Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Kaspersky keeps showing me infected files, but can't delete them [


  • This topic is locked This topic is locked

#1
BearCavalry

BearCavalry

    Member

  • Member
  • PipPipPip
  • 141 posts
Hello Ladies & Gentlemen. Once again I seek your help. I followed the instructions here.
I am showing you a screenshot of my Kaspersky window,

Posted Image

I do not know what BitCoin mining is, I really don't know what BitCoins are either, but anyways it seems to be a virus. And the other ones too. The ones marked with this long name ... Posted Image & Posted Image keep popping up, Kaspersky keeps asking me if I want to disinfect them, I click yes, but then 5 minutes later it shows up again.

I have also scanned my C Drive with Malwarebytes Anti-Malware, and deleted whatever it told me to delete. But needless to say the problems continue, so here I am posting here.

I would appreciate it so much for your help.


Here is my text from OTL.Txt
------------------------------------------------------

OTL logfile created on: 1/12/2014 10:33:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rybak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 10.86 Gb Available Physical Memory | 67.99% Memory free
31.95 Gb Paging File | 25.99 Gb Available in Paging File | 81.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 36.68 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 221.65 Gb Free Space | 31.73% Space Free | Partition Type: NTFS

Computer Name: RYBAK-PC | User Name: Rybak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Rybak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rybak\AppData\Roaming\Pin.exe (Microsoft Cooperation Inc.)
PRC - C:\Users\Rybak\AppData\Roaming\MouseMonitor\audiodrivers.exe ()
PRC - C:\Users\Rybak\hcoxo\SrIJCQYe.exe (AutoIt Team)
PRC - C:\Users\Rybak\vigqr\pReMggCRyMCe.exe (AutoIt Team)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe ()
PRC - C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Users\Rybak\dtrgf\hxiNpkYz.exe (AutoIt Team)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\Users\Rybak\AppData\Roaming\MouseMonitor\libcurl-4.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\MouseMonitor\zlib1.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\MouseMonitor\audiodrivers.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\58599be6aedb2bcc25a266fc1efcc03c\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0fca5e7bc50aee6cd0e059bb66fd81ec\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\65f7c6dcc498c7157f0ef5b72824d60a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f4a3d09bd38a742ccfe4a20a126fff5\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()
MOD - \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-494354007-691658305-523761783-1000\MSPRindiv01.key ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
MOD - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32api.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32api.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32file.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32file.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_socket.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_socket.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\select.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\select.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\apsw.pyd ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SEVPNCLIENT) -- C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther Project at University of Tsukuba, Japan.)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (OODefragAgent) -- D:\O&O Defrag\oodag.exe (O&O Software GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AntiLog32) -- C:\Windows\SysNative\drivers\AntiLog64.sys (Zemana Ltd.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SEE) -- C:\Windows\SysNative\drivers\see.sys (SoftEther Project at University of Tsukuba, Japan.)
DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_0117.sys (SoftEther Project at University of Tsukuba, Japan.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (BootDefragDriver) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys (<Glarysoft Ltd>)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (klflt) -- C:\Windows\SysNative\drivers\klflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klpd) -- C:\Windows\SysNative\drivers\klpd.sys (Kaspersky Lab ZAO)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (DFX11_1) -- C:\Windows\SysNative\drivers\dfx11_1x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (fspad_win764) -- C:\Windows\SysNative\drivers\fspad_win764.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MSN_WCP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 02 19 69 9E CA CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {03767D78-CF21-41A5-BA55-E41A3D69C659}
IE - HKCU\..\SearchScopes\{03767D78-CF21-41A5-BA55-E41A3D69C659}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.8
FF - prefs.js..extensions.enabledAddons: cryenginebrowserplugin%40crytek.com:0.39.0
FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:0.9.5
FF - prefs.js..extensions.enabledAddons: myipms2%40myip.ms:1.591
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: uploader%40adblockfilters.mozdev.org:2.1
FF - prefs.js..extensions.enabledAddons: webmaster%40keep-tube.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B2bfc8624-5b8a-4060-b86a-e78ccbc38509%7D:5.2
FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0
FF - prefs.js..extensions.enabledAddons: ImagePicker%40topolog.org:1.8.1
FF - prefs.js..extensions.enabledAddons: amptra%40keepa.com:1.11
FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1
FF - prefs.js..extensions.enabledAddons: bettergmail2%40ginatrapani.org:1.2
FF - prefs.js..extensions.enabledAddons: hdv%40vovcacik.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.10.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: File not found
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.10.2: C:\Users\Rybak\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rybak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2013/11/10 13:13:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2013/11/10 13:13:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 13:20:07 | 000,000,000 | ---D | M]

