OTL logfile created on: 1/12/2014 2:31:28 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rybak\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.98 Gb Total Physical Memory | 13.00 Gb Available Physical Memory | 81.36% Memory free 31.95 Gb Paging File | 28.64 Gb Available in Paging File | 89.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.69 Gb Total Space | 38.15 Gb Free Space | 34.16% Space Free | Partition Type: NTFS Drive D: | 698.54 Gb Total Space | 247.35 Gb Free Space | 35.41% Space Free | Partition Type: NTFS Computer Name: RYBAK-PC | User Name: Rybak | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/01/12 07:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rybak\Desktop\OTL.exe PRC - [2013/12/18 01:29:40 | 000,992,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe PRC - [2013/12/17 04:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2013/12/14 22:54:07 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe PRC - [2013/12/12 13:20:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/12/09 20:16:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013/11/07 06:27:02 | 000,027,904 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe PRC - [2013/10/16 16:08:23 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe PRC - [2013/10/16 02:45:50 | 018,078,632 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe PRC - [2013/10/10 14:25:58 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2013/08/27 09:37:52 | 000,026,744 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe PRC - [2013/08/07 13:25:24 | 008,301,568 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/24 19:26:54 | 000,040,960 | ---- | M] () -- C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe PRC - [2012/02/06 18:32:34 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2012/02/06 18:32:30 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2012/02/02 15:33:32 | 002,321,072 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2012/01/30 13:32:16 | 001,120,936 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2011/12/23 16:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011/12/22 19:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2011/11/21 14:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2011/10/24 17:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2011/10/03 10:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2011/03/16 17:31:54 | 000,909,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/12/14 22:54:07 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll MOD - [2013/12/12 13:20:10 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/11/29 18:56:49 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\58599be6aedb2bcc25a266fc1efcc03c\WindowsFormsIntegration.ni.dll MOD - [2013/11/29 18:56:03 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll MOD - [2013/11/29 18:55:26 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll MOD - [2013/11/29 18:55:24 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll MOD - [2013/11/29 18:11:36 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll MOD - [2013/11/29 18:11:25 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll MOD - [2013/11/29 18:11:19 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll MOD - [2013/11/29 18:11:17 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll MOD - [2013/11/29 18:11:10 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll MOD - [2013/11/29 18:11:10 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll MOD - [2013/11/29 18:11:10 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll MOD - [2013/11/29 18:11:05 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll MOD - [2013/11/29 18:11:04 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll MOD - [2013/11/29 18:10:58 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll MOD - [2013/11/07 06:34:08 | 002,490,880 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd MOD - [2013/11/07 06:27:18 | 000,120,832 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd MOD - [2013/11/07 06:27:02 | 000,027,904 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe MOD - [2013/10/18 12:36:48 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll MOD - [2013/10/18 12:36:40 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll MOD - [2013/10/18 12:36:31 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll MOD - [2013/10/18 12:36:23 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll MOD - [2013/10/18 12:35:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll MOD - [2013/10/18 12:35:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll MOD - [2013/10/18 12:35:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll MOD - [2013/10/18 12:35:07 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll MOD - [2013/10/18 12:35:04 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll MOD - [2013/10/18 12:35:03 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013/10/18 12:34:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013/10/17 11:25:48 | 008,866,472 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll MOD - [2013/08/27 09:37:52 | 000,026,744 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe MOD - [2013/06/17 11:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll MOD - [2013/03/29 03:57:10 | 000,018,944 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd MOD - [2013/01/29 10:20:40 | 000,082,944 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd MOD - [2013/01/29 10:20:40 | 000,066,048 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd MOD - [2012/07/24 19:26:54 | 000,040,960 | ---- | M] () -- C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe MOD - [2012/07/24 19:26:54 | 000,034,304 | ---- | M] () -- C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll MOD - [2012/02/07 10:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll MOD - [2012/02/07 10:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll MOD - [2012/02/07 10:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32api.pyd MOD - [2012/02/07 10:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32api.pyd MOD - [2012/02/07 10:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd MOD - [2012/02/07 10:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd MOD - [2012/02/07 10:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32file.pyd MOD - [2012/02/07 10:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32file.pyd MOD - [2012/02/07 10:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll MOD - [2012/02/07 10:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll MOD - [2012/02/06 18:32:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2012/01/31 08:25:12 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll MOD - [2011/07/15 13:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd MOD - [2011/07/15 13:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd MOD - [2011/07/15 13:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd MOD - [2011/07/15 13:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd MOD - [2011/07/15 13:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd MOD - [2011/07/15 13:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd MOD - [2011/07/15 13:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd MOD - [2011/07/15 13:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd MOD - [2011/07/15 13:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd MOD - [2011/07/15 13:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd MOD - [2011/07/15 13:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll MOD - [2011/07/15 13:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll MOD - [2011/07/15 13:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll MOD - [2011/07/15 13:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll MOD - [2011/07/15 13:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll MOD - [2011/07/15 13:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll MOD - [2011/07/15 13:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll MOD - [2011/07/15 13:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll MOD - [2011/07/15 13:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll MOD - [2011/07/15 13:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll MOD - [2011/06/12 07:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd MOD - [2011/06/12 07:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd MOD - [2011/06/12 07:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_socket.pyd MOD - [2011/06/12 07:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_socket.pyd MOD - [2011/06/12 07:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd MOD - [2011/06/12 07:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd MOD - [2011/06/12 07:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd MOD - [2011/06/12 07:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd MOD - [2011/06/12 07:06:22 | 000,106,496 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd MOD - [2011/06/12 07:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\select.pyd MOD - [2011/06/12 07:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\select.pyd MOD - [2011/06/12 07:06:20 | 000,688,128 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd MOD - [2011/02/13 09:02:12 | 000,031,232 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd MOD - [2011/01/18 15:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd MOD - [2011/01/18 15:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd MOD - [2010/10/10 16:23:52 | 000,723,968 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\apsw.pyd MOD - [2010/01/02 08:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014/01/08 17:01:28 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2013/12/10 06:46:52 | 004,308,024 | ---- | M] (SoftEther Project at University of Tsukuba, Japan.) [Auto | Running] -- C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe -- (SEVPNCLIENT) SRV:[b]64bit:[/b] - [2013/10/10 14:12:18 | 007,627,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV:[b]64bit:[/b] - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2010/04/16 15:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2013/12/29 16:05:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/17 04:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2013/12/16 17:39:48 | 001,656,616 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\O&O Defrag\oodag.exe -- (OODefragAgent) SRV - [2013/12/12 13:20:10 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/09 20:16:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc) SRV - [2013/10/19 10:51:17 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013/10/16 16:08:23 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP) SRV - [2013/10/16 15:48:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013/10/16 15:48:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/01/10 15:15:46 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/11/19 16:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/11/21 14:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/12/27 02:49:16 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32) DRV:[b]64bit:[/b] - [2013/12/18 01:30:34 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:[b]64bit:[/b] - [2013/12/18 01:30:33 | 000,620,640 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2013/12/10 06:47:26 | 000,038,240 | ---- | M] (SoftEther Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\see.sys -- (SEE) DRV:[b]64bit:[/b] - [2013/12/05 11:09:44 | 000,028,768 | ---- | M] (SoftEther Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo_0117.sys -- (Neo_VPN) DRV:[b]64bit:[/b] - [2013/11/06 08:37:55 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:[b]64bit:[/b] - [2013/10/23 20:30:18 | 000,016,640 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootDefragDriver.sys -- (BootDefragDriver) DRV:[b]64bit:[/b] - [2013/10/16 16:17:28 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2013/10/16 16:17:28 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2013/10/16 16:17:28 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:[b]64bit:[/b] - [2013/06/18 02:22:36 | 000,872,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2013/06/08 19:18:38 | 000,112,224 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:[b]64bit:[/b] - [2013/05/14 16:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:[b]64bit:[/b] - [2013/04/12 14:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2013/02/24 23:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2012/12/13 09:41:10 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1) DRV:[b]64bit:[/b] - [2012/12/09 03:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2012/11/08 00:52:06 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:[b]64bit:[/b] - [2012/11/08 00:42:06 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:[b]64bit:[/b] - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/01/30 13:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:[b]64bit:[/b] - [2011/10/07 09:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2011/06/19 14:03:08 | 000,053,760 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_win764.sys -- (fspad_win764) DRV:[b]64bit:[/b] - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/01/24 04:31:10 | 000,283,136 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010/08/03 17:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2010/04/16 15:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2010/01/26 20:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:[b]64bit:[/b] - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:[b]64bit:[/b] - [2009/11/18 06:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:[b]64bit:[/b] - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2007/03/06 01:10:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV - [2012/01/30 13:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger) DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MSN_WCP IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 02 19 69 9E CA CE 01 [binary data] IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\..\SearchScopes,DefaultScope = {03767D78-CF21-41A5-BA55-E41A3D69C659} IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\..\SearchScopes\{03767D78-CF21-41A5-BA55-E41A3D69C659}: "URL" = https://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 02 19 69 9E CA CE 01 [binary data] IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1 FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.8 FF - prefs.js..extensions.enabledAddons: cryenginebrowserplugin%40crytek.com:0.39.0 FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:0.9.5 FF - prefs.js..extensions.enabledAddons: myipms2%40myip.ms:1.591 FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20 FF - prefs.js..extensions.enabledAddons: uploader%40adblockfilters.mozdev.org:2.1 FF - prefs.js..extensions.enabledAddons: webmaster%40keep-tube.com:1.2 FF - prefs.js..extensions.enabledAddons: %7B2bfc8624-5b8a-4060-b86a-e78ccbc38509%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0 FF - prefs.js..extensions.enabledAddons: magicplayer%40torrentstream.org:1.1.33 FF - prefs.js..extensions.enabledAddons: ImagePicker%40topolog.org:1.8.1 FF - prefs.js..extensions.enabledAddons: amptra%40keepa.com:1.11 FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1 FF - prefs.js..extensions.enabledAddons: bettergmail2%40ginatrapani.org:1.2 FF - prefs.js..extensions.enabledAddons: hdv%40vovcacik.addons.mozilla.org:1.0.2 FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.10.