a3bc} - "E:\AutoRun.exe" MountPoints2: {5a859683-3d84-11e3-be83-1867b070a3bc} - "E:\AutoRun.exe" MountPoints2: {867997a8-4e23-11e3-be88-1867b070a3bc} - "E:\AutoRun.exe" MountPoints2: {c36f2731-3f53-11e3-be87-1867b070a3bc} - "E:\AutoRun.exe" MountPoints2: {e1e15103-3da0-11e3-be86-1867b070a3bc} - "E:\AutoRun.exe" HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) Startup: C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=20.4.0.40 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=20.4.0.40 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6D94B9F1-0F62-42F7-B0B3-CFEFB55A7E97} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {6D94B9F1-0F62-42F7-B0B3-CFEFB55A7E97} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {6D94B9F1-0F62-42F7-B0B3-CFEFB55A7E97} URL = BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 84.205.31.4 84.205.31.5 Tcpip\..\Interfaces\{8D1DAD7E-4E1E-4885-96CF-C2E32635AEF5}: [NameServer]212.2.96.53 212.2.96.54 Tcpip\..\Interfaces\{BC75BC3D-CAA9-407C-B57F-293B783441D4}: [NameServer]212.2.96.51 212.2.96.52 Chrome: ======= CHR HomePage: hxxp://google.pl/ CHR RestoreOnStartup: "hxxp://www.onet.pl/" CHR DefaultSearchKeyword: google.pl CHR DefaultSearchProvider: Google CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding} CHR Extension: (Google Docs) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Dark atmosphere) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek\1.0_0 CHR Extension: (Norton Identity Protection) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0 CHR Extension: (Google Wallet) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-01] (Samsung Electronics CO., LTD.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-12] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-25] (Samsung Electronics CO., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222952 2013-01-24] (Qualcomm Atheros) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [64512 2012-07-26] (Microsoft Corporation) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [244736 2013-02-17] (Huawei Technologies Co., Ltd.) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131221.006\ENG64.SYS [126040 2013-10-25] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131221.006\EX64.SYS [2099288 2013-10-25] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-26] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-22 12:15 - 2013-12-22 12:15 - 00017401 _____ C:\Users\Joanna\Downloads\FRST.txt 2013-12-22 12:13 - 2013-12-22 12:13 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-12-22 12:11 - 2013-12-22 12:11 - 00000000 ____D C:\AdwCleaner 2013-12-22 12:02 - 2013-12-22 12:02 - 01226750 _____ C:\Users\Joanna\Downloads\AdwCleaner.exe 2013-12-22 10:54 - 2013-12-22 10:54 - 00036304 _____ C:\Users\Joanna\Desktop\FRST.txt 2013-12-22 10:54 - 2013-12-22 10:54 - 00027094 _____ C:\Users\Joanna\Desktop\Addition.txt 2013-12-22 10:51 - 2013-12-22 12:08 - 00000000 ____D C:\FRST 2013-12-22 10:49 - 2013-12-22 10:49 - 02193141 _____ (Farbar) C:\Users\Joanna\Downloads\FRST64.exe 2013-12-21 22:25 - 2013-12-21 22:25 - 00119206 _____ C:\Users\Joanna\Desktop\OTL.Txt 2013-12-21 22:25 - 2013-12-21 22:25 - 00069170 _____ C:\Users\Joanna\Downloads\Extras.Txt 2013-12-21 22:25 - 2013-12-21 22:25 - 00069170 _____ C:\Users\Joanna\Desktop\Extras.Txt 2013-12-21 22:13 - 2013-12-21 22:13 - 00602112 _____ (OldTimer Tools) C:\Users\Joanna\Downloads\OTL.exe 2013-12-21 21:56 - 2013-12-22 10:54 - 00027094 _____ C:\Users\Joanna\Downloads\Addition.txt 2013-12-21 