Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014 Ran by Aleksandra (administrator) on ALEKSANDRA-PC on 23-01-2014 17:28:06 Running from C:\Users\Aleksandra\Documents\ZZZInne\blad Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\ProgramData\DatacardService\DCService.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Simplygen) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files (x86)\Plus Internet\Plus Internet.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.bin (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe () C:\Users\Aleksandra\pwo5\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Users\Aleksandra\AppData\Local\Temp\_MEI33322\bin\winlogon.exe (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation) HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-28] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4133072 2012-07-04] (ESET) HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] () HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Plus Internet] - C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [472384 2011-07-04] () HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-05-16] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-18] (Google Inc.) HKCU\...\Run: [ChomikBox] - C:\Program Files (x86)\ChomikBox\chomikbox.exe [5979648 2012-11-15] ( ) HKCU\...\Run: [pwo5] - C:\Users\Aleksandra\pwo5\svchost.exe [7691285 2013-08-24] () MountPoints2: E - E:\AutoRun.exe MountPoints2: F - F:\AutoRun.exe MountPoints2: {12c45de3-b2af-11e2-9cf6-74e50b92dd66} - E:\AutoRun.exe MountPoints2: {281ab774-aeb1-11e2-b1e1-e8e0b75de758} - E:\AutoRun.exe MountPoints2: {3b90375c-1ef5-11e2-8a1b-001e101f82a7} - G:\AutoRun.exe MountPoints2: {8025cf77-ae59-11e2-ab8b-001e101faa49} - E:\AutoRun.exe MountPoints2: {8025cf8c-ae59-11e2-ab8b-001e101faa49} - F:\AutoRun.exe MountPoints2: {885a7ac3-e3e0-11e1-8670-806e6f6e6963} - F:\AutoRun.exe MountPoints2: {885a7b1b-e3e0-11e1-8670-74e50b92dd66} - E:\AutoRun.exe MountPoints2: {b6c61dab-c5df-11e2-8764-74e50b92dd66} - E:\AutoRun.exe MountPoints2: {c7096927-60a1-11e2-b1c7-001e101f2c0e} - E:\AutoRun.exe MountPoints2: {e1073236-ea3a-11e2-a30d-e8e0b75de758} - E:\AutoRun.exe Startup: C:\Users\Aleksandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Aleksandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= SearchScopes: HKLM - DefaultScope {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP SearchScopes: HKLM-x32 - DefaultScope {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms} SearchScopes: HKLM-x32 - {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms} SearchScopes: HKCU - {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS492 SearchScopes: HKCU - {E612D254-F827-49FA-AB73-0DB6F527B0B5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{1B0D5D40-4DA8-4BBD-97EE-25CB0F3E096D}: [NameServer]212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{6E3D8D19-53B4-4D75-B4A6-931A0AD4A359}: [NameServer]89.108.202.20 89.108.195.20 Tcpip\..\Interfaces\{B50CC576-8F36-4F23-858A-DD6333E3F3E0}: [NameServer]89.108.202.20 89.108.195.20 FireFox: ======== FF ProfilePath: C:\Users\Aleksandra\AppData\Roaming\Mozilla\Firefox\Profiles\dn4zjpy2.default-1388927601029 FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013-03-18] Chrome: ======= CHR RestoreOnStartup: "translate_blocked_languages": [ "en" CHR DefaultSearchKeyword: search.certified-toolbar.com CHR DefaultSearchProvider: Web Search CHR DefaultSearchURL: http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (RealDownloader) - C:\Users\Aleksandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-11] CHR Extension: (Chrome In-App Payments service) - C:\Users\Aleksandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-25] (Adobe Systems) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [35720 2012-07-04] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [999704 2012-07-04] (ESET) S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2012-07-04] (ESET) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] () R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-09-11] (Symantec Corporation) R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () S3 Lanillat; ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-07-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [140752 2012-03-29] (ESET) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-07-04] (Huawei