Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014 Ran by Aleksandra (administrator) on ALEKSANDRA-PC on 25-01-2014 16:04:41 Running from C:\Users\Aleksandra\Documents\ZZZInne\blad Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\ProgramData\DatacardService\DCService.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe ( ) C:\Program Files (x86)\ChomikBox\chomikbox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Plus Internet\Plus Internet.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.bin (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation) HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-28] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4133072 2012-07-04] (ESET) HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] () HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Plus Internet] - C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [472384 2011-07-04] () HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-05-16] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-18] (Google Inc.) HKCU\...\Run: [ChomikBox] - C:\Program Files (x86)\ChomikBox\chomikbox.exe [5979648 2012-11-15] ( ) MountPoints2: E - E:\AutoRun.exe MountPoints2: F - F:\AutoRun.exe MountPoints2: {12c45de3-b2af-11e2-9cf6-74e50b92dd66} - E:\AutoRun.exe MountPoints2: {281ab774-aeb1-11e2-b1e1-e8e0b75de758} - E:\AutoRun.exe MountPoints2: {3b90375c-1ef5-11e2-8a1b-001e101f82a7} - G:\AutoRun.exe MountPoints2: {8025cf77-ae59-11e2-ab8b-001e101faa49} - E:\AutoRun.exe MountPoints2: {8025cf8c-ae59-11e2-ab8b-001e101faa49} - F:\AutoRun.exe MountPoints2: {885a7ac3-e3e0-11e1-8670-806e6f6e6963} - F:\AutoRun.exe MountPoints2: {885a7b1b-e3e0-11e1-8670-74e50b92dd66} - E:\AutoRun.exe MountPoints2: {b6c61dab-c5df-11e2-8764-74e50b92dd66} - E:\AutoRun.exe MountPoints2: {c7096927-60a1-11e2-b1c7-001e101f2c0e} - E:\AutoRun.exe MountPoints2: {e1073236-ea3a-11e2-a30d-e8e0b75de758} - E:\AutoRun.exe Startup: C:\Users\Aleksandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Aleksandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP SearchScopes: HKLM - {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP SearchScopes: HKCU - {DADA8261-F308-45D0-B44D-A7C56054184E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS492 SearchScopes: HKCU - {E612D254-F827-49FA-AB73-0DB6F527B0B5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{1B0D5D40-4DA8-4BBD-97EE-25CB0F3E096D}: [NameServer]212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{6E3D8D19-53B4-4D75-B4A6-931A0AD4A359}: [NameServer]89.108.202.20 89.108.195.20 Tcpip\..\Interfaces\{B50CC576-8F36-4F23-858A-DD6333E3F3E0}: [NameServer]89.108.202.20 89.108.195.20 FireFox: ======== FF ProfilePath: C:\Users\Aleksandra\AppData\Roaming\Mozilla\Firefox\Profiles\dn4zjpy2.default-1388927601029 FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013-03-18] Chrome: ======= CHR HomePage: hxxp://start.toshiba.com CHR RestoreOnStartup: "translate_blocked_languages": [ "en" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (RealDownloader) - C:\Users\Aleksandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-11] CHR Extension: (Google Wallet) - C:\Users\Aleksandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-25] (Adobe Systems) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [35720 2012-07-04] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [999704 2012-07-04] (ESET) S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2012-07-04] (ESET) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] () R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-09-11] (Symantec Corporation) R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-07-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [140752 2012-03-29] (ESET) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-07-04] (Huawei Technologies Co., Ltd.) S3 s816bus; C:\Windows\System32\DRIVERS\s816bus.sys [107048 2007-06-19] (MCCI Corporation) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [179920 2012-07-10] (ESET) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-25 15:54 - 2014-01-25 15:54 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{B4395058-BC14-4899-ADE3-3A10D5AB81FF} 2014-01-24 10:00 - 2014-01-24 10:00 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{5DB49C16-9B76-4AFF-A290-70C6F41942C2} 2014-01-23 21:59 - 2014-01-23 21:59 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{F00D4EBA-FEE7-4BF4-8D52-2613D8FD3BA4} 2014-01-23 19:08 - 2014-01-23 19:08 - 00448512 _____ (OldTimer Tools) C:\Users\Aleksandra\Downloads\TFC.exe 2014-01-23 19:02 - 2014-01-23 19:02 - 01236282 _____ C:\Users\Aleksandra\Downloads\AdwCleaner.exe 2014-01-23 18:54 - 2014-01-23 