21:56 - 2013-12-21 22:24 - 00119206 _____ C:\Users\Joanna\Downloads\OTL.Txt 2013-12-21 15:43 - 2013-12-21 15:43 - 00006279 _____ C:\Users\Joanna\Downloads\[www.tnt24.info] AudaCity.torrent 2013-12-18 20:45 - 2013-12-19 09:53 - 00000000 ____D C:\Users\Joanna\Documents\Originals 2013-12-18 20:44 - 2013-12-18 20:45 - 00006144 ____H C:\Users\Joanna\Downloads\photothumb.db 2013-12-14 21:14 - 2013-12-14 21:14 - 00010996 _____ C:\Users\Joanna\Downloads\[www.tnt24.info] Frozen Kraina lodu (2013) [CAM READNFO] [XViD-CH] [ENG].torrent 2013-12-12 14:50 - 2013-12-12 14:50 - 00018762 _____ C:\Users\Joanna\Documents\Wniosek o staż BIBLIOTEKA.odt 2013-12-12 14:45 - 2013-12-12 17:03 - 00018503 _____ C:\Users\Joanna\Documents\Wniosek o staż POCZTA.odt 2013-12-12 14:36 - 2013-12-12 14:36 - 00054612 _____ C:\Users\Joanna\Documents\Curriculum Vitae.odt 2013-12-12 14:34 - 2013-12-12 14:37 - 00018306 _____ C:\Users\Joanna\Documents\Wniosek o staż URZĄD MIASTA.odt 2013-12-11 19:56 - 2013-12-11 19:56 - 00000000 _____ C:\Users\Joanna\Sti_Trace.log 2013-12-11 18:41 - 2013-12-11 18:41 - 00002015 _____ C:\Users\Joanna\Documents\Brother Utilities.lnk 2013-12-11 18:41 - 2013-12-11 18:41 - 00000404 _____ C:\windows\BRWMARK.INI 2013-12-11 18:39 - 2013-12-11 18:39 - 00000050 _____ C:\windows\system32\BRIDF10A.DAT 2013-12-11 18:39 - 2013-12-11 18:39 - 00000000 ____D C:\Program Files (x86)\Browny02 2013-12-11 18:39 - 2013-12-11 18:39 - 00000000 ____D C:\Program Files (x86)\Brother 2013-12-11 18:39 - 2012-08-20 05:19 - 01560576 _____ (Brother Industries, Ltd.) C:\windows\system32\BrWi209c.dll 2013-12-11 18:39 - 2010-03-08 13:50 - 00003072 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2S.dll 2013-12-11 18:39 - 2010-02-09 17:11 - 00217088 ____N (brother) C:\windows\SysWOW64\NSSearch.dll 2013-12-11 18:39 - 2010-02-05 11:42 - 00180224 ____N (Brother Industries, Ltd.) C:\windows\SysWOW64\BroSNMP.dll 2013-12-11 18:39 - 2010-01-22 08:52 - 00061440 _____ (Brother Industries Ltd.) C:\windows\SysWOW64\brprtink.dll 2013-12-11 18:39 - 2009-08-18 11:36 - 00050688 _____ (Brother Industries, Ltd.) C:\windows\system32\BrUsi09c.dll 2013-12-11 18:39 - 2007-12-13 22:16 - 00073728 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2.dll 2013-12-11 18:39 - 2007-12-13 22:16 - 00004608 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2L.dll 2013-12-11 18:38 - 2013-12-11 18:38 - 00000000 ____D C:\Users\Joanna\Downloads\install 2013-12-11 18:38 - 2013-12-11 18:38 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\InstallShield 2013-12-11 18:33 - 2013-12-11 18:33 - 00000000 ____D C:\ProgramData\Brother 2013-12-11 16:03 - 2013-12-11 16:03 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\OpenOffice 2013-12-11 16:01 - 2013-12-11 16:01 - 00001142 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-12-11 16:01 - 2013-12-11 16:01 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-12-11 15:58 - 2013-12-11 15:58 - 00000000 ____D C:\Users\Joanna\Downloads\OpenOffice 4.0.1 (pl) Installation Files 2013-12-11 15:45 - 2013-12-11 15:57 - 133661993 _____ C:\Users\Joanna\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_pl.exe 2013-12-10 13:11 - 2013-12-18 20:33 - 00000000 ____D C:\Users\Joanna\Desktop\Prace kontrolne 2013-12-06 11:55 - 2013-12-06 11:59 - 00000000 ____D C:\Users\Joanna\AppData\Local\DICOMViewer 2013-12-06 11:52 - 2013-12-06 11:52 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Lite 2013-12-05 16:19 - 2013-12-05 16:19 - 00003416 _____ C:\{1B4B5480-DABA-4211-BDCE-3CEC2E51C548} 