OTL logfile created on: 2013-08-31 15:59:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Filmy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,20% Memory free 2,37 Gb Paging File | 0,99 Gb Available in Paging File | 41,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 2,29 Gb Free Space | 3,08% Space Free | Partition Type: NTFS Drive D: | 14,64 Gb Total Space | 10,06 Gb Free Space | 68,76% Space Free | Partition Type: FAT32 Drive E: | 73,06 Gb Total Space | 0,34 Gb Free Space | 0,46% Space Free | Partition Type: NTFS Computer Name: PC-DAREK | User Name: Darek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-08-31 15:10:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Filmy\OTL.exe PRC - [2013-07-15 22:40:45 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe PRC - [2013-06-05 19:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Darek\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-02-26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe PRC - [2012-02-16 12:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe PRC - [2012-02-16 12:31:16 | 001,946,352 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe PRC - [2012-01-31 15:53:34 | 001,818,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe PRC - [2012-01-31 15:48:16 | 000,654,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe PRC - [2010-11-16 15:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe PRC - [2010-11-16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2009-05-14 18:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2009-04-10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-03-20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2008-11-06 02:57:38 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe PRC - [2007-09-14 09:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE PRC - [2007-07-24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007-02-15 17:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-02-13 09:30:24 | 000,405,504 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe PRC - [2007-02-12 23:44:26 | 004,411,392 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe PRC - [2007-02-02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007-01-17 14:46:32 | 000,534,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2006-12-20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2006-11-14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-07-28 09:04:42 | 000,499,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\b7c2ba2cf0c42a47cbe9e08a487225d0\TCrdMain.ni.exe MOD - [2013-07-28 08:40:30 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll MOD - [2013-07-28 08:39:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll MOD - [2013-07-28 08:38:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll MOD - [2013-07-28 08:38:18 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3171f8b42964ad9625e57c6713bbbe91\PresentationFramework.ni.dll MOD - [2013-07-28 08:36:43 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\fc33be0f44e0708167301ccaacedc159\PresentationCore.ni.dll MOD - [2013-07-28 08:35:57 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\2cea08523e7d42a72c7f7a9b79444ba4\WindowsBase.ni.dll MOD - [2013-07-28 08:35:49 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll MOD - [2013-07-28 08:35:35 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll MOD - [2013-03-13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Darek\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012-11-14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Darek\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2009-03-31 11:05:14 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2007-02-12 23:44:26 | 004,411,392 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe MOD - [2007-02-02 13:09:22 | 000,950,272 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\pl\TCrdMain.resources.dll MOD - [2006-12-01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006-11-09 19:27:06 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006-11-08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006-10-20 14:49:22 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006-10-10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006-10-07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2013-08-31 10:51:17 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-08-21 18:27:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-06-20 18:05:14 | 000,295,376 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-06-20 18:05:14 | 000,022,208 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-02-26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server) SRV - [2012-02-16 12:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc) SRV - [2010-11-16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010-03-18 07:11:06 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2009-10-20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\DfSdkS.exe -- (DfSdkS) SRV - [2009-05-14 18:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0) SRV - [2009-04-17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2008-11-06 02:57:38 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008-01-18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-11-16 13:01:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007-07-24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007-05-31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006-12-20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2006-11-14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [1998-06-06 01:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS4_RETWIFI.SYS -- (PCANDIS4_RETWIFI) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Darek\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013-06-18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013-05-09 10:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012-02-16 12:31:26 | 000,019,832 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DU Meter\DUMetr32.sys -- (DUMeterDrv) DRV - [2011-12-04 14:25:55 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010-11-04 17:51:36 | 