Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by SYSTEM on MINWINPC on 24-01-2015 14:21:05 Running from E:\ Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet003 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Właściciel\...\Policies\system: [LogonHoursAction] 2 HKU\Właściciel\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Właściciel\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION) S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION) S2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [80392 2008-07-18] () S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-20] (NVIDIA Corporation) S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-07] () S3 gdrv; C:\Windows\gdrv.sys [16608 2015-01-24] (Windows (R) 2000 DDK provider) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 16:21 - 2015-01-23 16:23 - 00000000 ____D () C:\AdwCleaner 2015-01-23 16:21 - 2015-01-23 16:21 - 02186752 _____ () C:\Users\Właściciel\Downloads\adwcleaner_4.108.exe 2015-01-23 16:08 - 2015-01-23 16:08 - 00061676 _____ () C:\Users\Właściciel\Downloads\OTL.Txt 2015-01-23 15:58 - 2015-01-23 15:58 - 00602112 _____ (OldTimer Tools) C:\Users\Właściciel\Downloads\OTL.exe 2015-01-23 15:58 - 2015-01-23 15:58 - 00108519 _____ () C:\Users\Właściciel\Downloads\Shortcut.txt 2015-01-23 15:55 - 2015-01-23 15:58 - 00061965 _____ () C:\Users\Właściciel\Downloads\Addition.txt 2015-01-23 15:54 - 2015-01-23 15:58 - 00028064 _____ () C:\Users\Właściciel\Downloads\FRST.txt 2015-01-23 15:53 - 2015-01-24 14:20 - 00000000 ____D () C:\FRST 2015-01-23 15:53 - 2015-01-23 15:53 - 01118208 _____ (Farbar) C:\Users\Właściciel\Downloads\FRST.exe 2015-01-23 12:27 - 2015-01-23 12:27 - 00240568 _____ (Microsoft Corporation) C:\Users\Właściciel\AppData\Roaming\bfsvc.exe 2015-01-23 05:01 - 2015-01-23 05:01 - 00000000 ____D () C:\Users\Właściciel\AppData\Roaming\WinMediaManager00 2015-01-23 04:53 - 2015-01-23 04:53 - 01558016 _____ () C:\Users\Właściciel\AppData\Roaming\40981.exe 2015-01-23 04:53 - 2015-01-23 04:53 - 01558016 _____ () C:\Users\Właściciel\AppData\Roaming\1819.exe 2015-01-22 12:46 - 2015-01-22 12:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-13 07:01 - 2015-01-20 04:03 - 00010113 _____ () C:\Users\Właściciel\Desktop\101 filmów.xlsx 2014-12-31 06:11 - 2014-12-31 06:11 - 00000000 ____D () C:\Users\Właściciel\Desktop\Ubezpieczenie ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 14:20 - 2006-11-02 03:18 - 00000000 ___HD () C:\Windows\System32\GroupPolicy 2015-01-24 04:33 - 2011-10-19 14:46 - 00000125 _____ () C:\service.log 2015-01-24 04:33 - 2007-12-10 03:30 - 00016608 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2015-01-23 16:46 - 2013-11-16 04:56 - 00399904 _____ () C:\Windows\PFRO.log 2015-01-23 16:25 - 2006-11-02 04:37 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-23 16:23 - 2006-11-02 04:47 - 00004432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-23 16:23 - 2006-11-02 04:47 - 00004432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-23 09:21 - 2013-08-28 18:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2015-01-23 09:21 - 2013-08-28 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2015-01-23 05:26 - 2013-08-25 10:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-23 05:08 - 2012-06-25 12:26 - 00000000 ____D () C:\Users\Właściciel\Desktop\CV 2015-01-23 01:34 - 2013-11-20 16:31 - 00325230 _____ () C:\Windows\WindowsUpdate.log 2015-01-23 01:19 - 2006-12-04 21:22 - 00727324 _____ () C:\Windows\System32\perfh015.dat 2015-01-23 01:19 - 2006-12-04 21:22 - 00157720 _____ () C:\Windows\System32\perfc015.dat 2015-01-23 01:19 - 2006-11-02 02:33 - 01652404 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-01-20 06:16 - 2014-09-26 09:24 - 00000000 ____D () C:\Users\Właściciel\Desktop\VI rok - rozpiski 2015-01-20 05:21 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\Właściciel\Desktop\Justyna-rys 2015-01-15 05:21 - 2014-04-05 11:55 - 00000000 ____D () C:\Users\Właściciel\Desktop\Książki 2015-01-15 05:21 - 2013-12-19 12:36 - 00000000 ___RD () C:\Users\Właściciel\Dropbox 2015-01-15 05:08 - 2013-12-19 12:31 - 00000000 ____D () C:\Users\Właściciel\AppData\Roaming\Dropbox 2015-01-14 14:03 - 2009-06-16 09:04 - 00243712 _____ () C:\Users\Właściciel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-14 13:28 - 2011-11-03 07:40 - 00000000 ____D () C:\Filmy 2015-01-13 06:08 - 2014-09-26 09:24 - 00000000 ____D () C:\Users\Właściciel\Desktop\VI rok - materiały 2015-01-07 02:22 - 2010-02-10 02:36 - 00000000 ____D () C:\Program Files\Opera 2015-01-02 14:42 - 2014-05-12 04:56 - 00000069 _____ () C:\Windows\NeroDigital.ini 2014-12-31 06:11 - 2014-12-24 15:27 - 00000000 ____D () C:\Users\Właściciel\Desktop\ZALANIE 2014-12-29 02:22 - 2012-06-18 03:33 - 00001614 _____ () C:\Users\Public\Desktop\Opera.lnk Some content of TEMP: ==================== C:\Users\Wlasciciel\AppData\Local\Temp\din32BD.exe C:\Users\Wlasciciel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptroznk.dll C:\Users\Wlasciciel\AppData\Local\Temp\ExPromo.exe C:\Users\Wlasciciel\AppData\Local\Temp\gg10.upgr.exe C:\Users\Wlasciciel\AppData\Local\Temp\ICReinstall_JPEG-to-PDF(22953)-dp.exe C:\Users\Wlasciciel\AppData\Local\Temp\Quarantine.exe C:\Users\Wlasciciel\AppData\Local\Temp\sqlite3.dll ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2045.88 MB Available physical RAM: 1647.9 MB Total Pagefile: 1863.95 MB Available Pagefile: 1723.8 MB Total Virtual: 2047.88 MB Available Virtual: 1977.56 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:186.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF Drive e: (USB DISK) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 9ED69BCA) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: DC3E4C29) Partition 1: (Active) - (Size=7.5 GB) - (Type=0C) LastRegBack: 2015-01-24 03:53 ==================== End Of Log ============================