2013-12-05 15:43 - 2013-12-05 15:43 - 00002960 _____ C:\{C6F4D925-D0F8-43E5-9F33-0A79A7B40E0A} 2013-12-04 14:37 - 2013-12-04 14:37 - 00002624 _____ C:\{F040542F-E2AD-494B-B478-C2C61532BE05} ==================== One Month Modified Files and Folders ======= 2013-12-22 12:16 - 2013-12-22 12:15 - 00017401 _____ C:\Users\Joanna\Downloads\FRST.txt 2013-12-22 12:13 - 2013-12-22 12:13 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-12-22 12:13 - 2013-10-25 16:05 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-22 12:13 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-12-22 12:12 - 2013-03-09 11:52 - 01668957 _____ C:\windows\WindowsUpdate.log 2013-12-22 12:12 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-12-22 12:11 - 2013-12-22 12:11 - 00000000 ____D C:\AdwCleaner 2013-12-22 12:08 - 2013-12-22 10:51 - 00000000 ____D C:\FRST 2013-12-22 12:07 - 2012-08-05 22:07 - 00041962 _____ C:\windows\PFRO.log 2013-12-22 12:06 - 2013-10-25 15:46 - 00000000 ____D C:\Users\Joanna 2013-12-22 12:02 - 2013-12-22 12:02 - 01226750 _____ C:\Users\Joanna\Downloads\AdwCleaner.exe 2013-12-22 12:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru 2013-12-22 10:54 - 2013-12-22 10:54 - 00036304 _____ C:\Users\Joanna\Desktop\FRST.txt 2013-12-22 10:54 - 2013-12-22 10:54 - 00027094 _____ C:\Users\Joanna\Desktop\Addition.txt 2013-12-22 10:54 - 2013-12-21 21:56 - 00027094 _____ C:\Users\Joanna\Downloads\Addition.txt 2013-12-22 10:49 - 2013-12-22 10:49 - 02193141 _____ (Farbar) C:\Users\Joanna\Downloads\FRST64.exe 2013-12-22 10:47 - 2013-03-09 13:59 - 00000000 ____D C:\ProgramData\WinClon 2013-12-22 01:21 - 2013-10-25 16:05 - 00001068 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-21 23:21 - 2013-11-03 17:16 - 00000952 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3691044786-844057909-788077212-1001UA.job 2013-12-21 22:25 - 2013-12-21 22:25 - 00119206 _____ C:\Users\Joanna\Desktop\OTL.Txt 2013-12-21 22:25 - 2013-12-21 22:25 - 00069170 _____ C:\Users\Joanna\Downloads\Extras.Txt 2013-12-21 22:25 - 2013-12-21 22:25 - 00069170 _____ C:\Users\Joanna\Desktop\Extras.Txt 2013-12-21 22:24 - 2013-12-21 21:56 - 00119206 _____ C:\Users\Joanna\Downloads\OTL.Txt 2013-12-21 22:13 - 2013-12-21 22:13 - 00602112 _____ (OldTimer Tools) C:\Users\Joanna\Downloads\OTL.exe 2013-12-21 21:44 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\ELAM 2013-12-21 21:31 - 2013-11-13 22:11 - 00000000 ____D C:\Users\Joanna\Documents\down uTorrent 2013-12-21 18:58 - 2013-10-25 15:53 - 00000000 ____D C:\Users\Joanna\Documents\Bluetooth Folder 2013-12-21 18:57 - 2013-11-13 21:38 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\uTorrent 2013-12-21 18:41 - 2013-10-25 16:53 - 00000000 ____D C:\Users\Joanna\AppData\Local\CrashDumps 2013-12-21 15:43 - 2013-12-21 15:43 - 00006279 _____ C:\Users\Joanna\Downloads\[www.tnt24.info] AudaCity.torrent 2013-12-21 14:27 - 2013-10-25 15:49 - 00000000 ____D C:\Users\Joanna\AppData\Local\Packages 2013-12-21 14:27 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-12-21 10:11 - 2013-03-10 05:01 - 00794946 _____ C:\windows\system32\perfh015.dat 2013-12-21 10:11 - 2013-03-10 05:01 - 00159530 _____ C:\windows\system32\perfc015.dat 2013-12-21 10:11 - 2012-07-26 08:28 - 01793398 _____ C:\windows\system32\PerfStringBackup.INI 2013-12-21 10:07 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF 2013-12-19 17:21 - 2013-11-03 17:16 - 00000930 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3691044786-844057909-788077212-1001Core.job 2013-12-19 