[2013/11/10 13:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions
[2013/11/10 13:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2014/01/10 10:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions
[2013/10/18 17:53:08 | 000,000,000 | ---D | M] ("BetterSearch") -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509}
[2013/11/14 02:35:54 | 000,000,000 | ---D | M] (GFACE Experience Plugin) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/14 01:28:25 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/12 01:30:01 | 000,000,000 | ---D | M] (Whois &amp; Flags Firefox &amp; Websites Popularity Rating) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/21 10:18:45 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/16 15:13:54 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2014/01/09 15:53:24 | 000,949,970 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:41 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/15 13:10:57 | 000,018,447 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/18 17:53:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/12 01:30:01 | 000,343,554 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/29 21:20:01 | 000,276,952 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:33 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:28 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/24 21:15:42 | 000,022,560 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2014/01/08 16:47:43 | 000,004,377 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:51:17 | 000,182,257 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/10 01:24:48 | 000,113,140 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/05 19:57:50 | 000,161,137 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/18 18:39:01 | 000,130,099 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:41 | 000,075,438 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/18 14:49:59 | 000,031,748 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/16 15:13:54 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi
[2013/11/28 07:44:50 | 000,008,893 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}.xpi
[2013/12/29 21:19:31 | 000,242,709 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2014/01/02 11:00:12 | 000,018,899 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/10/17 22:59:12 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/03 12:17:11 | 000,555,162 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/10/18 15:15:05 | 000,002,383 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\searchplugins\deviantart.xml
[2013/10/18 15:15:10 | 000,001,899 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\searchplugins\flickr-tags.xml
[2013/12/12 13:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/12 13:20:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/02 17:21:07 | 000,000,000 | ---D | M] (TS Magic Player) -- C:\USERS\RYBAK\APPDATA\ROAMING\ACESTREAM\EXTENSIONS\FIREFOX\[email protected]
[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.0.5_0\
CHR - Extension: Sothink Flash Downloader for Chrome = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi\1.0.24_0\
CHR - Extension: YouTube = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: eBay Web App = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.4_0\
CHR - Extension: Facebook = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Omnibox Site Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cckcidchbmodjccllbmegoignhmidncg\1.0_0\
CHR - Extension: Adblock Plus = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Google Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HTML Revealer and Password Revealer = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn\2.0_0\
CHR - Extension: The QR Code Generator = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.5_0\
CHR - Extension: AdBlock = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: LastPass = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0\
CHR - Extension: Media file downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab\2.0_0\
CHR - Extension: Webcam Toy = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\modules\clickberry\_
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: Awesome New Tab Page\u2122 = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2014.21.21_0\
CHR - Extension: LastPass Vault = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: MuteTab = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc\2.0.5_0\
CHR - Extension: Google Wallet = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: OverTask = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiijfgmbaopeehamdhiiepidbpfkcda\0.0.14_0\
CHR - Extension: better Browser - for Chrome = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh\3.4_0\
CHR - Extension: Gmail = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/18 02:15:53 | 000,000,923 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 practivate.adobe.c
O1 - Hosts: 127.0.0.1 license.superantispyware.com
O1 - Hosts: 127.0.0.1 www.iobit.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [OODefragTray] D:\O&O Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SoftEther VPN Client UI Helper] C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther Project at University of Tsukuba, Japan.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows ® Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [AceStream] C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TouchFreeze] C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [dtrgf] C:\Users\Rybak\dtrgf\34152.vbs ()
O4 - HKCU..\RunOnce: [hcoxo] C:\Users\Rybak\hcoxo\89969.vbs ()
O4 - HKCU..\RunOnce: [vigqr] C:\Users\Rybak\vigqr\88170.vbs ()
O4 - Startup: C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A62D84-5369-47FE-91A4-70B26301F3FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85152643-06AE-4E27-B0DC-622EC7F2DFEB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 07:09:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rybak\Desktop\OTL.exe
[2014/01/12 06:56:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\backups
[2014/01/12 06:53:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rybak\Desktop\HijackThis.exe
[2014/01/11 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\WM
[2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Yandex
[2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Yandex
[2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yandex
[2014/01/11 19:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yandex
[2014/01/11 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\MouseMonitor
[2014/01/11 15:04:05 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\dtrgf
[2014/01/11 08:05:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Kyiv FD
[2014/01/11 02:00:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\destroyed AFV_30
[2014/01/10 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\userbars
[2014/01/10 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\BfToe
[2014/01/10 14:45:40 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\phjjt
[2014/01/10 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\OpenDNS Updater
[2014/01/10 11:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2014/01/10 08:21:24 | 000,025,088 | ---- | C] (Microsoft Cooperation Inc.) -- C:\Users\Rybak\AppData\Roaming\Pin.exe
[2014/01/10 08:20:41 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\eqnqp
[2014/01/09 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\jagex_cache
[2014/01/09 15:24:23 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\ukuot
[2014/01/08 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Dramatic Photos
[2014/01/08 18:38:26 | 000,000,000 | -H-D | C] -- C:\Users\Rybak\Desktop\.picasaoriginals
[2014/01/08 17:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LHService
[2014/01/08 11:38:28 | 000,000,000 | ---D | C] -- C:\Users\Rybak\.instagiffer
[2014/01/08 11:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer
[2014/01/08 11:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Instagiffer
[2014/01/07 21:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/07 19:37:37 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2014/01/07 13:03:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\iznIy
[2014/01/07 13:03:20 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\hcoxo
[2014/01/07 12:31:44 | 000,000,000 | -H-D | C] -- C:\{$1284-9213-2940-1289$}
[2014/01/07 12:31:41 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\vigqr
[2014/01/06 22:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LockHunter
[2014/01/06 22:19:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\LockHunter
[2014/01/06 22:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2014/01/06 22:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2013/12/29 21:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/12/29 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Yahoo!
[2013/12/29 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/12/29 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/29 16:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/12/29 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\volgograd
[2013/12/28 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Russians in Bosnia
[2013/12/27 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\TEXT
[2013/12/27 03:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\ebooks
[2013/12/27 02:32:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\TuneUp Software
[2013/12/27 02:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/12/27 02:31:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/12/27 02:31:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/12/26 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Chechnya
[2013/12/26 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Chechen aviation
[2013/12/26 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\smilies
[2013/12/26 04:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Arcode
[2013/12/26 04:45:58 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Inky
[2013/12/25 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Reditr
[2013/12/25 21:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reditr
[2013/12/25 21:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\reditr
[2013/12/25 21:43:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2013/12/25 21:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/12/25 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\O&O
[2013/12/25 21:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2013/12/25 15:49:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{492EBBD4-E9BF-4990-93B7-BA313CF7EB4B}
[2013/12/24 01:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013/12/24 01:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2013/12/24 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Xirrus
[2013/12/22 19:49:31 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\eM Client
[2013/12/22 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eM Client
[2013/12/22 19:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KRyLack Software
[2013/12/22 19:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asterisk Password Decryptor
[2013/12/22 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Asterisk Password Decryptor
[2013/12/22 19:19:05 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\eM Client
[2013/12/22 00:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video to GIF Converter
[2013/12/22 00:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video to GIF Converter
[2013/12/21 19:47:09 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Configure
[2013/12/21 19:47:06 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Maker3D
[2013/12/21 19:36:16 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Apps
[2013/12/21 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\webcam 7
[2013/12/21 19:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bcgsoft
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Collage Maker Pro
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\PearlMountain
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PearlMountain
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PearlMountain
[2013/12/21 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picture Collage Maker Pro
[2013/12/21 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/12/21 12:04:47 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2013/12/20 19:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/12/20 18:39:32 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\mbar
[2013/12/19 16:07:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Chamber
[2013/12/19 16:07:25 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\AMS Software
[2013/12/18 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[2013/12/18 09:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[2013/12/18 09:07:50 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2013/12/18 09:07:50 | 000,016,640 | ---- | C] (<Glarysoft Ltd>) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys
[2013/12/18 09:07:49 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\GlarySoft
[2013/12/18 09:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013/12/18 09:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3
[2013/12/18 02:36:08 | 000,027,456 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/12/18 02:19:41 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Apple Computer
[2013/12/18 02:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/12/18 02:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/12/18 02:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/12/18 02:16:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\IObit
[2013/12/17 02:07:52 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\CommView for WiFi
[2013/12/17 00:47:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Christmas
[2013/12/16 18:01:04 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Eurovision
[2013/12/16 17:39:58 | 002,843,432 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2013/12/16 17:39:40 | 000,240,936 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013/12/16 17:39:24 | 000,543,528 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2013/12/16 17:39:18 | 000,010,536 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013/12/16 14:35:43 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\ARMY
[2013/12/16 02:36:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/12/15 15:17:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/12/15 15:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/12/15 15:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/15 15:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/12/15 15:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/15 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/12/15 03:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceTec
[2013/12/14 22:53:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/13 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Durbetsel 6.3
[2013/12/13 15:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/12 10:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 09:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 07:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rybak\Desktop\OTL.exe
[2014/01/12 06:53:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rybak\Desktop\HijackThis.exe
[2014/01/12 06:24:21 | 000,147,570 | ---- | M] () -- C:\Users\Rybak\Desktop\ped.jpg
[2014/01/12 01:53:25 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 01:53:25 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/11 21:17:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/11 19:32:57 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/11 19:32:57 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/11 19:32:57 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/11 19:04:30 | 000,001,117 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
[2014/01/11 19:03:40 | 000,001,007 | ---- | M] () -- C:\Users\Rybak\Desktop\Punto Switcher.lnk
[2014/01/11 13:38:06 | 000,000,262 | ---- | M] () -- C:\Users\Rybak\uacossack.inkyp
[2014/01/11 10:00:02 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\GlaryUpdate 3.job
[2014/01/11 07:50:07 | 000,000,380 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys
[2014/01/11 01:48:19 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2014/01/11 01:47:17 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for [email protected](logon).job
[2014/01/11 01:47:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 13:13:42 | 000,001,085 | ---- | M] () -- C:\Users\Rybak\Desktop\WL2.exe - Shortcut.lnk
[2014/01/09 22:13:13 | 000,561,015 | ---- | M] () -- C:\Users\Rybak\Desktop\Makovin.png
[2014/01/09 21:03:10 | 005,227,019 | ---- | M] () -- C:\Users\Rybak\Desktop\namebench-1.3.1-Windows.exe
[2014/01/09 00:16:48 | 000,561,015 | ---- | M] () -- C:\Users\Rybak\Desktop\1170651_610322985669853_1484389318_n.png
[2014/01/08 20:03:14 | 000,001,861 | ---- | M] () -- C:\Users\Rybak\Desktop\TechPowerUp GPU-Z.lnk
[2014/01/08 19:40:47 | 001,161,350 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-010.jpg
[2014/01/08 19:40:37 | 000,925,043 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-003.jpg
[2014/01/08 19:39:23 | 001,193,175 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-009.jpg
[2014/01/08 18:45:54 | 000,024,896 | ---- | M] () -- C:\Users\Rybak\Desktop\gpuscreen.gif
[2014/01/08 17:11:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/01/08 17:07:21 | 000,002,275 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/08 17:03:24 | 000,001,211 | ---- | M] () -- C:\Users\Rybak\Desktop\Free Video to GIF Converter.lnk
[2014/01/08 17:01:28 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/08 17:01:28 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/08 11:38:24 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Instagiffer.lnk
[2014/01/07 21:31:26 | 002,137,466 | ---- | M] () -- C:\Users\Rybak\Desktop\photo 2.JPG
[2014/01/07 21:29:58 | 000,166,910 | ---- | M] () -- C:\Users\Rybak\Desktop\netflix.jpg
[2014/01/07 21:06:41 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/07 19:36:43 | 000,160,286 | ---- | M] () -- C:\Users\Rybak\Desktop\1.jpg
[2014/01/06 12:30:21 | 000,155,505 | ---- | M] () -- C:\Users\Rybak\Desktop\8352300501060017_12_24_2013.pdf
[2013/12/29 21:22:15 | 000,002,070 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/12/29 21:22:15 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/12/29 16:04:47 | 000,001,157 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/29 16:04:47 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/12/27 02:49:16 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/12/26 19:04:02 | 000,143,370 | ---- | M] () -- C:\Users\Rybak\Desktop\4l9lJCT.jpg
[2013/12/26 04:46:03 | 000,000,992 | ---- | M] () -- C:\Users\Rybak\Desktop\Inky.lnk
[2013/12/25 21:59:15 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\reditr.lnk
[2013/12/25 21:43:24 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2013/12/25 21:43:24 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/12/25 11:21:14 | 000,078,000 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,017,296 | ---- | M] () -- C:\Windows\SysNative\RW_FileType.dat
[2013/12/25 11:21:14 | 000,014,800 | ---- | M] () -- C:\Windows\SysNative\RW_AppData.dat
[2013/12/25 11:21:14 | 000,004,245 | ---- | M] () -- C:\config.xml
[2013/12/25 11:21:14 | 000,000,492 | ---- | M] () -- C:\Windows\SysNative\RW_FileFlag.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/24 01:15:36 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013/12/24 01:15:36 | 000,001,244 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2013/12/23 01:06:53 | 000,001,283 | ---- | M] () -- C:\Users\Rybak\Desktop\FspUip.exe - Shortcut.lnk
[2013/12/23 01:05:14 | 000,002,787 | ---- | M] () -- C:\Users\Public\Desktop\Asterisk Password Decryptor.lnk
[2013/12/22 21:03:29 | 000,001,049 | ---- | M] () -- C:\Users\Rybak\Desktop\Notepad++.lnk
[2013/12/22 20:38:48 | 001,324,940 | ---- | M] () -- C:\Users\Rybak\Desktop\NetStumblerInstaller_0_4_0.exe
[2013/12/22 19:32:58 | 000,041,860 | ---- | M] () -- C:\Users\Rybak\Desktop\axe.jpg
[2013/12/22 17:10:00 | 006,526,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/22 16:56:24 | 000,065,111 | ---- | M] () -- C:\Users\Rybak\Desktop\GqeBoPV.jpg
[2013/12/22 11:08:48 | 000,060,779 | ---- | M] () -- C:\Users\Rybak\Desktop\WWP.png
[2013/12/22 10:58:02 | 000,019,424 | ---- | M] () -- C:\Users\Rybak\Desktop\wwp.jpg
[2013/12/21 19:05:42 | 000,001,216 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk
[2013/12/21 19:05:42 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk
[2013/12/21 18:59:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/12/20 19:24:40 | 000,022,581 | ---- | M] () -- C:\Users\Rybak\Desktop\error.jpg
[2013/12/20 19:12:11 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/12/20 18:39:38 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/20 17:00:50 | 000,001,484 | ---- | M] () -- C:\Users\Rybak\Desktop\Command Prompt.lnk
[2013/12/19 18:07:29 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/18 09:07:50 | 000,001,100 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/12/18 09:07:50 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/12/18 01:30:34 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/12/18 01:30:33 | 000,620,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/12/16 17:39:58 | 002,843,432 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2013/12/16 17:39:40 | 000,240,936 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013/12/16 17:39:24 | 000,543,528 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2013/12/16 17:39:18 | 000,010,536 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013/12/15 00:02:49 | 000,000,132 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/12/13 15:31:23 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/12 06:24:19 | 000,147,570 | ---- | C] () -- C:\Users\Rybak\Desktop\ped.jpg
[2014/01/11 19:03:50 | 000,001,117 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
[2014/01/11 19:03:40 | 000,001,007 | ---- | C] () -- C:\Users\Rybak\Desktop\Punto Switcher.lnk
[2014/01/11 18:22:20 | 007,366,064 | ---- | C] () -- C:\Users\Rybak\Desktop\DSC01934.JPG
[2014/01/10 13:13:42 | 000,001,085 | ---- | C] () -- C:\Users\Rybak\Desktop\WL2.exe - Shortcut.lnk
[2014/01/10 11:58:17 | 000,002,016 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2014/01/09 22:13:13 | 000,561,015 | ---- | C] () -- C:\Users\Rybak\Desktop\Makovin.png
[2014/01/09 21:03:10 | 005,227,019 | ---- | C] () -- C:\Users\Rybak\Desktop\namebench-1.3.1-Windows.exe
[2014/01/09 00:16:48 | 000,561,015 | ---- | C] () -- C:\Users\Rybak\Desktop\1170651_610322985669853_1484389318_n.png
[2014/01/08 20:03:14 | 000,001,861 | ---- | C] () -- C:\Users\Rybak\Desktop\TechPowerUp GPU-Z.lnk
[2014/01/08 19:40:47 | 001,161,350 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-010.jpg
[2014/01/08 19:40:37 | 000,925,043 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-003.jpg
[2014/01/08 19:39:22 | 001,193,175 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-009.jpg
[2014/01/08 18:45:54 | 000,024,896 | ---- | C] () -- C:\Users\Rybak\Desktop\gpuscreen.gif
[2014/01/08 17:01:28 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/08 17:01:28 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/08 11:38:24 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Instagiffer.lnk
[2014/01/07 21:29:56 | 000,166,910 | ---- | C] () -- C:\Users\Rybak\Desktop\netflix.jpg
[2014/01/07 21:06:41 | 000,002,275 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/07 21:06:41 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/07 21:06:22 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/07 21:06:22 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/07 19:36:40 | 000,160,286 | ---- | C] () -- C:\Users\Rybak\Desktop\1.jpg
[2014/01/06 12:30:25 | 000,155,505 | ---- | C] () -- C:\Users\Rybak\Desktop\8352300501060017_12_24_2013.pdf
[2013/12/29 21:22:15 | 000,002,070 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/12/29 21:22:15 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/12/29 16:05:15 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 16:04:47 | 000,001,157 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/29 16:04:47 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/12/27 02:45:59 | 000,000,262 | ---- | C] () -- C:\Users\Rybak\uacossack.inkyp
[2013/12/26 19:04:02 | 000,143,370 | ---- | C] () -- C:\Users\Rybak\Desktop\4l9lJCT.jpg
[2013/12/26 16:37:29 | 002,137,466 | ---- | C] () -- C:\Users\Rybak\Desktop\photo 2.JPG
[2013/12/26 04:46:03 | 000,001,000 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inky.lnk
[2013/12/26 04:46:03 | 000,000,992 | ---- | C] () -- C:\Users\Rybak\Desktop\Inky.lnk
[2013/12/25 21:59:15 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\reditr.lnk
[2013/12/25 21:40:06 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2013/12/25 21:40:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/12/25 11:21:14 | 000,078,000 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,017,296 | ---- | C] () -- C:\Windows\SysNative\RW_FileType.dat
[2013/12/25 11:21:14 | 000,014,800 | ---- | C] () -- C:\Windows\SysNative\RW_AppData.dat
[2013/12/25 11:21:14 | 000,004,245 | ---- | C] () -- C:\config.xml
[2013/12/25 11:21:14 | 000,000,492 | ---- | C] () -- C:\Windows\SysNative\RW_FileFlag.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/24 01:15:36 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013/12/24 01:15:36 | 000,001,244 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2013/12/23 01:06:53 | 000,001,283 | ---- | C] () -- C:\Users\Rybak\Desktop\FspUip.exe - Shortcut.lnk
[2013/12/22 20:38:48 | 001,324,940 | ---- | C] () -- C:\Users\Rybak\Desktop\NetStumblerInstaller_0_4_0.exe
[2013/12/22 19:49:11 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
[2013/12/22 19:42:40 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Asterisk Password Decryptor.lnk
[2013/12/22 19:32:58 | 000,041,860 | ---- | C] () -- C:\Users\Rybak\Desktop\axe.jpg
[2013/12/22 16:56:24 | 000,065,111 | ---- | C] () -- C:\Users\Rybak\Desktop\GqeBoPV.jpg
[2013/12/22 11:08:48 | 000,060,779 | ---- | C] () -- C:\Users\Rybak\Desktop\WWP.png
[2013/12/22 10:58:02 | 000,019,424 | ---- | C] () -- C:\Users\Rybak\Desktop\wwp.jpg
[2013/12/22 00:09:54 | 000,001,211 | ---- | C] () -- C:\Users\Rybak\Desktop\Free Video to GIF Converter.lnk
[2013/12/21 19:05:42 | 000,001,216 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk
[2013/12/21 19:05:42 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk
[2013/12/21 18:59:51 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/12/20 19:24:40 | 000,022,581 | ---- | C] () -- C:\Users\Rybak\Desktop\error.jpg
[2013/12/20 19:12:11 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/12/20 17:00:50 | 000,001,484 | ---- | C] () -- C:\Users\Rybak\Desktop\Command Prompt.lnk
[2013/12/18 09:09:51 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\GlaryUpdate 3.job
[2013/12/18 09:07:50 | 000,001,100 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/12/18 09:07:50 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/12/18 09:07:49 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/12/18 09:07:48 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013/12/17 00:53:03 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013/12/17 00:53:03 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2013/12/13 15:26:37 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/12/07 04:46:16 | 000,355,840 | ---- | C] () -- C:\Windows\SysWow64\LiveWrapRTSP.dll
[2013/11/23 20:55:56 | 000,000,037 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/11/19 17:35:30 | 000,000,132 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/11/18 21:42:07 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2013/11/10 13:13:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/11/07 19:16:01 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/07 19:15:59 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/11/07 19:15:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/02 09:30:28 | 000,000,012 | ---- | C] () -- C:\Windows\wind3264st.dat
[2013/10/23 02:54:57 | 000,000,600 | ---- | C] () -- C:\Users\Rybak\PUTTY.RND
[2013/10/19 18:14:53 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2013/10/18 17:50:58 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2013/10/18 15:30:37 | 000,004,545 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamStudio.cfg
[2013/10/18 15:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamShapes.ini
[2013/10/18 15:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamLayout.ini
[2013/10/18 15:30:37 | 000,000,100 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Camdata.ini
[2013/10/18 15:18:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2013/10/18 11:56:45 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/17 12:56:20 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/10/16 15:52:40 | 000,000,380 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys
[2013/10/16 15:48:33 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013/10/16 15:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013/10/16 15:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013/10/16 15:48:32 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/10/16 15:48:32 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/10 18:28:14 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\.ACEStream
[2013/12/02 17:22:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ACEStream
[2013/10/20 15:51:22 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Amazon
[2013/12/19 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\AMS Software
[2013/10/20 07:59:06 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Ashampoo
[2013/12/22 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Asterisk Password Decryptor
[2013/11/24 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Awesomium
[2014/01/12 07:07:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\BfToe
[2013/10/24 08:57:12 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bigasoft Video Downloader Pro
[2013/12/11 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bitcoin
[2013/12/19 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Chamber
[2013/12/04 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Digital Confidence
[2013/11/23 18:09:06 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\DiskSpaceFan
[2013/12/20 08:51:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Dropbox
[2013/12/13 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Durbetsel 6.3
[2013/12/22 22:27:08 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\eM Client
[2013/11/15 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FaceOffMax
[2014/01/11 12:31:56 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FileZilla
[2013/11/10 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Flock
[2013/12/29 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Foxit Software
[2013/11/05 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\freac
[2013/12/18 09:07:49 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\GlarySoft
[2013/12/21 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\IObit
[2014/01/12 07:07:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\iznIy
[2014/01/09 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\jagex_cache
[2014/01/06 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\LockHunter
[2013/12/04 23:49:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Miranda
[2014/01/11 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\MouseMonitor
[2013/10/20 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\NeoDownloader
[2013/12/22 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Notepad++
[2014/01/10 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\OpenDNS Updater
[2013/10/19 16:18:44 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Origin
[2013/10/23 11:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PDAppFlex
[2013/12/21 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PearlMountain
[2013/10/19 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Preme for Windows
[2013/11/02 09:47:47 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\RoboForm
[2013/10/28 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TAC
[2013/12/07 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TeamViewer
[2014/01/03 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TuneUp Software
[2013/11/22 17:35:22 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Unity