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "semixl019b.xirvik.com" FF - prefs.js..network.proxy.ftp_port: 7128 FF - prefs.js..network.proxy.http: "semixl019b.xirvik.com" FF - prefs.js..network.proxy.http_port: 7128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "semixl019b.xirvik.com" FF - prefs.js..network.proxy.socks_port: 7128 FF - prefs.js..network.proxy.ssl: "semixl019b.xirvik.com" FF - prefs.js..network.proxy.ssl_port: 7128 FF - prefs.js..network.proxy.type: 0 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: File not found FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.10.2: C:\Users\Rybak\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rybak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013/12/18 01:30:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013/12/18 01:30:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013/12/18 01:30:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013/12/18 01:30:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013/12/18 01:30:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2013/11/10 13:13:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2013/11/10 13:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 13:20:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\Rybak\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2013/12/02 17:21:07 | 000,000,000 | ---D | M] [2013/11/10 13:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions [2013/11/10 13:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2014/01/10 10:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions [2013/10/18 17:53:08 | 000,000,000 | ---D | M] ("BetterSearch") -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509} [2013/11/14 02:35:54 | 000,000,000 | ---D | M] (GFACE Experience Plugin) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\cryenginebrowserplugin@crytek.com [2013/12/14 01:28:25 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\ImagePicker@topolog.org [2013/12/12 01:30:01 | 000,000,000 | ---D | M] (Whois & Flags Firefox & Websites Popularity Rating) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\myipms2@myip.ms [2013/10/21 10:18:45 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\ru@dictionaries.addons.mozilla.org [2013/10/16 15:13:54 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\support@lastpass.com [2014/01/09 15:53:24 | 000,949,970 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\2.0@disconnect.me.xpi [2013/10/17 22:59:41 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\adblockpopups@jessehakanen.net.xpi [2013/12/15 13:10:57 | 000,018,447 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\amptra@keepa.com.xpi [2013/10/18 17:53:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\amznUWL2@amazon.com.xpi [2013/12/12 01:30:01 | 000,343,554 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\artur.dubovoy@gmail.com.xpi [2013/12/29 21:20:01 | 000,276,952 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\bettergmail2@ginatrapani.org.xpi [2013/10/17 22:59:33 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\customization@adblockplus.org.xpi [2013/10/17 22:59:28 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\elemhidehelper@adblockplus.org.xpi [2013/12/24 21:15:42 | 000,022,560 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\gmailnoads@mywebber.com.xpi [2014/01/08 16:47:43 | 000,004,377 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\hdv@vovcacik.addons.mozilla.org.xpi [2013/10/17 22:51:17 | 000,182,257 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013/12/10 01:24:48 | 000,113,140 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\LDSI_plashcor@gmail.com.xpi [2013/12/05 19:57:50 | 000,161,137 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\no-clickjacking@daohoangson.com.xpi [2013/12/18 18:39:01 | 000,130,099 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\searchy@searchy.xpi [2013/10/17 22:59:41 | 000,075,438 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\uploader@adblockfilters.mozdev.org.xpi [2013/10/18 14:49:59 | 000,031,748 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\webmaster@keep-tube.com.xpi [2013/10/16 15:13:54 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2013/11/28 07:44:50 | 000,008,893 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}.xpi [2013/12/29 21:19:31 | 000,242,709 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2014/01/02 11:00:12 | 000,018,899 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013/10/17 22:59:12 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/01/03 12:17:11 | 000,555,162 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013/10/18 15:15:05 | 000,002,383 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\searchplugins\deviantart.xml [2013/10/18 15:15:10 | 000,001,899 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\searchplugins\flickr-tags.xml [2013/12/12 13:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/12/12 13:20:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/12/02 17:21:07 | 000,000,000 | ---D | M] (TS Magic Player) -- C:\USERS\RYBAK\APPDATA\ROAMING\ACESTREAM\EXTENSIONS\FIREFOX\MAGICPLAYER@TORRENTSTREAM.ORG [2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - Extension: Google Docs = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.0.5_0\ CHR - Extension: Sothink Flash Downloader for Chrome = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi\1.0.24_0\ CHR - Extension: YouTube = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: eBay Web App = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.4_0\ CHR - Extension: Facebook = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\ CHR - Extension: Omnibox Site Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cckcidchbmodjccllbmegoignhmidncg\1.0_0\ CHR - Extension: Adblock Plus = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\ CHR - Extension: Google Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: HTML Revealer and Password Revealer = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn\2.0_0\ CHR - Extension: The QR Code Generator = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.5_0\ CHR - Extension: AdBlock = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: LastPass = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0\ CHR - Extension: Google Voice (by Google) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0\ CHR - Extension: Media file downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab\2.0_0\ CHR - Extension: Webcam Toy = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\ CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\ CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\modules\clickberry\_ CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\ CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_ CHR - Extension: Awesome New Tab Page\u2122 = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2014.21.21_0\ CHR - Extension: LastPass Vault = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\ CHR - Extension: MuteTab = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc\2.0.5_0\ CHR - Extension: Google Wallet = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: OverTask = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiijfgmbaopeehamdhiiepidbpfkcda\0.0.14_0\ CHR - Extension: better Browser - for Chrome = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh\3.4_0\ CHR - Extension: Gmail = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014/01/12 14:11:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [fspuip] C:\Program Files\FSP\FspUip.exe (Sentelic Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [OODefragTray] D:\O&O Defrag\oodtray.exe (O&O Software GmbH) O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [SoftEther VPN Client UI Helper] C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther Project at University of Tsukuba, Japan.) O4:[b]64bit:[/b] - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [AceStream] C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe () O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity) O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe () O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [TouchFreeze] C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe () O4 - HKU\S-1-5-21-494354007-691658305-523761783-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-494354007-691658305-523761783-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:[b]64bit:[/b] - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-494354007-691658305-523761783-1000\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A62D84-5369-47FE-91A4-70B26301F3FA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85152643-06AE-4E27-B0DC-622EC7F2DFEB}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/01/12 