000,085,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2010-10-09 14:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010-08-27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010-08-07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010-06-23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/24 18:01:28] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010-02-08 19:23:00 | 000,797,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SmiUsbGrabber3C.sys -- (SMIGrabber3C) DRV - [2009-10-20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-06-19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2008-11-17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008-07-30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008-02-04 12:21:45 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008-02-04 12:21:43 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2007-11-09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007-10-10 00:02:34 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror) DRV - [2007-09-26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007-07-25 16:39:00 | 007,604,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007-06-18 22:00:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) DRV - [2007-03-20 13:33:28 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2007-01-26 17:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007-01-24 15:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007-01-22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2007-01-18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007-01-18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2007-01-12 22:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007-01-12 22:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006-11-28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006-11-02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006-11-02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-10-23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006-10-18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006-10-10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006-07-28 17:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2005-11-04 11:06:52 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005-08-01 17:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005-06-23 09:26:54 | 000,022,528 | ---- | M] (Ark Pioneer Microelectronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb2vcom.sys -- (usb2vcom) DRV - [2005-03-30 12:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort) DRV - [2005-01-06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2000-06-29 18:24:14 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DLPORTIO.SYS -- (DLPortIO) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.0.0.39 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.0.0.39 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.0.0.39 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\..\SearchScopes,DefaultScope = {470F8550-DB59-4FBC-8167-367CEEAA5FB3} IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo.com/search?fr=megaup&p={searchTerms} IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\..\SearchScopes\{470F8550-DB59-4FBC-8167-367CEEAA5FB3}: "URL" = http://www.google.pl/search?hl=pl&q={searchTerms}&btnG=Szukaj+w+Google&lr= IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: fox%40replace.fx:0.15.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414 FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1\r\n*.local,*.local" FF - user.js - File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-08-31 10:51:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-08-31 10:51:07 | 000,000,000 | ---D | M] [2008-09-20 10:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darek\AppData\Roaming\mozilla\Extensions [2013-08-23 18:10:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darek\AppData\Roaming\mozilla\Firefox\Profiles\s6t6lneb.default\extensions [2013-06-05 17:46:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Darek\AppData\Roaming\mozilla\Firefox\Profiles\s6t6lneb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2008-05-11 08:26:54 | 000,000,000 | ---D | M] (Megaupload SX.3.2) -- C:\Users\Darek\AppData\Roaming\mozilla\Firefox\Profiles\s6t6lneb.default\extensions\pbreak.br@gmail.com [2013-08-23 18:10:34 | 000,230,048 | ---- | M] () (No name found) -- C:\Users\Darek\AppData\Roaming\mozilla\firefox\profiles\s6t6lneb.default\extensions\fox@replace.fx.xpi [2013-05-12 15:38:20 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Darek\AppData\Roaming\mozilla\firefox\profiles\s6t6lneb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-08-15 22:56:56 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Darek\AppData\Roaming\mozilla\firefox\profiles\s6t6lneb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-31 10:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-08-31 10:51:05 | 000,000,000 | ---D | M] (Blokowanie banerów) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-08-31 10:51:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-08-31 10:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013-08-31 10:51:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007-02-05 01:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll O1 HOSTS File: ([2013-08-31 11:34:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O3 - HKLM\..\Toolbar: (&Tłumaczenie) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland) O3 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\..\Toolbar\WebBrowser: (&Tłumaczenie) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - Startup: C:\Users\Darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Darek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-4043528228-873498518-3011279549-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm () O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} http://www.jasnagora.com/RtspVaPgDec.cab (RtspVaPgCtrl Class) O16 - DPF: {69731714-6886-4587-A9AA-D80C2763884D} http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab (Google Gadget Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://82.146.224.245:85/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D9FDD1F3-73E8-4D37-9149-43B7B576EB0A} http://79.189.149.50:5080/WebCamX.cab (WebCamX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12E2FD28-19B4-45B0-B162-323CE3F0067E}: DhcpNameServer = 217.116.100.65 79.163.127.