Technologies Co., Ltd.) S3 s816bus; C:\Windows\System32\DRIVERS\s816bus.sys [107048 2007-06-19] (MCCI Corporation) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [179920 2012-07-10] (ESET) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-23 17:27 - 2014-01-23 17:27 - 00000000 ____D C:\FRST 2014-01-23 09:59 - 2014-01-23 09:59 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{712094C1-9FEC-4FA3-A704-5AD29D8C1CE4} 2014-01-22 21:58 - 2014-01-22 21:58 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{CABAAC4C-4BDC-4325-8ECF-64B4C721E70C} 2014-01-22 08:40 - 2014-01-22 08:40 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{FA434254-A00B-4038-A26B-2ED095709DC4} 2014-01-21 10:42 - 2014-01-21 10:42 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{BB82DE37-1F4A-494C-BC02-7F713FDAC344} 2014-01-20 09:38 - 2014-01-20 09:38 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{00BF99B0-BE3B-42DD-BAE9-CA8504317C9C} 2014-01-19 19:13 - 2014-01-19 19:13 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{A0FCCBC0-5875-458F-92CA-739B9DF89D1F} 2014-01-18 13:04 - 2014-01-18 13:04 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{2440A149-145B-4BBA-A024-1AB4A18E03F0} 2014-01-17 10:27 - 2014-01-17 10:27 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{4CC3F56B-02CF-479A-A646-8A7CB91ADCA6} 2014-01-16 22:21 - 2014-01-16 22:21 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{AC19632B-E022-496C-B1C4-B494C616FFCE} 2014-01-16 09:52 - 2014-01-16 09:52 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{A0936AF9-5353-4810-9A8C-03291E984838} 2014-01-15 13:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 13:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 13:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-15 13:23 - 2014-01-15 13:25 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{8E14ED45-33D4-43FB-9227-AE8C3B4FE3D7} 2014-01-14 23:31 - 2014-01-14 23:31 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{E7DA5A34-458B-4EFB-B946-B198AE2E84C0} 2014-01-14 11:07 - 2014-01-14 11:07 - 01128916 _____ (www.hellopdf.com ) C:\Users\Aleksandra\Downloads\pdf2wordsetup.exe 2014-01-14 10:32 - 2014-01-14 10:32 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{004E24E3-455F-41AA-965E-BE92F069C9A0} 2014-01-13 08:47 - 2014-01-13 08:47 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{DD9EF6C1-EE3A-4C85-A667-7384436F826B} 2014-01-12 13:52 - 2014-01-12 13:52 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{4472B5A9-0BE1-4880-9406-C36B0886AB4D} 2014-01-10 09:11 - 2014-01-10 09:11 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{E314C959-DE27-4EB3-8D0B-729FF8899FDA} 2014-01-09 11:01 - 2014-01-09 11:01 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{FE4B534B-CC43-4E2C-8C18-184153D4DBB2} 2014-01-08 22:23 - 2014-01-08 22:23 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{A9B6B912-D1E4-4CE4-9581-D2D76B267480} 2014-01-07 23:54 - 2014-01-07 23:54 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{9421078E-B8F8-4F8E-996E-0309E5589974} 2014-01-07 11:48 - 2014-01-07 11:48 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{E5136733-8AC8-434F-BBCE-719669E20CE6} 2014-01-06 11:30 - 2014-01-06 11:30 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{9A7AD0F1-76C2-492C-AA67-529A99790664} 2014-01-05 14:13 - 2014-01-05 14:13 - 00000000 ____D C:\Users\Aleksandra\Desktop\Stare dane programu Firefox 2014-01-05 13:51 - 2014-01-05 13:51 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{FAD157CB-0048-43ED-8942-B96911CEEAB5} 2014-01-04 13:35 - 2014-01-04 13:35 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{751D1411-EE10-47A5-90FE-AD436693D142} 2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{7673D77A-6BF6-4E2F-8B2B-7401B2944CB4} 2014-01-02 10:50 - 2014-01-02 10:50 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{77EFA66C-F9E8-495E-846F-637E3FC9329F} 2014-01-01 21:44 - 2014-01-01 21:44 - 00006809 _____ C:\Users\Aleksandra\Downloads\Wniosek(2).xml 2014-01-01 21:33 - 2014-01-01 21:33 - 00009345 _____ C:\Users\Aleksandra\Downloads\Wniosek(1).xml 2014-01-01 21:17 - 2014-01-01 21:17 - 00009039 _____ C:\Users\Aleksandra\Downloads\Wniosek.xml 2014-01-01 19:42 - 2014-01-01 19:42 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{F21B9D64-6E28-4D29-88FE-1FBEE5FC4565} 2013-12-31 03:03 - 2013-12-31 03:03 