Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013 01 Ran by joanna (administrator) on JOANNA-PC on 27-12-2013 17:17:03 Running from C:\Users\joanna\Downloads\Diagnostyka komputera Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [212992 2007-10-25] (Alps Electric Co., Ltd.) HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [1584640 2009-09-14] (Alcatel-Lucent) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-11-20] (AVAST Software) HKLM\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\91e2846a-6f99-4a09-b7f5-848dd6a6eac5.exe [180184 2013-11-23] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe" HKCU\...\Run: [EPSON Stylus DX8400 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_SC2A3.tmp" /EF "HKCU" HKCU\...\Run: [Epson Stylus SX420W(Network)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_SD85C.tmp" /EF "HKCU" MountPoints2: F - F:\LiteAuto.exe MountPoints2: G - G:\LiteAuto.exe MountPoints2: {a55f7945-399e-11e3-82e2-001b38b8b311} - H:\LaunchU3.exe -a MountPoints2: {ee3fe87a-932a-11de-928a-00038a000015} - G:\LiteAuto.exe MountPoints2: {f9b0c1c4-5ce2-11dd-9827-001b38b8b311} - G:\LiteAuto.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {2132B325-5100-4832-A0B8-85CEBED3BE6E} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2437508 SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch SearchScopes: HKCU - {2132B325-5100-4832-A0B8-85CEBED3BE6E} URL = SearchScopes: HKCU - {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=DBD190C001CC2879050888F7&install_time=2011-06-11T20:55:12Z&src_id=11404&camp_id=162&tb_version=2.5.18000.3 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2437508 SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80137&lng=en BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\joanna\AppData\Roaming\Mozilla\Firefox\Profiles\vd5ggmfj.default FF Homepage: hxxp://www.interia.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @ei.BringMeSports_1c.com/Plugin - C:\Program Files\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll (BringMeSports) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: Delicious Bookmarks - C:\Users\joanna\AppData\Roaming\Mozilla\Firefox\Profiles\vd5ggmfj.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}(9) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchKeyword: google.co.uk CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Skype Click to Call) - C:\Users\joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-11-20] (AVAST Software) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) S4 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-11-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-20] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-20] () S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-30] (Conexant Systems Inc.) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-27 17:16 - 2013-12-27 17:16 - 00000000 ____D C:\FRST 2013-12-27 16:42 - 2013-12-27 17:17 - 00000000 ____D C:\Users\joanna\Downloads\Diagnostyka komputera 2013-12-27 16:17 - 2013-12-27 16:17 - 00000000 ____D C:\Program Files\ESET 2013-12-27 15:54 - 2013-12-27 15:58 - 02347384 _____ (ESET) C:\Users\joanna\Downloads\esetsmartinstaller_enu.exe 2013-12-24 22:41 - 2007-09-07 17:33 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\EEBAPI.dll 2013-12-24 22:41 - 2007-03-28 18:26 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\EEBUtil.dll 2013-12-24 22:41 - 2006-12-19 18:31 - 00110592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\EEBDSCVR.dll 2013-12-24 22:41 - 2006-12-19 18:20 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\EBAPI.dll 2013-12-24 22:41 - 2003-12-17 01:01 - 00055808 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\EEBSDKIF.dll 2013-12-24 22:38 - 2013-12-24 22:41 - 00000000 ____D C:\Program Files\Common Files\EPSON 2013-12-24 22:38 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll 2013-12-24 22:38 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll 2013-12-24 22:38 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll 2013-12-24 22:38 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll 2013-12-24 22:38 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll 2013-12-24 22:38 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll 2013-12-24 22:37 - 2013-12-24 22:38 - 00000000 ____D C:\Program Files\EpsonNet 2013-12-24 22:35 - 2013-12-24 22:30 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL 2013-12-24 22:34 - 2013-12-24 22:30 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBGCE.DLL 2013-12-24 22:34 - 2013-12-24 22:30 - 00063488 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BGCE.DLL 2013-12-24 22:33 - 2013-12-24 22:36 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-12-24 22:32 - 2011-08-10 00:00 - 00341504 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll 2013-12-24 22:32 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe 2013-12-24 22:32 - 2009-10-16 00:00 - 00012800 _____ (Seiko Epson Corporation) C:\Windows\system32\escdev.dll 2013-12-13 22:21 - 2013-12-13 22:22 - 00000000 ____D C:\5384f95d91dd2338e58cdfc5 2013-12-13 22:12 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-13 22:12 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-13 22:12 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-13 22:12 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-13 22:12 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-13 22:12 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-12-13 22:12 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-13 22:12 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-13 22:12 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-13 22:12 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-13 22:12 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-13 22:11 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-13 22:11 