[2013/11/18 21:42:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\VDownloader
[2013/11/08 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Wargaming.net
[2013/12/24 01:15:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Xirrus
[2014/01/11 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Yandex

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2014/01/11 19:02:19 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Яндекс

========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >




  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi this looks to give me the opportunity to try a recently released programme that targets this

Let me know if the instructions are easy to follow

Download Anti VBS/VBE to your desktop

  • download the appropriate version (32 bit or 64 bit) and double click the file to run it.
  • After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
  • Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

THEN

This malware was probably contracted via a USB stick so that will need to be disinfected

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Posted Image
Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

FINALLY

Lets see what is left, OTL will only generate one log this time

  • Run OTL.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#3
BearCavalry

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts

Hi this looks to give me the opportunity to try a recently released programme that targets this

Let me know if the instructions are easy to follow

Download Anti VBS/VBE to your desktop

  • download the appropriate version (32 bit or 64 bit) and double click the file to run it.
  • After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
  • Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

THEN

This malware was probably contracted via a USB stick so that will need to be disinfected

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Posted Image
Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

FINALLY

Lets see what is left, OTL will only generate one log this time

  • Run OTL.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs




Hi Essex!! Thank you for answering my thread!

Here is what the Anti-VBS program wrote in the .txt file

--------------------------------------------------

Running fix at 1/12/2014 11:58:43 AM

> Found: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IntelTBRunOnce - deleted.

Fix finished at 1/12/2014 11:58:47 AM

Anti-VBS/VBE, build 7, dr_Bora, http://www.mcshield....ls/Anti-VBSVBE/
----------------------------------------------------


Here is the MC2Shield Scan Log File

-----------------------------------------------------
>>> MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 2.8.3.24 / DB: 2014.1.12.1 / Windows 7 <<<


1/12/2014 12:03:12 PM > Drive C: - scan started (no label ~112 GB, NTFS HDD )...

=> The drive is clean.


1/12/2014 12:03:12 PM > Drive D: - scan started (no label ~699 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 2.8.3.24 / DB: 2014.1.12.1 / Windows 7 <<<


1/12/2014 12:05:33 PM > Drive J: - scan started (Secret ~31183 MB, NTFS flash drive )...

=> The drive is clean.
-----------------------------------------------------



Here is the OTL.txt text dump

-----------------------------------------------------
OTL logfile created on: 1/12/2014 12:10:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rybak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 11.74 Gb Available Physical Memory | 73.51% Memory free
31.95 Gb Paging File | 27.29 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 36.31 Gb Free Space | 32.51% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 253.04 Gb Free Space | 36.22% Space Free | Partition Type: NTFS
Drive J: | 30.45 Gb Total Space | 27.52 Gb Free Space | 90.36% Space Free | Partition Type: NTFS