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB8993C-7C78-4D41-BC47-09BCDE8D8303}: DhcpNameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{469CA668-61D5-40CC-8734-2E75F53AC2B0}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{469CA668-61D5-40CC-8734-2E75F53AC2B0}: NameServer = 192.168.0.1,208.67.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A76DD93C-6CEB-435C-A1D0-5023C5B5868C}: DhcpNameServer = 217.116.100.65 79.163.127.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBE6CE31-7113-4CBE-811D-E2D2E4091431}: DhcpNameServer = 217.116.100.65 79.163.127.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2BEDD07-FF2B-450F-8243-8EFC94826F39}: DhcpNameServer = 217.116.100.65 79.163.127.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0BA8704-9DD5-4DB0-AFAE-89B3ADEE276E}: DhcpNameServer = 193.41.112.14 193.41.112.18 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-08-31 16:05:49 | 000,000,000 | ---D | C] -- C:\FRST [2013-08-31 14:37:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support [2013-08-31 12:51:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013-08-31 12:49:32 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013-08-31 12:36:34 | 000,000,000 | ---D | C] -- C:\ComboFix [2013-08-31 10:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013-08-18 11:12:29 | 000,000,000 | ---D | C] -- C:\Users\Darek\AppData\Local\temp [2013-08-18 09:58:06 | 005,117,322 | R--- | C] (Swearware) -- C:\ComboFix.exe [2013-08-14 20:15:07 | 000,000,000 | ---D | C] -- C:\Users\Darek\AppData\Local\SmallBasic [2013-08-14 20:12:00 | 000,000,000 | ---D | C] -- C:\Users\Darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Basic [2013-08-14 20:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013-08-04 10:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2010-11-14 19:52:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Darek\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-08-31 16:06:04 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4043528228-873498518-3011279549-1002UA.job [2013-08-31 15:46:01 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-08-31 15:44:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-08-31 15:44:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013-08-31 15:44:00 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013-08-31 15:43:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-08-31 15:43:47 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys [2013-08-31 15:40:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013-08-31 15:35:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013-08-31 15:22:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-08-31 14:46:37 | 000,715,572 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-08-31 14:46:37 | 000,632,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-08-31 14:46:37 | 000,151,434 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-08-31 14:46:37 | 000,117,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-08-31 14:03:42 | 000,004,898 | ---- | M] () -- C:\Users\Darek\Desktop\fix.bat [2013-08-31 11:34:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013-08-31 11:03:58 | 005,117,322 | R--- | M] (Swearware) -- C:\ComboFix.exe [2013-08-31 10:35:31 | 000,002,579 | ---- | M] () -- C:\Users\Darek\Desktop\Microsoft Office Excel 2007.lnk [2013-08-30 23:06:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4043528228-873498518-3011279549-1002Core.job [2013-08-27 20:33:30 | 000,002,585 | ---- | M] () -- C:\Users\Darek\Desktop\Microsoft Office Word 2007.lnk [2013-08-21 18:27:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-08-21 18:27:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-08-18 10:12:08 | 000,146,181 | ---- | M] () -- C:\Users\Darek\AppData\Roaming\nvModes.001 [2013-08-04 10:56:29 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-08-31 14:03:42 | 000,004,898 | ---- | C] () -- C:\Users\Darek\Desktop\fix.bat [2013-08-31 13:35:59 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys [2013-08-04 10:56:29 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013-05-30 14:57:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013-05-30 14:57:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013-05-30 14:57:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013-05-30 14:57:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013-05-30 14:57:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-11-13 17:29:21 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012-09-07 16:15:38 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe [2012-09-07 16:15:38 | 000,103,876 | ---- | C] () -- C:\Windows\unins000.dat [2012-06-05 21:05:31 | 000,017,408 | ---- | C] () -- C:\Users\Darek\AppData\Local\WebpageIcons.db [2012-03-18 13:04:27 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012-03-18 12:37:33 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011-08-14 22:30:04 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojobkspa.ako [2011-08-13 16:49:22 | 000,000,000 | ---- | C] () -- C:\Users\Darek\AppData\Local\{09CF8D49-12C0-4AF2-848B-7D743AEFCD88} [2011-02-21 22:56:10 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010-11-14 19:52:55 | 000,007,887 | ---- | C] () -- C:\Users\Darek\AppData\Roaming\pcouffin.cat [2010-11-14 19:52:55 | 000,001,144 | ---- | C] () -- C:\Users\Darek\AppData\Roaming\pcouffin.inf [2010-10-05 20:38:24 | 000,000,112 | ---- | C] () -- C:\Users\Darek\softsynth.ini [2010-10-05 20:28:15 | 000,000,000 | ---- | C] () -- C:\Users\Darek\softsynth.pre [2010-01-31 00:08:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2009-04-27 20:51:51 | 000,075,177 | ---- | C] () -- C:\Users\Darek\Grzeca Dariusz.pdf [2008-05-23 22:08:33 | 000,007,484 | ---- | C] () -- C:\Users\Darek\AppData\Local\d3d9caps.dat [2008-02-27 17:05:45 | 000,000,975 | ---- | C] () -- C:\Users\Darek\Photovista_Panorama_3.0_InstallLog.xml [2008-02-27 17:05:44 | 000,000,016 | ---- | C] () -- C:\Users\Darek\persistent_state [2008-02-13 19:02:06 | 000,000,000 | ---- | C] () -- C:\Users\Darek\.gtk-bookmarks [2008-02-13 18:41:35 | 000,640,443 | ---- | C] () -- C:\Users\Darek\.fonts.cache-1 [2008-01-30 14:03:38 | 000,000,156 | ---- | C] () -- C:\Users\Darek\.dtxmanager.cfg [2008-01-16 18:54:59 | 000,029,239 | ---- | C] () -- C:\Users\Darek\AppData\Roaming\UserTile.png [2007-06-08 19:36:22 | 000,251,392 | ---- | C] () -- C:\Users\Darek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-06-06 18:38:02 | 000,146,181 | ---- | C] () -- C:\Users\Darek\AppData\Roaming\nvModes.001 [2007-06-06 18:38:00 | 000,146,181 | ---- | C] () -- C:\Users\Darek\AppData\Roaming\nvModes.