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-13 22:11 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-13 22:11 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-13 22:10 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 23:46 - 2013-12-12 23:46 - 00000000 ____D C:\Users\joanna\AppData\Local\Seven Zip 2013-12-12 23:11 - 2013-12-12 23:11 - 00000000 ____D C:\Users\joanna\AppData\Roaming\ArcSoft 2013-12-12 21:03 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2013-12-12 21:03 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 21:03 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-12 21:03 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 21:03 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 21:03 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 21:03 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 21:03 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2013-12-12 21:03 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 21:03 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-09 21:50 - 2013-12-09 21:50 - 00000000 __SHD C:\found.000 ==================== One Month Modified Files and Folders ======= 2013-12-27 17:17 - 2013-12-27 16:42 - 00000000 ____D C:\Users\joanna\Downloads\Diagnostyka komputera 2013-12-27 17:16 - 2013-12-27 17:16 - 00000000 ____D C:\FRST 2013-12-27 17:01 - 2007-11-30 02:53 - 01562411 _____ C:\Windows\WindowsUpdate.log 2013-12-27 16:52 - 2012-10-24 21:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-27 16:38 - 2010-01-26 21:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-27 16:17 - 2013-12-27 16:17 - 00000000 ____D C:\Program Files\ESET 2013-12-27 15:58 - 2013-12-27 15:54 - 02347384 _____ (ESET) C:\Users\joanna\Downloads\esetsmartinstaller_enu.exe 2013-12-27 15:51 - 2012-09-15 20:45 - 00000000 ____D C:\Users\joanna\AppData\Roaming\Skype 2013-12-27 15:34 - 2010-01-26 21:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-27 15:31 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-27 15:31 - 2006-11-02 12:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-27 15:31 - 2006-11-02 12:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-27 15:30 - 2006-11-02 13:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-24 22:47 - 2013-02-07 22:41 - 00024624 _____ C:\Windows\PFRO.log 2013-12-24 22:41 - 2013-12-24 22:38 - 00000000 ____D C:\Program Files\Common Files\EPSON 2013-12-24 22:41 - 2008-03-11 21:39 - 00000000 ____D C:\ProgramData\EPSON 2013-12-24 22:38 - 2013-12-24 22:37 - 00000000 ____D C:\Program Files\EpsonNet 2013-12-24 22:38 - 2007-11-01 10:58 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-12-24 22:36 - 2013-12-24 22:33 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-12-24 22:36 - 2007-12-26 15:08 - 00000000 ____D C:\Users\joanna 2013-12-24 22:32 - 2008-03-11 21:34 - 00000765 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-12-24 22:30 - 2013-12-24 22:35 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL 2013-12-24 22:30 - 2013-12-24 22:34 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBGCE.DLL 2013-12-24 22:30 - 2013-12-24 22:34 - 00063488 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BGCE.DLL 2013-12-18 11:23 - 2007-12-27 22:40 - 00000000 ____D C:\Users\joanna\AppData\Roaming\OpenOffice.org2 2013-12-14 22:35 - 2006-11-02 12:47 - 00311752 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 22:27 - 2013-08-02 21:39 - 00000000 ____D C:\Windows\system32\MRT 2013-12-13 22:26 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-12-13 22:22 - 2013-12-13 22:21 - 00000000 ____D C:\5384f95d91dd2338e58cdfc5 2013-12-13 00:19 - 2012-09-15 20:44 - 00000000 ___RD C:\Program Files\Skype 2013-12-13 00:19 - 2012-09-15 20:44 - 00000000 ____D C:\ProgramData\Skype 2013-12-13 00:19 - 2007-12-26 15:18 - 00073576 _____ C:\Users\joanna\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-13 00:06 - 2007-11-01 12:33 - 00000000 ____D C:\Program Files\Microsoft Works 2013-12-13 00:06 - 2006-11-02 11:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-12-12 23:56 - 2008-08-09 12:11 - 00000000 ____D C:\Program Files\WINnerTweak3 2013-12-12 23:46 - 2013-12-12 23:46 - 00000000 ____D C:\Users\joanna\AppData\Local\Seven Zip 2013-12-12 23:25 - 2012-12-28 22:18 - 00000000 ____D C:\Program Files\QuickTime 2013-12-12 23:22 - 2007-11-01 13:36 - 00000000 ____D C:\Program Files\Java 2013-12-12 23:22 - 2007-11-01 13:36 - 00000000 ____D C:\Program Files\Common Files\Java 2013-12-12 23:19 - 2007-11-01 11:17 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2013-12-12 23:13 - 2007-11-01 11:59 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared 2013-12-12 23:11 - 2013-12-12 23:11 - 00000000 ____D C:\Users\joanna\AppData\Roaming\ArcSoft 2013-12-12 18:49 - 2007-12-26 16:16 - 00000000 ____D C:\Users\joanna\AppData\Local\Google 2013-12-12 18:49 - 2007-11-01 13:00 - 00000000 ____D C:\ProgramData\Google 2013-12-12 18:49 - 2007-11-01 13:00 - 00000000 ____D C:\Program Files\Google 2013-12-11 21:52 - 2012-10-24 21:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-11 21:52 - 2011-08-12 21:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-11 21:23 - 2009-09-19 20:25 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT 2013-12-09 21:50 - 2013-12-09 21:50 - 00000000 __SHD C:\found.000 2013-12-04 17:30 - 2006-11-02 10:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-04 16:31 - 2013-10-24 08:04 - 00003194 _____ C:\Windows\setupact.log Files to move or delete: ==================== C:\ProgramData\PKP_DLdu.DAT Some content of TEMP: ==================== C:\Users\joanna\AppData\Local\Temp\iv_uninstall.exe C:\Users\joanna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\joanna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\joanna\AppData\Local\Temp\SkypeSetup.exe C:\Users\joanna\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-27 16:17 ==================== End Of Log ============================