Computer Name: RYBAK-PC | User Name: Rybak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Rybak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rybak\AppData\Roaming\Pin.exe (Microsoft Cooperation Inc.)
PRC - C:\Users\Rybak\AppData\Roaming\MouseMonitor\audiodrivers.exe ()
PRC - C:\Users\Rybak\hcoxo\SrIJCQYe.exe (AutoIt Team)
PRC - C:\Users\Rybak\vigqr\pReMggCRyMCe.exe (AutoIt Team)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
PRC - C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Users\Rybak\dtrgf\hxiNpkYz.exe (AutoIt Team)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\Users\Rybak\AppData\Roaming\MouseMonitor\libcurl-4.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\MouseMonitor\zlib1.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\MouseMonitor\audiodrivers.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\58599be6aedb2bcc25a266fc1efcc03c\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0fca5e7bc50aee6cd0e059bb66fd81ec\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\0503fcc7d094e9583abada0529543ce1\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\65f7c6dcc498c7157f0ef5b72824d60a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f4a3d09bd38a742ccfe4a20a126fff5\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
MOD - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32api.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32api.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32file.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32file.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_socket.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_socket.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\select.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\select.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\apsw.pyd ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SEVPNCLIENT) -- C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther Project at University of Tsukuba, Japan.)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (OODefragAgent) -- D:\O&O Defrag\oodag.exe (O&O Software GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AntiLog32) -- C:\Windows\SysNative\drivers\AntiLog64.sys (Zemana Ltd.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SEE) -- C:\Windows\SysNative\drivers\see.sys (SoftEther Project at University of Tsukuba, Japan.)
DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_0117.sys (SoftEther Project at University of Tsukuba, Japan.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (BootDefragDriver) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys (<Glarysoft Ltd>)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (klflt) -- C:\Windows\SysNative\drivers\klflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klpd) -- C:\Windows\SysNative\drivers\klpd.sys (Kaspersky Lab ZAO)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (DFX11_1) -- C:\Windows\SysNative\drivers\dfx11_1x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (fspad_win764) -- C:\Windows\SysNative\drivers\fspad_win764.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MSN_WCP
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 02 19 69 9E CA CE 01 [binary data]
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\..\SearchScopes,DefaultScope = {03767D78-CF21-41A5-BA55-E41A3D69C659}
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\..\SearchScopes\{03767D78-CF21-41A5-BA55-E41A3D69C659}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-494354007-691658305-523761783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 02 19 69 9E CA CE 01 [binary data]
IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-494354007-691658305-523761783-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.8
FF - prefs.js..extensions.enabledAddons: cryenginebrowserplugin%40crytek.com:0.39.0
FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:0.9.5
FF - prefs.js..extensions.enabledAddons: myipms2%40myip.ms:1.591
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: uploader%40adblockfilters.mozdev.org:2.1
FF - prefs.js..extensions.enabledAddons: webmaster%40keep-tube.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B2bfc8624-5b8a-4060-b86a-e78ccbc38509%7D:5.2
FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0
FF - prefs.js..extensions.enabledAddons: magicplayer%40torrentstream.org:1.1.33
FF - prefs.js..extensions.enabledAddons: ImagePicker%40topolog.org:1.8.1
FF - prefs.js..extensions.enabledAddons: amptra%40keepa.com:1.11
FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1
FF - prefs.js..extensions.enabledAddons: bettergmail2%40ginatrapani.org:1.2
FF - prefs.js..extensions.enabledAddons: hdv%40vovcacik.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.10.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "semixl019b.xirvik.com"
FF - prefs.js..network.proxy.ftp_port: 7128
FF - prefs.js..network.proxy.http: "semixl019b.xirvik.com"
FF - prefs.js..network.proxy.http_port: 7128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "semixl019b.xirvik.com"
FF - prefs.js..network.proxy.socks_port: 7128
FF - prefs.js..network.proxy.ssl: "semixl019b.xirvik.com"
FF - prefs.js..network.proxy.ssl_port: 7128
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: File not found
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.10.2: C:\Users\Rybak\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rybak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/12/18 01:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2013/11/10 13:13:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2013/11/10 13:13:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 13:20:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Rybak\AppData\Roaming\ACEStream\extensions\firefox\[email protected] [2013/12/02 17:21:07 | 000,000,000 | ---D | M]