14:14:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/01/12 14:11:58 | 000,000,000 | ---D | C] -- C:\_OTL [2014/01/12 12:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield [2014/01/12 12:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield [2014/01/12 12:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield [2014/01/12 07:09:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rybak\Desktop\OTL.exe [2014/01/12 06:56:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\backups [2014/01/12 06:53:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rybak\Desktop\HijackThis.exe [2014/01/11 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\WM [2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Yandex [2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Yandex [2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yandex [2014/01/11 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\MouseMonitor [2014/01/11 08:05:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Kyiv FD [2014/01/11 02:00:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\destroyed AFV_30 [2014/01/10 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\userbars [2014/01/10 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\BfToe [2014/01/10 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\OpenDNS Updater [2014/01/10 11:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater [2014/01/09 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\jagex_cache [2014/01/08 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Dramatic Photos [2014/01/08 18:38:26 | 000,000,000 | -H-D | C] -- C:\Users\Rybak\Desktop\.picasaoriginals [2014/01/08 17:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LHService [2014/01/08 17:03:00 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2014/01/08 17:01:31 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/01/08 17:01:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2014/01/08 17:01:28 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/01/08 17:01:28 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/01/08 17:01:28 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/01/08 17:01:28 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014/01/08 17:01:28 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/01/08 17:01:28 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2014/01/08 17:01:28 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/01/08 17:01:28 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2014/01/08 17:01:28 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/01/08 17:01:28 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/01/08 17:01:28 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2014/01/08 17:01:28 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/01/08 17:01:28 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2014/01/08 17:01:28 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2014/01/08 17:01:28 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2014/01/08 17:01:28 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/01/08 17:01:28 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/01/08 17:01:28 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014/01/08 17:01:28 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/01/08 17:01:28 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/01/08 17:01:28 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2014/01/08 17:01:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2014/01/08 17:01:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/01/08 17:01:28 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2014/01/08 17:01:28 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2014/01/08 17:01:28 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2014/01/08 17:01:28 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2014/01/08 17:01:28 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/01/08 17:01:28 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/01/08 17:01:28 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2014/01/08 17:01:28 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/01/08 17:01:28 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2014/01/08 17:01:28 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2014/01/08 17:01:28 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2014/01/08 17:01:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2014/01/08 17:01:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/01/08 17:01:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2014/01/08 17:01:28 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2014/01/08 17:01:28 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2014/01/08 17:01:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2014/01/08 17:01:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/01/08 17:01:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/01/08 17:01:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2014/01/08 17:01:28 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2014/01/08 17:01:28 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2014/01/08 17:01:28 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2014/01/08 17:01:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2014/01/08 17:01:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2014/01/08 17:01:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/01/08 17:01:28 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014/01/08 17:01:28 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2014/01/08 17:01:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2014/01/08 17:01:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2014/01/08 17:01:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2014/01/08 17:01:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2014/01/08 17:01:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/01/08 17:01:28 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2014/01/08 17:01:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/01/08 17:01:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2014/01/08 17:01:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2014/01/08 17:01:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014/01/08 17:01:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/01/08 17:01:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2014/01/08 17:01:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/01/08 17:01:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2014/01/08 17:01:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2014/01/08 17:01:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/01/08 17:01:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2014/01/08 17:01:28 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014/01/08 17:01:28 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014/01/08 17:01:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/01/08 17:01:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/01/08 17:01:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2014/01/08 17:01:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2014/01/08 17:01:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2014/01/08 17:01:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2014/01/08 17:01:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2014/01/08 17:01:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/01/08 11:38:28 | 000,000,000 | ---D | C] -- C:\Users\Rybak\.instagiffer [2014/01/08 11:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer [2014/01/08 11:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Instagiffer [2014/01/07 21:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2014/01/07 19:37:37 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup [2014/01/06 22:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LockHunter [2014/01/06 22:19:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\LockHunter [2014/01/06 22:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter [2014/01/06 22:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter [2014/01/06 13:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2013/12/29 21:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/12/29 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Yahoo! [2013/12/29 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger [2013/12/29 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2013/12/29 16:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! [2013/12/29 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\volgograd [2013/12/28 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Russians in Bosnia [2013/12/27 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\TEXT [2013/12/27 03:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\ebooks [2013/12/27 02:32:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\TuneUp Software [2013/12/27 02:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013/12/27 02:31:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} [2013/12/27 02:31:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/12/26 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Chechnya [2013/12/26 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Chechen aviation [2013/12/26 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\smilies [2013/12/26 04:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Arcode [2013/12/26 04:45:58 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Inky [2013/12/25 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Reditr [2013/12/25 21:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reditr [2013/12/25 21:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\reditr [2013/12/25 21:43:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2013/12/25 21:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2013/12/25 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\O&O [2013/12/25 21:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software [2013/12/25 15:49:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{492EBBD4-E9BF-4990-93B7-BA313CF7EB4B} [2013/12/24 01:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus [2013/12/24 01:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus [2013/12/24 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Xirrus [2013/12/22 19:49:31 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\eM Client [2013/12/22 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eM Client [2013/12/22 19:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KRyLack Software [2013/12/22 19:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asterisk Password Decryptor [2013/12/22 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Asterisk Password Decryptor [2013/12/22 19:19:05 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\eM Client [2013/12/22 00:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video to GIF Converter [2013/12/22 00:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video to GIF Converter [2013/12/21 19:47:09 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Configure [2013/12/21 19:47:06 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Maker3D [2013/12/21 19:36:16 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Apps [2013/12/21 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\webcam 7 [2013/12/21 19:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bcgsoft [2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Collage Maker Pro [2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\PearlMountain [2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PearlMountain [2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PearlMountain [2013/12/21 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picture Collage Maker Pro [2013/12/21 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013/12/21 12:04:47 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled [2013/12/20 19:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft [2013/12/20 18:39:32 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\mbar [2013/12/19 16:07:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Chamber [2013/12/19 16:07:25 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\AMS Software [2013/12/18 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled [2013/12/18 09:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled [2013/12/18 09:07:50 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe [2013/12/18 09:07:50 | 000,016,640 | ---- | C] () -- C:\Windows\SysNative\drivers\BootDefragDriver.sys [2013/12/18 09:07:49 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\GlarySoft [2013/12/18 09:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3 [2013/12/18 09:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3 [2013/12/18 02:36:08 | 000,027,456 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2013/12/18 02:19:41 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Apple Computer [2013/12/18 02:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData [2013/12/18 02:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013/12/18 02:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013/12/18 02:16:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\IObit [2013/12/17 02:07:52 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\CommView for WiFi [2013/12/17 00:47:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Christmas [2013/12/16 18:01:04 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Eurovision [2013/12/16 17:39:58 | 002,843,432 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr [2013/12/16 17:39:40 | 000,240,936 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe [2013/12/16 17:39:24 | 000,543,528 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll [2013/12/16 17:39:18 | 000,010,536 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll [2013/12/16 14:35:43 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\ARMY [2013/12/16 02:36:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013/12/15 15:17:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/12/15 15:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/12/15 15:16:58 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/12/15 15:16:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/12/15 15:16:56 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/12/15 15:16:56 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/12/15 15:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013/12/15 15:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/12/15 15:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013/12/15 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013/12/15 03:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceTec [2013/12/14 22:53:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013/12/13 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Durbetsel 6.3 [2013/12/13 15:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/01/12 14:19:04 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/01/12 14:19:04 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/01/12 14:19:04 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/01/12 14:18:23 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/12 14:18:23 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/12 14:17:52 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/01/12 14:13:57 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2014/01/12 14:13:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/12 14:12:59 | 000,000,380 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys [2014/01/12 14:12:55 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for Rybak-PC@Rybak(logon).job [2014/01/12 14:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/12 14:11:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2014/01/12 14:09:32 | 000,005,760 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\msconfig.ini [2014/01/12 14:06:47 | 000,008,446 | ---- | M] () -- C:\Users\Rybak\Desktop\ukraine_proudtobe.png [2014/01/12 13:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/12 13:49:34 | 000,050,480 | ---- | M] () -- C:\Users\Rybak\Desktop\av.jpg [2014/01/12 12:14:09 | 