18:56 - 00000000 ____D C:\AdwCleaner 2014-01-23 18:41 - 2014-01-23 19:01 - 00003360 _____ C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3856318067-3115961113-3659972134-1000 2014-01-23 17:27 - 2014-01-25 16:04 - 00000000 ____D C:\FRST 2014-01-15 13:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 13:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 13:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 13:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-14 11:07 - 2014-01-14 11:07 - 01128916 _____ (www.hellopdf.com ) C:\Users\Aleksandra\Downloads\pdf2wordsetup.exe 2014-01-05 14:13 - 2014-01-05 14:13 - 00000000 ____D C:\Users\Aleksandra\Desktop\Stare dane programu Firefox 2014-01-01 21:44 - 2014-01-01 21:44 - 00006809 _____ C:\Users\Aleksandra\Downloads\Wniosek(2).xml 2014-01-01 21:33 - 2014-01-01 21:33 - 00009345 _____ C:\Users\Aleksandra\Downloads\Wniosek(1).xml 2014-01-01 21:17 - 2014-01-01 21:17 - 00009039 _____ C:\Users\Aleksandra\Downloads\Wniosek.xml ==================== One Month Modified Files and Folders ======= 2014-01-25 16:04 - 2014-01-23 17:27 - 00000000 ____D C:\FRST 2014-01-25 15:59 - 2009-07-14 05:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-25 15:59 - 2009-07-14 05:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-25 15:55 - 2012-01-18 06:03 - 01714562 _____ C:\windows\WindowsUpdate.log 2014-01-25 15:54 - 2014-01-25 15:54 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{B4395058-BC14-4899-ADE3-3A10D5AB81FF} 2014-01-25 15:51 - 2012-12-28 23:28 - 00000000 ____D C:\Users\Aleksandra\.gstreamer-0.10 2014-01-25 15:51 - 2012-08-13 00:33 - 00000000 ____D C:\Users\Aleksandra\AppData\Roaming\OpenOffice.org2 2014-01-25 15:51 - 2012-01-18 06:31 - 00001058 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-25 15:50 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2014-01-25 15:50 - 2009-07-14 05:51 - 00149263 _____ C:\windows\setupact.log 2014-01-24 13:23 - 2013-05-18 06:39 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2014-01-24 12:46 - 2012-01-18 06:31 - 00001062 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-24 10:00 - 2014-01-24 10:00 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{5DB49C16-9B76-4AFF-A290-70C6F41942C2} 2014-01-24 09:35 - 2012-12-28 23:28 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\ChomikBox 2014-01-23 21:59 - 2014-01-23 21:59 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\{F00D4EBA-FEE7-4BF4-8D52-2613D8FD3BA4} 2014-01-23 19:08 - 2014-01-23 19:08 - 00448512 _____ (OldTimer Tools) C:\Users\Aleksandra\Downloads\TFC.exe 2014-01-23 19:03 - 2009-07-14 06:13 - 00778834 _____ C:\windows\system32\PerfStringBackup.INI 2014-01-23 19:02 - 2014-01-23 19:02 - 01236282 _____ C:\Users\Aleksandra\Downloads\AdwCleaner.exe 2014-01-23 19:01 - 2014-01-23 18:41 - 00003360 _____ C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3856318067-3115961113-3659972134-1000 2014-01-23 19:01 - 2013-12-13 21:40 - 00003236 _____ C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3856318067-3115961113-3659972134-1000 2014-01-23 18:56 - 2014-01-23 18:54 - 00000000 ____D C:\AdwCleaner 2014-01-23 18:42 - 2012-07-15 02:30 - 00000000 ____D C:\Users\Aleksandra 2014-01-23 17:08 - 2012-12-14 14:02 - 00000000 ____D C:\Users\Aleksandra\Documents\ZZZInne 2014-01-22 09:39 - 2012-11-23 19:51 - 00003978 _____ C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan 2014-01-19 21:46 - 2012-10-25 19:00 - 00000000 ____D C:\Users\Aleksandra\Desktop\Krzysiek 2014-01-19 20:32 - 2012-08-22 18:48 - 00000000 ____D C:\Users\Aleksandra\AppData\Roaming\Skype 2014-01-15 15:10 - 2009-07-14 05:45 - 00287344 _____ C:\windows\system32\FNTCACHE.DAT 2014-01-15 15:06 - 2013-07-17 22:49 - 00000000 ____D C:\windows\system32\MRT 2014-01-15 15:04 - 2013-05-16 15:46 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-14 11:07 - 2014-01-14 11:07 - 01128916 _____ (www.hellopdf.com ) C:\Users\Aleksandra\Downloads\pdf2wordsetup.exe 2014-01-05 14:13 - 2014-01-05 14:13 - 00000000 ____D C:\Users\Aleksandra\Desktop\Stare dane programu Firefox 2014-01-05 14:11 - 2013-04-26 12:08 - 00000000 ____D C:\Users\Aleksandra\AppData\Roaming\Plus Internet 2014-01-01 21:44 - 2014-01-01 21:44 - 00006809 _____ C:\Users\Aleksandra\Downloads\Wniosek(2).xml 2014-01-01 21:33 - 2014-01-01 21:33 - 00009345 _____ C:\Users\Aleksandra\Downloads\Wniosek(1).xml 2014-01-01 21:17 - 2014-01-01 21:17 - 00009039 _____ C:\Users\Aleksandra\Downloads\Wniosek.xml 2013-12-30 19:29 - 2012-08-13 23:19 - 00000000 ____D C:\Users\Aleksandra\AppData\Local\CrashDumps ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 21:22 ==================== End Of Log ============================