[2013/11/10 13:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions
[2013/11/10 13:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2014/01/10 10:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions
[2013/10/18 17:53:08 | 000,000,000 | ---D | M] ("BetterSearch") -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509}
[2013/11/14 02:35:54 | 000,000,000 | ---D | M] (GFACE Experience Plugin) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/14 01:28:25 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/12 01:30:01 | 000,000,000 | ---D | M] (Whois &amp; Flags Firefox &amp; Websites Popularity Rating) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/21 10:18:45 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/16 15:13:54 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2014/01/09 15:53:24 | 000,949,970 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:41 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/15 13:10:57 | 000,018,447 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/18 17:53:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/12 01:30:01 | 000,343,554 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/29 21:20:01 | 000,276,952 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:33 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:28 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/24 21:15:42 | 000,022,560 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2014/01/08 16:47:43 | 000,004,377 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:51:17 | 000,182,257 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/10 01:24:48 | 000,113,140 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/05 19:57:50 | 000,161,137 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/12/18 18:39:01 | 000,130,099 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/17 22:59:41 | 000,075,438 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/18 14:49:59 | 000,031,748 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\[email protected]
[2013/10/16 15:13:54 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi
[2013/11/28 07:44:50 | 000,008,893 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}.xpi
[2013/12/29 21:19:31 | 000,242,709 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2014/01/02 11:00:12 | 000,018,899 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/10/17 22:59:12 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/03 12:17:11 | 000,555,162 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/10/18 15:15:05 | 000,002,383 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\searchplugins\deviantart.xml
[2013/10/18 15:15:10 | 000,001,899 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\2r0d57dt.default\searchplugins\flickr-tags.xml
[2013/12/12 13:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/12 13:20:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/02 17:21:07 | 000,000,000 | ---D | M] (TS Magic Player) -- C:\USERS\RYBAK\APPDATA\ROAMING\ACESTREAM\EXTENSIONS\FIREFOX\MA[email protected]
[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.0.5_0\
CHR - Extension: Sothink Flash Downloader for Chrome = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi\1.0.24_0\
CHR - Extension: YouTube = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: eBay Web App = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.4_0\
CHR - Extension: Facebook = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Omnibox Site Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cckcidchbmodjccllbmegoignhmidncg\1.0_0\
CHR - Extension: Adblock Plus = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Google Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HTML Revealer and Password Revealer = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn\2.0_0\
CHR - Extension: The QR Code Generator = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.5_0\
CHR - Extension: AdBlock = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: LastPass = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0\
CHR - Extension: Media file downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab\2.0_0\
CHR - Extension: Webcam Toy = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\modules\clickberry\_
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: Awesome New Tab Page\u2122 = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2014.21.21_0\
CHR - Extension: LastPass Vault = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: MuteTab = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc\2.0.5_0\
CHR - Extension: Google Wallet = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: OverTask = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiijfgmbaopeehamdhiiepidbpfkcda\0.0.14_0\
CHR - Extension: better Browser - for Chrome = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh\3.4_0\
CHR - Extension: Gmail = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/18 02:15:53 | 000,000,923 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 practivate.adobe.c
O1 - Hosts: 127.0.0.1 license.superantispyware.com
O1 - Hosts: 127.0.0.1 www.iobit.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] D:\O&O Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SoftEther VPN Client UI Helper] C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther Project at University of Tsukuba, Japan.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows ® Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [AceStream] C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\Run: [TouchFreeze] C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\RunOnce: [dtrgf] C:\Users\Rybak\dtrgf\34152.vbs ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\RunOnce: [hcoxo] C:\Users\Rybak\hcoxo\89969.vbs ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\RunOnce: [vigqr] C:\Users\Rybak\vigqr\88170.vbs ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-494354007-691658305-523761783-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-494354007-691658305-523761783-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-494354007-691658305-523761783-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A62D84-5369-47FE-91A4-70B26301F3FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85152643-06AE-4E27-B0DC-622EC7F2DFEB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 12:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2014/01/12 12:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2014/01/12 12:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2014/01/12 07:09:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rybak\Desktop\OTL.exe
[2014/01/12 06:56:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\backups
[2014/01/12 06:53:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rybak\Desktop\HijackThis.exe
[2014/01/11 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\WM
[2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Yandex
[2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Yandex
[2014/01/11 19:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yandex
[2014/01/11 19:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yandex
[2014/01/11 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\MouseMonitor
[2014/01/11 15:04:05 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\dtrgf
[2014/01/11 08:05:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Kyiv FD
[2014/01/11 02:00:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\destroyed AFV_30
[2014/01/10 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\userbars
[2014/01/10 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\BfToe
[2014/01/10 14:45:40 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\phjjt
[2014/01/10 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\OpenDNS Updater
[2014/01/10 11:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2014/01/10 08:21:24 | 000,025,088 | ---- | C] (Microsoft Cooperation Inc.) -- C:\Users\Rybak\AppData\Roaming\Pin.exe
[2014/01/10 08:20:41 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\eqnqp
[2014/01/09 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\jagex_cache
[2014/01/09 15:24:23 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\ukuot
[2014/01/08 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Dramatic Photos
[2014/01/08 18:38:26 | 000,000,000 | -H-D | C] -- C:\Users\Rybak\Desktop\.picasaoriginals
[2014/01/08 17:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LHService
[2014/01/08 17:03:00 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/01/08 17:01:31 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/08 17:01:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/08 17:01:28 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/01/08 17:01:28 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/01/08 17:01:28 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/01/08 17:01:28 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/08 17:01:28 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/08 17:01:28 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/08 17:01:28 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/01/08 17:01:28 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/08 17:01:28 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/01/08 17:01:28 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/01/08 17:01:28 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/08 17:01:28 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/01/08 17:01:28 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/08 17:01:28 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/08 17:01:28 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/08 17:01:28 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/01/08 17:01:28 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/01/08 17:01:28 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/01/08 17:01:28 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/08 17:01:28 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/01/08 17:01:28 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/08 17:01:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/08 17:01:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/08 17:01:28 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/08 17:01:28 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/08 17:01:28 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/08 17:01:28 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/08 17:01:28 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/01/08 17:01:28 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/01/08 17:01:28 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/08 17:01:28 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/01/08 17:01:28 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/08 17:01:28 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/08 17:01:28 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/08 17:01:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/08 17:01:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/01/08 17:01:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/08 17:01:28 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/08 17:01:28 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/08 17:01:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/08 17:01:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/01/08 17:01:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/01/08 17:01:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/08 17:01:28 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/08 17:01:28 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/08 17:01:28 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/08 17:01:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/08 17:01:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/08 17:01:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/08 17:01:28 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/08 17:01:28 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/08 17:01:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/08 17:01:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/08 17:01:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/08 17:01:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/08 17:01:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/08 17:01:28 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/08 17:01:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/01/08 17:01:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/08 17:01:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/08 17:01:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/08 17:01:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/01/08 17:01:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/08 17:01:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/01/08 17:01:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/08 17:01:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/08 17:01:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/01/08 17:01:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/08 17:01:28 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/08 17:01:28 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/08 17:01:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/01/08 17:01:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/01/08 17:01:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/08 17:01:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/08 17:01:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/01/08 17:01:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/08 17:01:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/08 17:01:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/01/08 11:38:28 | 000,000,000 | ---D | C] -- C:\Users\Rybak\.instagiffer
[2014/01/08 11:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagiffer
[2014/01/08 11:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Instagiffer
[2014/01/07 21:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/07 19:37:37 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2014/01/07 13:03:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\iznIy
[2014/01/07 13:03:20 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\hcoxo
[2014/01/07 12:31:44 | 000,000,000 | -H-D | C] -- C:\{$1284-9213-2940-1289$}
[2014/01/07 12:31:41 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\vigqr
[2014/01/06 22:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LockHunter
[2014/01/06 22:19:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\LockHunter
[2014/01/06 22:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2014/01/06 22:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2014/01/06 13:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/29 21:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/12/29 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Yahoo!