09:54 - 2013-10-26 17:32 - 00026624 ____H C:\Users\Joanna\Documents\photothumb.db 2013-12-19 09:53 - 2013-12-18 20:45 - 00000000 ____D C:\Users\Joanna\Documents\Originals 2013-12-19 09:53 - 2013-10-27 23:08 - 00176128 ___SH C:\Users\Joanna\Documents\Thumbs.db 2013-12-19 09:53 - 2013-10-26 15:55 - 00000000 ____D C:\Users\Joanna\Documents\CV 2013-12-18 20:45 - 2013-12-18 20:44 - 00006144 ____H C:\Users\Joanna\Downloads\photothumb.db 2013-12-18 20:39 - 2013-10-26 17:31 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\PhotoScape 2013-12-18 20:39 - 2013-10-26 15:20 - 00222720 ___SH C:\Users\Joanna\Desktop\Thumbs.db 2013-12-18 20:38 - 2013-11-06 11:58 - 00043008 ____H C:\Users\Joanna\Desktop\photothumb.db 2013-12-18 20:33 - 2013-12-10 13:11 - 00000000 ____D C:\Users\Joanna\Desktop\Prace kontrolne 2013-12-18 20:33 - 2013-11-17 15:03 - 00000000 ____D C:\Users\Joanna\Desktop\Notatki 2013-12-18 19:47 - 2013-10-25 15:52 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Atheros 2013-12-14 21:14 - 2013-12-14 21:14 - 00010996 _____ C:\Users\Joanna\Downloads\[www.tnt24.info] Frozen Kraina lodu (2013) [CAM READNFO] [XViD-CH] [ENG].torrent 2013-12-12 17:03 - 2013-12-12 14:45 - 00018503 _____ C:\Users\Joanna\Documents\Wniosek o staż POCZTA.odt 2013-12-12 15:45 - 2013-10-25 15:59 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3691044786-844057909-788077212-1001 2013-12-12 14:50 - 2013-12-12 14:50 - 00018762 _____ C:\Users\Joanna\Documents\Wniosek o staż BIBLIOTEKA.odt 2013-12-12 14:37 - 2013-12-12 14:34 - 00018306 _____ C:\Users\Joanna\Documents\Wniosek o staż URZĄD MIASTA.odt 2013-12-12 14:36 - 2013-12-12 14:36 - 00054612 _____ C:\Users\Joanna\Documents\Curriculum Vitae.odt 2013-12-12 14:33 - 2013-08-09 14:31 - 00018281 _____ C:\Users\Joanna\Documents\List motywacyjny.odt 2013-12-11 19:56 - 2013-12-11 19:56 - 00000000 _____ C:\Users\Joanna\Sti_Trace.log 2013-12-11 18:44 - 2013-10-25 19:12 - 03392720 _____ C:\windows\system32\FNTCACHE.DAT 2013-12-11 18:41 - 2013-12-11 18:41 - 00002015 _____ C:\Users\Joanna\Documents\Brother Utilities.lnk 2013-12-11 18:41 - 2013-12-11 18:41 - 00000404 _____ C:\windows\BRWMARK.INI 2013-12-11 18:41 - 2012-07-26 08:21 - 00050905 _____ C:\windows\setupact.log 2013-12-11 18:39 - 2013-12-11 18:39 - 00000050 _____ C:\windows\system32\BRIDF10A.DAT 2013-12-11 18:39 - 2013-12-11 18:39 - 00000000 ____D C:\Program Files (x86)\Browny02 2013-12-11 18:39 - 2013-12-11 18:39 - 00000000 ____D C:\Program Files (x86)\Brother 2013-12-11 18:39 - 2013-03-09 11:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-11 18:38 - 2013-12-11 18:38 - 00000000 ____D C:\Users\Joanna\Downloads\install 2013-12-11 18:38 - 2013-12-11 18:38 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\InstallShield 2013-12-11 18:33 - 2013-12-11 18:33 - 00000000 ____D C:\ProgramData\Brother 2013-12-11 16:03 - 2013-12-11 16:03 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\OpenOffice 2013-12-11 16:01 - 2013-12-11 16:01 - 00001142 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2013-12-11 16:01 - 2013-12-11 16:01 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-12-11 15:58 - 2013-12-11 15:58 - 00000000 ____D C:\Users\Joanna\Downloads\OpenOffice 4.0.1 (pl) Installation Files 2013-12-11 15:57 - 2013-12-11 15:45 - 133661993 _____ C:\Users\Joanna\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_pl.exe 2013-12-09 19:51 - 2013-11-05 18:41 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-09 11:10 - 2013-10-25 15:51 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Adobe 