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{EAC01617-EAD8-48DD-B87B-CF8A98230621} 2013-12-29 18:39 - 2013-12-29 18:39 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{C4993CE5-D955-4902-86D3-E93FDE00EA97} 2013-12-28 13:25 - 2013-12-28 13:25 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{7D01E05D-3F0C-4E04-B58A-06B39874E51C} 2013-12-27 11:48 - 2013-12-27 11:48 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{CE1C90EB-D6D9-4743-A886-E8491403BB78} 2013-12-24 11:10 - 2013-12-24 11:11 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{12D39B38-5DC4-439E-9DEE-EE4F521B3A20} ==================== One Month Modified Files and Folders ======= 2014-01-23 17:27 - 2014-01-23 17:27 - 00000000 ____D C:\FRST 2014-01-23 17:23 - 2013-05-18 06:39 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2014-01-23 17:20 - 2013-08-24 16:07 - 00000000 ___HD C:\Users\Aleksandra\pwo5 2014-01-23 17:10 - 2009-07-14 05:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-23 17:10 - 2009-07-14 05:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-23 17:08 - 2012-12-14 14:02 - 00000000 ____D C:\Users\Aleksandra\Documents\ZZZInne 2014-01-23 16:46 - 2012-01-18 06:31 - 00001062 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-23 15:46 - 2012-01-18 06:31 - 00001058 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-23 10:00 - 2012-01-18 06:03 - 01596179 _____ C:\windows\WindowsUpdate.log 2014-01-23 10:00 - 2009-07-14 06:13 - 00778834 _____ C:\windows\system32\PerfStringBackup.INI 2014-01-23 09:59 - 2014-01-23 09:59 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{712094C1-9FEC-4FA3-A704-5AD29D8C1CE4} 2014-01-23 09:58 - 2012-12-28 23:28 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\ChomikBox 2014-01-23 09:57 - 2013-12-13 21:40 - 00003360 _____ C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3856318067-3115961113-3659972134-1000 2014-01-23 09:57 - 2013-12-13 21:40 - 00003236 _____ C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3856318067-3115961113-3659972134-1000 2014-01-23 09:57 - 2012-12-28 23:28 - 00000000 ____D C:\Users\Aleksandra\.gstreamer-0.10 2014-01-23 09:56 - 2012-08-13 00:33 - 00000000 ____D C:\Users\Aleksandra\AppData\Roaming\OpenOffice.org2 2014-01-23 09:54 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2014-01-23 09:54 - 2009-07-14 05:51 - 00148983 _____ C:\windows\setupact.log 2014-01-22 21:58 - 2014-01-22 21:58 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{CABAAC4C-4BDC-4325-8ECF-64B4C721E70C} 2014-01-22 09:39 - 2012-11-23 19:51 - 00003978 _____ C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan 2014-01-22 08:40 - 2014-01-22 08:40 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{FA434254-A00B-4038-A26B-2ED095709DC4} 2014-01-21 10:42 - 2014-01-21 10:42 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{BB82DE37-1F4A-494C-BC02-7F713FDAC344} 2014-01-20 09:38 - 2014-01-20 09:38 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{00BF99B0-BE3B-42DD-BAE9-CA8504317C9C} 2014-01-19 21:46 - 2012-10-25 19:00 - 00000000 ____D C:\Users\Aleksandra\Desktop\Krzysiek 2014-01-19 20:32 - 2012-08-22 18:48 - 00000000 ____D C:\Users\Aleksandra\AppData\Roaming\Skype 2014-01-19 19:13 - 2014-01-19 19:13 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{A0FCCBC0-5875-458F-92CA-739B9DF89D1F} 2014-01-18 13:04 - 2014-01-18 13:04 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{2440A149-145B-4BBA-A024-1AB4A18E03F0} 2014-01-17 10:27 - 2014-01-17 10:27 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{4CC3F56B-02CF-479A-A646-8A7CB91ADCA6} 2014-01-16 22:21 - 2014-01-16 22:21 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{AC19632B-E022-496C-B1C4-B494C616FFCE} 2014-01-16 09:52 - 2014-01-16 09:52 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{A0936AF9-5353-4810-9A8C-03291E984838} 2014-01-15 15:10 - 2009-07-14 05:45 - 00287344 _____ C:\windows\system32\FNTCACHE.DAT 2014-01-15 15:06 - 2013-07-17 22:49 - 00000000 ____D C:\windows\system32\MRT 2014-01-15 15:04 - 2013-05-16 15:46 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-15 13:25 - 2014-01-15 13:23 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{8E14ED45-33D4-43FB-9227-AE8C3B4FE3D7} 2014-01-14 23:31 - 2014-01-14 23:31 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{E7DA5A34-458B-4EFB-B946-B198AE2E84C0} 2014-01-14 11:07 - 2014-01-14 11:07 - 01128916 _____ (www.hellopdf.com ) C:\Users\Aleksandra\Downloads\pdf2wordsetup.exe 2014-01-14 10:32 - 2014-01-14 10:32 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{004E24E3-455F-41AA-965E-BE92F069C9A0} 2014-01-13 08:47 - 2014-01-13 08:47 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{DD9EF6C1-EE3A-4C85-A667-7384436F826B} 2014-01-12 13:52 - 2014-01-12 13:52 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{4472B5A9-0BE1-4880-9406-C36B0886AB4D} 2014-01-10 09:11 - 2014-01-10 09:11 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{E314C959-DE27-4EB3-8D0B-729FF8899FDA} 2014-01-09 11:01 - 2014-01-09 11:01 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{FE4B534B-CC43-4E2C-8C18-184153D4DBB2} 2014-01-08 22:23 - 2014-01-08 22:23 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{A9B6B912-D1E4-4CE4-9581-D2D76B267480} 2014-01-07 23:54 - 2014-01-07 23:54 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{9421078E-B8F8-4F8E-996E-0309E5589974} 2014-01-07 11:48 - 2014-01-07 11:48 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{E5136733-8AC8-434F-BBCE-719669E20CE6} 2014-01-06 11:30 - 2014-01-06 11:30 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{9A7AD0F1-76C2-492C-AA67-529A99790664} 2014-01-05 14:13 - 2014-01-05 14:13 - 00000000 ____D C:\Users\Aleksandra\Desktop\Stare dane programu Firefox 2014-01-05 14:11 - 2013-04-26 12:08 - 00000000 ____D C:\Users\Aleksandra\AppData\Roaming\Plus Internet 2014-01-05 13:51 - 2014-01-05 13:51 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{FAD157CB-0048-43ED-8942-B96911CEEAB5} 2014-01-04 13:35 - 2014-01-04 13:35 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{751D1411-EE10-47A5-90FE-AD436693D142} 2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{7673D77A-6BF6-4E2F-8B2B-7401B2944CB4} 2014-01-02 10:50 - 2014-01-02 10:50 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{77EFA66C-F9E8-495E-846F-637E3FC9329F} 2014-01-01 21:44 - 2014-01-01 21:44 - 00006809 _____ C:\Users\Aleksandra\Downloads\Wniosek(2).xml 2014-01-01 21:33 - 2014-01-01 21:33 - 00009345 _____ C:\Users\Aleksandra\Downloads\Wniosek(1).xml 2014-01-01 21:17 - 2014-01-01 21:17 - 00009039 _____ C:\Users\Aleksandra\Downloads\Wniosek.xml 2014-01-01 19:42 - 2014-01-01 19:42 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{F21B9D64-6E28-4D29-88FE-1FBEE5FC4565} 2013-12-31 03:03 - 2013-12-31 03:03 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{EAC01617-EAD8-48DD-B87B-CF8A98230621} 2013-12-30 19:29 - 2012-08-13 23:19 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\CrashDumps 2013-12-29 18:39 - 2013-12-29 18:39 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{C4993CE5-D955-4902-86D3-E93FDE00EA97} 2013-12-28 13:25 - 2013-12-28 13:25 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{7D01E05D-3F0C-4E04-B58A-06B39874E51C} 2013-12-27 11:48 - 2013-12-27 11:48 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{CE1C90EB-D6D9-4743-A886-E8491403BB78} 2013-12-24 11:11 - 2013-12-24 11:10 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{12D39B38-5DC4-439E-9DEE-EE4F521B3A20} Some content of TEMP: ==================== C:\Users\Aleksandra\AppData\Local\Temp\acl6w-dq.dll C:\Users\Aleksandra\AppData\Local\Temp\avguidx.dll C:\Users\Aleksandra\AppData\Local\Temp\CommonInstaller.exe C:\Users\Aleksandra\AppData\Local\Temp\DefaultAssets.exe C:\Users\Aleksandra\AppData\Local\Temp\DefaultOfflineContent.exe C:\Users\Aleksandra\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe C:\Users\Aleksandra\AppData\Local\Temp\LEGOLOTR.exe C:\Users\Aleksandra\AppData\Local\Temp\lowproc.exe C:\Users\Aleksandra\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Aleksandra\AppData\Local\Temp\NLStubInstallerResources.dll C:\Users\Aleksandra\AppData\Local\Temp\oi_{7396B148-BDFF-48E0-BCDC-4A0DE473114D}.exe C:\Users\Aleksandra\AppData\Local\Temp\oi_{8F9C9D5D-B6B9-4A73-93FE-FD022445780E}.exe C:\Users\Aleksandra\AppData\Local\Temp\PCCU_Installer.exe C:\Users\Aleksandra\AppData\Local\Temp\stubhelper.dll C:\Users\Aleksandra\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Aleksandra\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Aleksandra\AppData\Local\Temp\xsyvkxh3.dll C:\Users\Aleksandra\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_21688.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 21:22 ==================== End Of Log ============================