[2013/12/29 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/12/29 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/29 16:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/12/29 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\volgograd
[2013/12/28 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Russians in Bosnia
[2013/12/27 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\TEXT
[2013/12/27 03:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\ebooks
[2013/12/27 02:32:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\TuneUp Software
[2013/12/27 02:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/12/27 02:31:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/12/27 02:31:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/12/26 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Chechnya
[2013/12/26 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Chechen aviation
[2013/12/26 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\smilies
[2013/12/26 04:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Arcode
[2013/12/26 04:45:58 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Inky
[2013/12/25 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Reditr
[2013/12/25 21:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reditr
[2013/12/25 21:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\reditr
[2013/12/25 21:43:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2013/12/25 21:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/12/25 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\O&O
[2013/12/25 21:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2013/12/25 15:49:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{492EBBD4-E9BF-4990-93B7-BA313CF7EB4B}
[2013/12/24 01:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013/12/24 01:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2013/12/24 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Xirrus
[2013/12/22 19:49:31 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\eM Client
[2013/12/22 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eM Client
[2013/12/22 19:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KRyLack Software
[2013/12/22 19:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asterisk Password Decryptor
[2013/12/22 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Asterisk Password Decryptor
[2013/12/22 19:19:05 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\eM Client
[2013/12/22 00:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video to GIF Converter
[2013/12/22 00:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video to GIF Converter
[2013/12/21 19:47:09 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Configure
[2013/12/21 19:47:06 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Maker3D
[2013/12/21 19:36:16 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Apps
[2013/12/21 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\webcam 7
[2013/12/21 19:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bcgsoft
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Collage Maker Pro
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\PearlMountain
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PearlMountain
[2013/12/21 19:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PearlMountain
[2013/12/21 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picture Collage Maker Pro
[2013/12/21 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/12/21 12:04:47 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2013/12/20 19:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/12/20 18:39:32 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\mbar
[2013/12/19 16:07:30 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Chamber
[2013/12/19 16:07:25 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\AMS Software
[2013/12/18 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[2013/12/18 09:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[2013/12/18 09:07:50 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2013/12/18 09:07:50 | 000,016,640 | ---- | C] (<Glarysoft Ltd>) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys
[2013/12/18 09:07:49 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\GlarySoft
[2013/12/18 09:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013/12/18 09:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3
[2013/12/18 02:36:08 | 000,027,456 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/12/18 02:19:41 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Apple Computer
[2013/12/18 02:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/12/18 02:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/12/18 02:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/12/18 02:16:57 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\IObit
[2013/12/17 02:07:52 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\CommView for WiFi
[2013/12/17 00:47:54 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Christmas
[2013/12/16 18:01:04 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Eurovision
[2013/12/16 17:39:58 | 002,843,432 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2013/12/16 17:39:40 | 000,240,936 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013/12/16 17:39:24 | 000,543,528 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2013/12/16 17:39:18 | 000,010,536 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013/12/16 14:35:43 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\ARMY
[2013/12/16 02:36:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/12/15 15:17:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/12/15 15:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/12/15 15:16:58 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/15 15:16:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/15 15:16:56 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/15 15:16:56 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/15 15:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/15 15:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/12/15 15:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/15 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/12/15 03:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceTec
[2013/12/14 22:53:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/13 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Durbetsel 6.3
[2013/12/13 15:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/12 12:08:38 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/12 12:08:38 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/12 12:08:38 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/12 12:03:03 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
[2014/01/12 12:02:30 | 002,633,042 | ---- | M] () -- C:\Users\Rybak\Desktop\MCShield-Setup.exe
[2014/01/12 11:58:23 | 000,373,248 | ---- | M] () -- C:\Users\Rybak\Desktop\Anti-VBSVBEx64.exe
[2014/01/12 11:54:30 | 000,057,286 | ---- | M] () -- C:\Users\Rybak\Desktop\Su-152.jpg
[2014/01/12 11:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 11:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 07:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rybak\Desktop\OTL.exe
[2014/01/12 06:53:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rybak\Desktop\HijackThis.exe
[2014/01/12 06:24:21 | 000,147,570 | ---- | M] () -- C:\Users\Rybak\Desktop\ped.jpg
[2014/01/12 02:44:58 | 000,025,088 | ---- | M] (Microsoft Cooperation Inc.) -- C:\Users\Rybak\AppData\Roaming\Pin.exe
[2014/01/12 01:53:25 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 01:53:25 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/11 21:17:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/11 19:04:30 | 000,001,117 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
[2014/01/11 19:03:40 | 000,001,007 | ---- | M] () -- C:\Users\Rybak\Desktop\Punto Switcher.lnk
[2014/01/11 13:38:06 | 000,000,262 | ---- | M] () -- C:\Users\Rybak\uacossack.inkyp
[2014/01/11 10:00:02 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\GlaryUpdate 3.job
[2014/01/11 07:50:07 | 000,000,380 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys
[2014/01/11 01:48:19 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2014/01/11 01:47:17 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for [email protected](logon).job
[2014/01/11 01:47:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 13:13:42 | 000,001,085 | ---- | M] () -- C:\Users\Rybak\Desktop\WL2.exe - Shortcut.lnk
[2014/01/09 22:13:13 | 000,561,015 | ---- | M] () -- C:\Users\Rybak\Desktop\Makovin.png
[2014/01/09 21:03:10 | 005,227,019 | ---- | M] () -- C:\Users\Rybak\Desktop\namebench-1.3.1-Windows.exe
[2014/01/09 00:16:48 | 000,561,015 | ---- | M] () -- C:\Users\Rybak\Desktop\1170651_610322985669853_1484389318_n.png
[2014/01/08 20:03:14 | 000,001,861 | ---- | M] () -- C:\Users\Rybak\Desktop\TechPowerUp GPU-Z.lnk
[2014/01/08 19:40:47 | 001,161,350 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-010.jpg
[2014/01/08 19:40:37 | 000,925,043 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-003.jpg
[2014/01/08 19:39:23 | 001,193,175 | ---- | M] () -- C:\Users\Rybak\Desktop\monumentslavy-009.jpg
[2014/01/08 18:45:54 | 000,024,896 | ---- | M] () -- C:\Users\Rybak\Desktop\gpuscreen.gif
[2014/01/08 17:11:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/01/08 17:07:21 | 000,002,275 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/08 17:03:24 | 000,001,211 | ---- | M] () -- C:\Users\Rybak\Desktop\Free Video to GIF Converter.lnk
[2014/01/08 17:01:31 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/08 17:01:31 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/08 17:01:28 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/01/08 17:01:28 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/01/08 17:01:28 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/01/08 17:01:28 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/08 17:01:28 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/08 17:01:28 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/08 17:01:28 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/01/08 17:01:28 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/08 17:01:28 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/01/08 17:01:28 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/01/08 17:01:28 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/08 17:01:28 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/01/08 17:01:28 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/08 17:01:28 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/08 17:01:28 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/08 17:01:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/01/08 17:01:28 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/01/08 17:01:28 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/01/08 17:01:28 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/08 17:01:28 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/01/08 17:01:28 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/08 17:01:28 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/08 17:01:28 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/08 17:01:28 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/08 17:01:28 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/08 17:01:28 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/08 17:01:28 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/08 17:01:28 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/01/08 17:01:28 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/01/08 17:01:28 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/08 17:01:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/01/08 17:01:28 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/08 17:01:28 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/08 17:01:28 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/08 17:01:28 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/08 17:01:28 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/01/08 17:01:28 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/08 17:01:28 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/08 17:01:28 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/08 17:01:28 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/08 17:01:28 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/01/08 17:01:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/01/08 17:01:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/08 17:01:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/08 17:01:28 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/08 17:01:28 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/08 17:01:28 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/08 17:01:28 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/08 17:01:28 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/08 17:01:28 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/08 17:01:28 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/08 17:01:28 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/08 17:01:28 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/08 17:01:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/08 17:01:28 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/08 17:01:28 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/08 17:01:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/08 17:01:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/01/08 17:01:28 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/08 17:01:28 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/08 17:01:28 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/08 17:01:28 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/01/08 17:01:28 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/08 17:01:28 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/01/08 17:01:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/08 17:01:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/08 17:01:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/01/08 17:01:28 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/08 17:01:28 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/08 17:01:28 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/08 17:01:28 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/01/08 17:01:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/01/08 17:01:28 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/08 17:01:28 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/08 17:01:28 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/08 17:01:28 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/08 17:01:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/01/08 17:01:28 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/08 17:01:28 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/08 17:01:28 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/01/08 11:38:24 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Instagiffer.lnk