2013-12-08 21:50 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache 2013-12-07 10:28 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore 2013-12-07 10:28 - 2012-07-26 09:12 - 00000000 ____D C:\windows\SysWOW64\migwiz 2013-12-07 10:28 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-12-07 10:28 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-12-07 10:28 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-12-07 10:28 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-12-07 10:28 - 2012-07-26 08:52 - 00000000 ____D C:\Program Files\Windows Journal 2013-12-07 10:28 - 2012-07-26 08:51 - 00000000 ____D C:\windows\SysWOW64\winrm 2013-12-07 10:28 - 2012-07-26 08:51 - 00000000 ____D C:\windows\SysWOW64\sysprep 2013-12-07 10:28 - 2012-07-26 08:51 - 00000000 ____D C:\windows\SysWOW64\slmgr 2013-12-07 10:28 - 2012-07-26 06:38 - 00000000 ____D C:\windows\SysWOW64\oobe 2013-12-07 10:28 - 2012-07-26 06:37 - 00000000 ____D C:\windows\servicing 2013-12-07 10:27 - 2013-03-10 04:29 - 00000000 ____D C:\windows\SysWOW64\XPSViewer 2013-12-07 10:27 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel 2013-12-07 10:27 - 2012-07-26 09:12 - 00000000 ____D C:\windows\SysWOW64\Com 2013-12-07 10:27 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\migwiz 2013-12-07 10:27 - 2012-07-26 08:51 - 00000000 ____D C:\windows\SysWOW64\WCN 2013-12-07 10:27 - 2012-07-26 08:51 - 00000000 ____D C:\windows\SysWOW64\Printing_Admin_Scripts 2013-12-07 10:27 - 2012-07-26 08:51 - 00000000 ____D C:\windows\system32\winrm 2013-12-07 10:27 - 2012-07-26 08:51 - 00000000 ____D C:\windows\system32\slmgr 2013-12-07 10:27 - 2012-07-26 06:38 - 00000000 ____D C:\windows\SysWOW64\Dism 2013-12-07 10:27 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\Sysprep 2013-12-07 10:27 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe 2013-12-07 10:25 - 2012-07-26 08:51 - 00000000 ____D C:\windows\system32\WCN 2013-12-07 10:25 - 2012-07-26 08:51 - 00000000 ____D C:\windows\system32\Printing_Admin_Scripts 2013-12-07 10:25 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\Dism 2013-12-07 10:24 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\SystemResetPlatform 2013-12-07 10:24 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\Com 2013-12-07 10:22 - 2012-07-26 09:12 - 00000000 ____D C:\windows\SysWOW64\MUI 2013-12-06 11:59 - 2013-12-06 11:55 - 00000000 ____D C:\Users\Joanna\AppData\Local\DICOMViewer 2013-12-06 11:52 - 2013-12-06 11:52 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Lite 2013-12-05 16:19 - 2013-12-05 16:19 - 00003416 _____ C:\{1B4B5480-DABA-4211-BDCE-3CEC2E51C548} 2013-12-05 15:43 - 2013-12-05 15:43 - 00002960 _____ C:\{C6F4D925-D0F8-43E5-9F33-0A79A7B40E0A} 2013-12-05 09:26 - 2013-10-25 16:06 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-04 14:37 - 2013-12-04 14:37 - 00002624 _____ C:\{F040542F-E2AD-494B-B478-C2C61532BE05} 2013-11-28 16:51 - 2013-03-09 14:11 - 00000000 ____D C:\ProgramData\PopCap Games 2013-11-26 14:16 - 2013-10-25 16:05 - 00004040 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-26 14:16 - 2013-10-25 16:05 - 00003804 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\Joanna\AppData\Local\Temp\25117uninstall.exe C:\Users\Joanna\AppData\Local\Temp\ICReinstall_Setup.exe C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe C:\Users\Joanna\AppData\Local\Temp\Sqlite3.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-18 10:55 ==================== End Of Log ============================