000,014,697 | ---- | M] () -- C:\Users\Rybak\Desktop\[rutracker.org].t4265797.torrent [2014/01/12 12:03:03 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk [2014/01/12 11:54:30 | 000,057,286 | ---- | M] () -- C:\Users\Rybak\Desktop\Su-152.jpg [2014/01/12 07:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rybak\Desktop\OTL.exe [2014/01/12 06:53:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rybak\Desktop\HijackThis.exe [2014/01/12 06:24:21 | 000,147,570 | ---- | M] () -- C:\Users\Rybak\Desktop\ped.jpg [2014/01/11 19:03:40 | 000,001,007 | ---- | M] () -- C:\Users\Rybak\Desktop\Punto Switcher.lnk [2014/01/11 13:38:06 | 000,000,262 | ---- | M] () -- C:\Users\Rybak\uacossack.inkyp [2014/01/11 10:00:02 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\GlaryUpdate 3.job [2014/01/10 13:13:42 | 000,001,085 | ---- | M] () -- C:\Users\Rybak\Desktop\WL2.exe - Shortcut.lnk [2014/01/09 22:13:13 | 000,561,015 | ---- | M] () -- C:\Users\Rybak\Desktop\Makovin.png [2014/01/09 21:03:10 | 005,227,019 | ---- | M] () -- C:\Users\Rybak\Desktop\namebench-1.3.1-Windows.exe [2014/01/09 00:16:48 | 000,561,015 | ---- | M] () -- C:\Users\Rybak\Desktop\1170651_610322985669853_1484389318_n.png [2014/01/08 20:03:14 | 000,001,861 | ---- | M] () -- C:\Users\Rybak\Desktop\TechPowerUp GPU-Z.lnk [2014/01/08 19:40:47 | 001,161,350 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-010.jpg [2014/01/08 19:40:37 | 000,925,043 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-003.jpg [2014/01/08 19:39:23 | 001,193,175 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-009.jpg [2014/01/08 18:45:54 | 000,024,896 | ---- | M] () -- C:\Users\Rybak\Desktop\gpuscreen.gif [2014/01/08 17:11:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk [2014/01/08 17:07:21 | 000,002,275 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/01/08 17:03:24 | 000,001,211 | ---- | M] () -- C:\Users\Rybak\Desktop\Free Video to GIF Converter.lnk [2014/01/08 17:01:31 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/01/08 17:01:31 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2014/01/08 17:01:28 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/01/08 17:01:28 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/01/08 17:01:28 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/01/08 17:01:28 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014/01/08 17:01:28 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/01/08 17:01:28 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2014/01/08 17:01:28 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/01/08 17:01:28 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2014/01/08 17:01:28 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/01/08 17:01:28 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/01/08 17:01:28 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2014/01/08 17:01:28 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/01/08 17:01:28 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2014/01/08 17:01:28 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2014/01/08 17:01:28 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2014/01/08 17:01:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/01/08 17:01:28 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/01/08 17:01:28 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014/01/08 17:01:28 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/01/08 17:01:28 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/01/08 17:01:28 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2014/01/08 17:01:28 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2014/01/08 17:01:28 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/01/08 17:01:28 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2014/01/08 17:01:28 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2014/01/08 17:01:28 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2014/01/08 17:01:28 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2014/01/08 17:01:28 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/01/08 17:01:28 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/01/08 17:01:28 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2014/01/08 17:01:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/01/08 17:01:28 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2014/01/08 17:01:28 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2014/01/08 17:01:28 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2014/01/08 17:01:28 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2014/01/08 17:01:28 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/01/08 17:01:28 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2014/01/08 17:01:28 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2014/01/08 17:01:28 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2014/01/08 17:01:28 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2014/01/08 17:01:28 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/01/08 17:01:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/01/08 17:01:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2014/01/08 17:01:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2014/01/08 17:01:28 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2014/01/08 17:01:28 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2014/01/08 17:01:28 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2014/01/08 17:01:28 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2014/01/08 17:01:28 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/01/08 17:01:28 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014/01/08 17:01:28 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2014/01/08 17:01:28 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2014/01/08 17:01:28 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2014/01/08 17:01:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2014/01/08 17:01:28 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2014/01/08 17:01:28 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/01/08 17:01:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2014/01/08 17:01:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/01/08 17:01:28 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2014/01/08 17:01:28 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2014/01/08 17:01:28 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014/01/08 17:01:28 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/01/08 17:01:28 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2014/01/08 17:01:28 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/01/08 17:01:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2014/01/08 17:01:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2014/01/08 17:01:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/01/08 17:01:28 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2014/01/08 17:01:28 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014/01/08 17:01:28 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014/01/08 17:01:28 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/01/08 17:01:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/01/08 17:01:28 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2014/01/08 17:01:28 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2014/01/08 17:01:28 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2014/01/08 17:01:28 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2014/01/08 17:01:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2014/01/08 17:01:28 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2014/01/08 17:01:28 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2014/01/08 17:01:28 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/01/08 11:38:24 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Instagiffer.lnk [2014/01/07 21:31:26 | 002,137,466 | ---- | M] () -- C:\Users\Rybak\Desktop\photo 2.JPG [2014/01/07 21:29:58 | 000,166,910 | ---- | M] () -- C:\Users\Rybak\Desktop\netflix.jpg [2014/01/07 21:06:41 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/01/07 19:36:43 | 000,160,286 | ---- | M] () -- C:\Users\Rybak\Desktop\1.jpg [2014/01/06 13:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2014/01/06 12:30:21 | 000,155,505 | ---- | M] () -- C:\Users\Rybak\Desktop\8352300501060017_12_24_2013.pdf [2013/12/29 21:22:15 | 000,002,070 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/12/29 21:22:15 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/12/29 16:05:14 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/12/29 16:05:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/12/29 16:04:47 | 000,001,157 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2013/12/29 16:04:47 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [2013/12/27 02:49:16 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys [2013/12/26 19:04:02 | 000,143,370 | ---- | M] () -- C:\Users\Rybak\Desktop\4l9lJCT.jpg [2013/12/26 04:46:03 | 000,000,992 | ---- | M] () -- C:\Users\Rybak\Desktop\Inky.lnk [2013/12/25 21:59:15 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\reditr.lnk [2013/12/25 21:43:24 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2013/12/25 21:43:24 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2013/12/25 11:21:14 | 000,078,000 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,017,296 | ---- | M] () -- C:\Windows\SysNative\RW_FileType.dat [2013/12/25 11:21:14 | 000,014,800 | ---- | M] () -- C:\Windows\SysNative\RW_AppData.dat [2013/12/25 11:21:14 | 000,004,245 | ---- | M] () -- C:\config.xml [2013/12/25 11:21:14 | 000,000,492 | ---- | M] () -- C:\Windows\SysNative\RW_FileFlag.dat [2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/24 01:15:36 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk [2013/12/24 01:15:36 | 000,001,244 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk [2013/12/23 01:06:53 | 000,001,283 | ---- | M] () -- C:\Users\Rybak\Desktop\FspUip.exe - Shortcut.lnk [2013/12/23 01:05:14 | 000,002,787 | ---- | M] () -- C:\Users\Public\Desktop\Asterisk Password Decryptor.lnk [2013/12/22 21:03:29 | 000,001,049 | ---- | M] () -- C:\Users\Rybak\Desktop\Notepad++.lnk [2013/12/22 20:38:48 | 001,324,940 | ---- | M] () -- C:\Users\Rybak\Desktop\NetStumblerInstaller_0_4_0.exe [2013/12/22 19:32:58 | 000,041,860 | ---- | M] () -- C:\Users\Rybak\Desktop\axe.jpg [2013/12/22 17:10:00 | 006,526,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/12/22 16:56:24 | 000,065,111 | ---- | M] () -- C:\Users\Rybak\Desktop\GqeBoPV.jpg [2013/12/22 11:08:48 | 000,060,779 | ---- | M] () -- C:\Users\Rybak\Desktop\WWP.png [2013/12/22 10:58:02 | 000,019,424 | ---- | M] () -- C:\Users\Rybak\Desktop\wwp.jpg [2013/12/21 19:05:42 | 000,001,216 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk [2013/12/21 19:05:42 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk [2013/12/21 18:59:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2013/12/20 19:24:40 | 000,022,581 | ---- | M] () -- C:\Users\Rybak\Desktop\error.jpg [2013/12/20 19:12:11 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013/12/20 18:39:38 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013/12/20 17:00:50 | 000,001,484 | ---- | M] () -- C:\Users\Rybak\Desktop\Command Prompt.lnk [2013/12/19 18:07:29 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/12/18 09:07:50 | 000,001,100 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013/12/18 09:07:50 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk [2013/12/18 01:30:34 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2013/12/18 01:30:33 | 000,620,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013/12/16 17:39:58 | 002,843,432 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr [2013/12/16 17:39:40 | 000,240,936 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe [2013/12/16 17:39:24 | 000,543,528 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll [2013/12/16 17:39:18 | 000,010,536 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll [2013/12/15 15:16:53 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/12/15 15:16:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/12/15 15:16:53 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/12/15 15:16:53 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/12/15 00:02:49 | 000,000,132 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Adobe PNG Format CS6 Prefs [2013/12/13 15:31:23 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/01/12 14:06:47 | 000,008,446 | ---- | C] () -- C:\Users\Rybak\Desktop\ukraine_proudtobe.png [2014/01/12 13:54:09 | 000,005,760 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\msconfig.ini [2014/01/12 13:49:34 | 000,050,480 | ---- | C] () -- C:\Users\Rybak\Desktop\av.jpg [2014/01/12 12:14:12 | 000,014,697 | ---- | C] () -- C:\Users\Rybak\Desktop\[rutracker.org].t4265797.torrent [2014/01/12 12:03:03 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk [2014/01/12 11:54:30 | 000,057,286 | ---- | C] () -- C:\Users\Rybak\Desktop\Su-152.jpg [2014/01/12 06:24:19 | 000,147,570 | ---- | C] () -- C:\Users\Rybak\Desktop\ped.jpg [2014/01/11 19:03:40 | 000,001,007 | ---- | C] () -- C:\Users\Rybak\Desktop\Punto Switcher.lnk [2014/01/11 18:22:20 | 007,366,064 | ---- | C] () -- C:\Users\Rybak\Desktop\DSC01934.JPG [2014/01/10 13:13:42 | 000,001,085 | ---- | C] () -- C:\Users\Rybak\Desktop\WL2.exe - Shortcut.lnk [2014/01/10 11:58:17 | 000,002,016 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk [2014/01/09 22:13:13 | 000,561,015 | ---- | C] () -- C:\Users\Rybak\Desktop\Makovin.png [2014/01/09 21:03:10 | 005,227,019 | ---- | C] () -- C:\Users\Rybak\Desktop\namebench-1.3.1-Windows.exe [2014/01/09 00:16:48 | 000,561,015 | ---- | C] () -- C:\Users\Rybak\Desktop\1170651_610322985669853_1484389318_n.png [2014/01/08 20:03:14 | 000,001,861 | ---- | C] () -- C:\Users\Rybak\Desktop\TechPowerUp GPU-Z.lnk [2014/01/08 19:40:47 | 001,161,350 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-010.jpg [2014/01/08 19:40:37 | 000,925,043 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-003.jpg [2014/01/08 19:39:22 | 001,193,175 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-009.jpg [2014/01/08 18:45:54 | 000,024,896 | ---- | C] () -- C:\Users\Rybak\Desktop\gpuscreen.gif [2014/01/08 17:01:28 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2014/01/08 17:01:28 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2014/01/08 11:38:24 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Instagiffer.lnk [2014/01/07 21:29:56 | 000,166,910 | ---- | C] () -- C:\Users\Rybak\Desktop\netflix.jpg [2014/01/07 21:06:41 | 000,002,275 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/01/07 21:06:41 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/01/07 21:06:22 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/01/07 21:06:22 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/07 19:36:40 | 000,160,286 | ---- | C] () -- C:\Users\Rybak\Desktop\1.jpg [2014/01/06 12:30:25 | 000,155,505 | ---- | C] () -- C:\Users\Rybak\Desktop\8352300501060017_12_24_2013.pdf [2013/12/29 21:22:15 | 000,002,070 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/12/29 21:22:15 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/12/29 16:05:15 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/12/29 16:04:47 | 000,001,157 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2013/12/29 16:04:47 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [2013/12/27 02:45:59 | 000,000,262 | ---- | C] () -- C:\Users\Rybak\uacossack.inkyp [2013/12/26 19:04:02 | 000,143,370 | ---- | C] () -- C:\Users\Rybak\Desktop\4l9lJCT.jpg [2013/12/26 16:37:29 | 002,137,466 | ---- | C] () -- C:\Users\Rybak\Desktop\photo 2.JPG [2013/12/26 04:46:03 | 000,001,000 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inky.lnk [2013/12/26 04:46:03 | 000,000,992 | ---- | C] () -- C:\Users\Rybak\Desktop\Inky.lnk [2013/12/25 21:59:15 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\reditr.lnk [2013/12/25 21:40:06 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2013/12/25 21:40:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2013/12/25 11:21:14 | 000,078,000 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,017,296 | ---- | C] () -- C:\Windows\SysNative\RW_FileType.dat [2013/12/25 11:21:14 | 000,014,800 | ---- | C] () -- C:\Windows\SysNative\RW_AppData.dat [2013/12/25 11:21:14 | 000,004,245 | ---- | C] () -- C:\config.xml [2013/12/25 11:21:14 | 000,000,492 | ---- | C] () -- C:\Windows\SysNative\RW_FileFlag.dat [2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/25 11:21:14 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat [2013/12/24 01:15:36 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk [2013/12/24 01:15:36 | 000,001,244 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk [2013/12/23 01:06:53 | 000,001,283 | ---- | C] () -- C:\Users\Rybak\Desktop\FspUip.exe - Shortcut.lnk [2013/12/22 20:38:48 | 001,324,940 | ---- | C] () -- C:\Users\Rybak\Desktop\NetStumblerInstaller_0_4_0.exe [2013/12/22 19:49:11 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk [2013/12/22 19:42:40 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Asterisk Password Decryptor.lnk [2013/12/22 19:32:58 | 000,041,860 | ---- | C] () -- C:\Users\Rybak\Desktop\axe.jpg [2013/12/22 16:56:24 | 000,065,111 | ---- | C] () -- C:\Users\Rybak\Desktop\GqeBoPV.jpg [2013/12/22 11:08:48 | 000,060,779 | ---- | C] () -- C:\Users\Rybak\Desktop\WWP.png [2013/12/22 10:58:02 | 000,019,424 | ---- | C] () -- C:\Users\Rybak\Desktop\wwp.jpg [2013/12/22 00:09:54 | 000,001,211 | ---- | C] () -- C:\Users\Rybak\Desktop\Free Video to GIF Converter.lnk [2013/12/21 19:05:42 | 000,001,216 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk [2013/12/21 19:05:42 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk [2013/12/21 18:59:51 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2013/12/20 19:24:40 | 000,022,581 | ---- | C] () -- C:\Users\Rybak\Desktop\error.jpg [2013/12/20 19:12:11 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/12/20 17:00:50 | 000,001,484 | ---- | C] () -- C:\Users\Rybak\Desktop\Command Prompt.lnk [2013/12/18 09:09:51 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\GlaryUpdate 3.job [2013/12/18 09:07:50 | 000,001,100 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013/12/18 09:07:50 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk [2013/12/18 09:07:49 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013/12/18 09:07:48 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk [2013/12/17 00:53:03 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk [2013/12/17 00:53:03 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk [2013/12/13 15:26:37 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini [2013/12/07 04:46:16 | 000,355,840 | ---- | C] () -- C:\Windows\SysWow64\LiveWrapRTSP.dll [2013/11/23 20:55:56 | 000,000,037 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\70149b02515b3bb20dd492.47983420 [2013/11/19 17:35:30 | 000,000,132 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Adobe PNG Format CS6 Prefs [2013/11/18 21:42:07 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013/11/10 13:13:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2013/11/07 19:16:01 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/11/07 19:15:59 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013/11/07 19:15:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013/11/02 09:30:28 | 000,000,012 | ---- | C] () -- C:\Windows\wind3264st.dat [2013/10/23 02:54:57 | 000,000,600 | ---- | C] () -- C:\Users\Rybak\PUTTY.RND [2013/10/19 18:14:53 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin [2013/10/18 17:50:58 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2013/10/18 15:30:37 | 000,004,545 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamStudio.cfg [2013/10/18 15:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamShapes.ini [2013/10/18 15:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamLayout.ini [2013/10/18 15:30:37 | 000,000,100 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Camdata.ini [2013/10/18 15:18:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2013/10/18 11:56:45 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/10/17 12:56:20 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2013/10/16 15:52:40 | 000,000,380 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys [2013/10/16 15:48:33 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2013/10/16 15:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2013/10/16 15:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2013/10/16 15:48:32 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013/10/16 15:48:32 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/12/10 18:28:14 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\.ACEStream [2013/12/02 17:22:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ACEStream [2013/10/20 15:51:22 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Amazon [2013/12/19 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\AMS Software [2013/10/20 07:59:06 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Ashampoo [2013/12/22 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Asterisk Password Decryptor [2013/11/24 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Awesomium [2014/01/12 07:07:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\BfToe [2013/10/24 08:57:12 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bigasoft Video Downloader Pro [2013/12/11 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bitcoin [2013/12/19 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Chamber [2013/12/04 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Digital Confidence [2013/11/23 18:09:06 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\DiskSpaceFan [2013/12/20 08:51:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Dropbox [2013/12/13 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Durbetsel 6.3 [2013/12/22 22:27:08 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\eM Client [2013/11/15 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FaceOffMax [2014/01/12 14:18:48 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FileZilla [2013/11/10 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Flock [2013/12/29 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Foxit Software [2013/11/05 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\freac [2013/12/18 09:07:49 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\GlarySoft [2013/12/21 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\IObit [2014/01/09 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\jagex_cache [2014/01/06 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\LockHunter [2013/12/04 23:49:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Miranda [2014/01/11 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\MouseMonitor [2013/10/20 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\NeoDownloader [2013/12/22 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Notepad++ [2014/01/10 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\OpenDNS Updater [2013/10/19 16:18:44 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Origin [2013/10/23 11:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PDAppFlex [2013/12/21 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PearlMountain [2013/10/19 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Preme for Windows [2013/11/02 09:47:47 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\RoboForm [2013/10/28 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TAC [2013/12/07 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TeamViewer [2014/01/03 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TuneUp Software [2013/11/22 17:35:22 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Unity [2014/01/11 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\uTorrent [2013/11/18 21:42:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\VDownloader [2013/11/08 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Wargaming.net [2013/12/24 01:15:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Xirrus [2014/01/11 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Yandex [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} < End of report >