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Dane aplikacji\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\L [2013-08-30 23:16:45 | 000,000,000 | -HSD | M] -- C:\Users\Darek\AppData\Local\Google\Desktop\Install\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{47b79dfc-3ccb-0b31-e9d8-570b2cb6d2f8}\U [2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011-03-13 15:18:54 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\.minecraft [2010-05-28 20:02:26 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\abgx360 [2007-07-01 12:54:21 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\ACD Systems [2010-08-28 14:42:37 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Autodesk [2008-01-09 20:27:37 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\AutoMapa [2009-03-01 15:17:15 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\AVI ReComp [2012-05-02 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\avidemux [2008-08-27 23:05:40 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Borland [2010-03-15 22:00:25 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\CadSoft [2008-02-04 12:08:15 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\DAEMON Tools [2011-12-04 14:38:51 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\DAEMON Tools Pro [2011-03-25 22:28:34 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Dev-Cpp [2013-08-31 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Dropbox [2011-03-03 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\DVDFab [2009-04-27 19:07:57 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-06-04 19:16:08 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\e-Kiosk Reader [2007-07-09 17:52:24 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\EightyOne [2008-03-14 12:34:12 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Expressivo [2010-12-02 00:37:05 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\FUJIFILM [2007-12-12 23:16:51 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Gadu-Gadu [2010-11-06 22:53:21 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Games [2010-11-06 12:58:05 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\GameTuts [2012-06-02 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\GetRight [2007-12-04 18:19:41 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\GHISLER [2011-08-30 20:47:00 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\gtk-2.0 [2013-04-27 23:38:33 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Guitar Pro 6 [2010-01-31 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\ImgBurn [2008-01-20 00:08:06 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\InterVideo [2008-12-31 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Kasper-Key_Sharing_Networ [2011-05-02 11:43:57 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Key Metric Software [2012-02-11 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\MCS Electronics [2008-05-12 07:49:14 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Megaupload [2011-08-14 22:30:12 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\MOVAVI [2007-10-22 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\NewspaperDirect [2009-04-29 19:06:22 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Nokia [2012-07-23 13:50:29 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Notepad++ [2010-07-28 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Offline Explorer [2009-04-29 18:49:35 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\PC Suite [2008-01-16 18:54:57 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\PeerNetworking [2011-06-05 16:22:23 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\PLAY ONLINE [2007-06-23 20:08:46 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\poleng [2008-11-29 11:42:58 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\ProtectDisc [2010-09-05 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Publish Providers [2010-12-02 22:10:47 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\RayV [2010-09-22 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\RR_DOWNLOADER [2010-09-05 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Sony [2007-07-13 18:20:56 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Spectaculator [2010-09-05 10:43:38 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Stellarium [2011-04-09 21:25:43 | 000,000,000 | -H-D | M] -- C:\Users\Darek\AppData\Roaming\Tdu [2013-03-02 19:52:39 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\TeamViewer [2012-06-17 12:28:19 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Thinstall [2009-10-16 21:08:10 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Toshiba [2011-02-27 11:23:24 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Ulead Systems [2013-04-30 22:41:28 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\uTorrent [2012-11-13 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Visan [2010-11-14 19:57:32 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Vso [2011-08-14 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\WinMPG [2010-04-02 23:14:01 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\Wireshark [2008-05-10 10:29:26 | 000,000,000 | ---D | M] -- C:\Users\Darek\AppData\Roaming\xBBrowser [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 291 bytes -> C:\ProgramData\TEMP:CD30FA91 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BFE23423 < End of report >