[2014/01/07 21:31:26 | 002,137,466 | ---- | M] () -- C:\Users\Rybak\Desktop\photo 2.JPG
[2014/01/07 21:29:58 | 000,166,910 | ---- | M] () -- C:\Users\Rybak\Desktop\netflix.jpg
[2014/01/07 21:06:41 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/07 19:36:43 | 000,160,286 | ---- | M] () -- C:\Users\Rybak\Desktop\1.jpg
[2014/01/06 13:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2014/01/06 12:30:21 | 000,155,505 | ---- | M] () -- C:\Users\Rybak\Desktop\8352300501060017_12_24_2013.pdf
[2013/12/29 21:22:15 | 000,002,070 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/12/29 21:22:15 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/12/29 16:05:14 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/29 16:05:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/29 16:04:47 | 000,001,157 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/29 16:04:47 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/12/27 02:49:16 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/12/26 19:04:02 | 000,143,370 | ---- | M] () -- C:\Users\Rybak\Desktop\4l9lJCT.jpg
[2013/12/26 04:46:03 | 000,000,992 | ---- | M] () -- C:\Users\Rybak\Desktop\Inky.lnk
[2013/12/25 21:59:15 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\reditr.lnk
[2013/12/25 21:43:24 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2013/12/25 21:43:24 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/12/25 11:21:14 | 000,078,000 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,017,296 | ---- | M] () -- C:\Windows\SysNative\RW_FileType.dat
[2013/12/25 11:21:14 | 000,014,800 | ---- | M] () -- C:\Windows\SysNative\RW_AppData.dat
[2013/12/25 11:21:14 | 000,004,245 | ---- | M] () -- C:\config.xml
[2013/12/25 11:21:14 | 000,000,492 | ---- | M] () -- C:\Windows\SysNative\RW_FileFlag.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/24 01:15:36 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013/12/24 01:15:36 | 000,001,244 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2013/12/23 01:06:53 | 000,001,283 | ---- | M] () -- C:\Users\Rybak\Desktop\FspUip.exe - Shortcut.lnk
[2013/12/23 01:05:14 | 000,002,787 | ---- | M] () -- C:\Users\Public\Desktop\Asterisk Password Decryptor.lnk
[2013/12/22 21:03:29 | 000,001,049 | ---- | M] () -- C:\Users\Rybak\Desktop\Notepad++.lnk
[2013/12/22 20:38:48 | 001,324,940 | ---- | M] () -- C:\Users\Rybak\Desktop\NetStumblerInstaller_0_4_0.exe
[2013/12/22 19:32:58 | 000,041,860 | ---- | M] () -- C:\Users\Rybak\Desktop\axe.jpg
[2013/12/22 17:10:00 | 006,526,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/22 16:56:24 | 000,065,111 | ---- | M] () -- C:\Users\Rybak\Desktop\GqeBoPV.jpg
[2013/12/22 11:08:48 | 000,060,779 | ---- | M] () -- C:\Users\Rybak\Desktop\WWP.png
[2013/12/22 10:58:02 | 000,019,424 | ---- | M] () -- C:\Users\Rybak\Desktop\wwp.jpg
[2013/12/21 19:05:42 | 000,001,216 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk
[2013/12/21 19:05:42 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk
[2013/12/21 18:59:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/12/20 19:24:40 | 000,022,581 | ---- | M] () -- C:\Users\Rybak\Desktop\error.jpg
[2013/12/20 19:12:11 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/12/20 18:39:38 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/20 17:00:50 | 000,001,484 | ---- | M] () -- C:\Users\Rybak\Desktop\Command Prompt.lnk
[2013/12/19 18:07:29 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/18 09:07:50 | 000,001,100 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/12/18 09:07:50 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/12/18 01:30:34 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/12/18 01:30:33 | 000,620,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/12/16 17:39:58 | 002,843,432 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2013/12/16 17:39:40 | 000,240,936 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013/12/16 17:39:24 | 000,543,528 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2013/12/16 17:39:18 | 000,010,536 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013/12/15 15:16:53 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/15 15:16:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/15 15:16:53 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/15 15:16:53 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/15 00:02:49 | 000,000,132 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/12/13 15:31:23 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/12 12:03:03 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
[2014/01/12 12:02:29 | 002,633,042 | ---- | C] () -- C:\Users\Rybak\Desktop\MCShield-Setup.exe
[2014/01/12 11:58:22 | 000,373,248 | ---- | C] () -- C:\Users\Rybak\Desktop\Anti-VBSVBEx64.exe
[2014/01/12 11:54:30 | 000,057,286 | ---- | C] () -- C:\Users\Rybak\Desktop\Su-152.jpg
[2014/01/12 06:24:19 | 000,147,570 | ---- | C] () -- C:\Users\Rybak\Desktop\ped.jpg
[2014/01/11 19:03:50 | 000,001,117 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
[2014/01/11 19:03:40 | 000,001,007 | ---- | C] () -- C:\Users\Rybak\Desktop\Punto Switcher.lnk
[2014/01/11 18:22:20 | 007,366,064 | ---- | C] () -- C:\Users\Rybak\Desktop\DSC01934.JPG
[2014/01/10 13:13:42 | 000,001,085 | ---- | C] () -- C:\Users\Rybak\Desktop\WL2.exe - Shortcut.lnk
[2014/01/10 11:58:17 | 000,002,016 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2014/01/09 22:13:13 | 000,561,015 | ---- | C] () -- C:\Users\Rybak\Desktop\Makovin.png
[2014/01/09 21:03:10 | 005,227,019 | ---- | C] () -- C:\Users\Rybak\Desktop\namebench-1.3.1-Windows.exe
[2014/01/09 00:16:48 | 000,561,015 | ---- | C] () -- C:\Users\Rybak\Desktop\1170651_610322985669853_1484389318_n.png
[2014/01/08 20:03:14 | 000,001,861 | ---- | C] () -- C:\Users\Rybak\Desktop\TechPowerUp GPU-Z.lnk
[2014/01/08 19:40:47 | 001,161,350 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-010.jpg
[2014/01/08 19:40:37 | 000,925,043 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-003.jpg
[2014/01/08 19:39:22 | 001,193,175 | ---- | C] () -- C:\Users\Rybak\Desktop\monumentslavy-009.jpg
[2014/01/08 18:45:54 | 000,024,896 | ---- | C] () -- C:\Users\Rybak\Desktop\gpuscreen.gif
[2014/01/08 17:01:28 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/08 17:01:28 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/08 11:38:24 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Instagiffer.lnk
[2014/01/07 21:29:56 | 000,166,910 | ---- | C] () -- C:\Users\Rybak\Desktop\netflix.jpg
[2014/01/07 21:06:41 | 000,002,275 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/07 21:06:41 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/07 21:06:22 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/07 21:06:22 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/07 19:36:40 | 000,160,286 | ---- | C] () -- C:\Users\Rybak\Desktop\1.jpg
[2014/01/06 12:30:25 | 000,155,505 | ---- | C] () -- C:\Users\Rybak\Desktop\8352300501060017_12_24_2013.pdf
[2013/12/29 21:22:15 | 000,002,070 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/12/29 21:22:15 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/12/29 16:05:15 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 16:04:47 | 000,001,157 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/29 16:04:47 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/12/27 02:45:59 | 000,000,262 | ---- | C] () -- C:\Users\Rybak\uacossack.inkyp
[2013/12/26 19:04:02 | 000,143,370 | ---- | C] () -- C:\Users\Rybak\Desktop\4l9lJCT.jpg
[2013/12/26 16:37:29 | 002,137,466 | ---- | C] () -- C:\Users\Rybak\Desktop\photo 2.JPG
[2013/12/26 04:46:03 | 000,001,000 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inky.lnk
[2013/12/26 04:46:03 | 000,000,992 | ---- | C] () -- C:\Users\Rybak\Desktop\Inky.lnk
[2013/12/25 21:59:15 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\reditr.lnk
[2013/12/25 21:40:06 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2013/12/25 21:40:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/12/25 11:21:14 | 000,078,000 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,017,296 | ---- | C] () -- C:\Windows\SysNative\RW_FileType.dat
[2013/12/25 11:21:14 | 000,014,800 | ---- | C] () -- C:\Windows\SysNative\RW_AppData.dat
[2013/12/25 11:21:14 | 000,004,245 | ---- | C] () -- C:\config.xml
[2013/12/25 11:21:14 | 000,000,492 | ---- | C] () -- C:\Windows\SysNative\RW_FileFlag.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B03-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B02-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/25 11:21:14 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{DAAA5B01-367D-11E3-A0C0-806E6F6E6963}.dat
[2013/12/24 01:15:36 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013/12/24 01:15:36 | 000,001,244 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2013/12/23 01:06:53 | 000,001,283 | ---- | C] () -- C:\Users\Rybak\Desktop\FspUip.exe - Shortcut.lnk
[2013/12/22 20:38:48 | 001,324,940 | ---- | C] () -- C:\Users\Rybak\Desktop\NetStumblerInstaller_0_4_0.exe
[2013/12/22 19:49:11 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
[2013/12/22 19:42:40 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Asterisk Password Decryptor.lnk
[2013/12/22 19:32:58 | 000,041,860 | ---- | C] () -- C:\Users\Rybak\Desktop\axe.jpg
[2013/12/22 16:56:24 | 000,065,111 | ---- | C] () -- C:\Users\Rybak\Desktop\GqeBoPV.jpg
[2013/12/22 11:08:48 | 000,060,779 | ---- | C] () -- C:\Users\Rybak\Desktop\WWP.png
[2013/12/22 10:58:02 | 000,019,424 | ---- | C] () -- C:\Users\Rybak\Desktop\wwp.jpg
[2013/12/22 00:09:54 | 000,001,211 | ---- | C] () -- C:\Users\Rybak\Desktop\Free Video to GIF Converter.lnk
[2013/12/21 19:05:42 | 000,001,216 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk
[2013/12/21 19:05:42 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk
[2013/12/21 18:59:51 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/12/20 19:24:40 | 000,022,581 | ---- | C] () -- C:\Users\Rybak\Desktop\error.jpg
[2013/12/20 19:12:11 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/12/20 17:00:50 | 000,001,484 | ---- | C] () -- C:\Users\Rybak\Desktop\Command Prompt.lnk
[2013/12/18 09:09:51 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\GlaryUpdate 3.job
[2013/12/18 09:07:50 | 000,001,100 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/12/18 09:07:50 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/12/18 09:07:49 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/12/18 09:07:48 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013/12/17 00:53:03 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013/12/17 00:53:03 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2013/12/13 15:26:37 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/12/07 04:46:16 | 000,355,840 | ---- | C] () -- C:\Windows\SysWow64\LiveWrapRTSP.dll
[2013/11/23 20:55:56 | 000,000,037 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/11/19 17:35:30 | 000,000,132 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/11/18 21:42:07 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2013/11/10 13:13:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/11/07 19:16:01 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/07 19:15:59 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/11/07 19:15:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/02 09:30:28 | 000,000,012 | ---- | C] () -- C:\Windows\wind3264st.dat
[2013/10/23 02:54:57 | 000,000,600 | ---- | C] () -- C:\Users\Rybak\PUTTY.RND
[2013/10/19 18:14:53 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2013/10/18 17:50:58 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2013/10/18 15:30:37 | 000,004,545 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamStudio.cfg
[2013/10/18 15:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamShapes.ini
[2013/10/18 15:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamLayout.ini
[2013/10/18 15:30:37 | 000,000,100 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Camdata.ini
[2013/10/18 15:18:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2013/10/18 11:56:45 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/17 12:56:20 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/10/16 15:52:40 | 000,000,380 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys
[2013/10/16 15:48:33 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013/10/16 15:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013/10/16 15:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013/10/16 15:48:32 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/10/16 15:48:32 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/10 18:28:14 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\.ACEStream
[2013/12/02 17:22:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ACEStream
[2013/10/20 15:51:22 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Amazon
[2013/12/19 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\AMS Software
[2013/10/20 07:59:06 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Ashampoo
[2013/12/22 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Asterisk Password Decryptor
[2013/11/24 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Awesomium
[2014/01/12 07:07:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\BfToe
[2013/10/24 08:57:12 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bigasoft Video Downloader Pro
[2013/12/11 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bitcoin
[2013/12/19 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Chamber
[2013/12/04 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Digital Confidence
[2013/11/23 18:09:06 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\DiskSpaceFan
[2013/12/20 08:51:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Dropbox
[2013/12/13 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Durbetsel 6.3
[2013/12/22 22:27:08 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\eM Client
[2013/11/15 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FaceOffMax
[2014/01/11 12:31:56 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FileZilla
[2013/11/10 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Flock
[2013/12/29 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Foxit Software
[2013/11/05 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\freac
[2013/12/18 09:07:49 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\GlarySoft
[2013/12/21 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\IObit
[2014/01/12 07:07:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\iznIy
[2014/01/09 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\jagex_cache
[2014/01/06 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\LockHunter
[2013/12/04 23:49:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Miranda
[2014/01/11 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\MouseMonitor
[2013/10/20 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\NeoDownloader
[2013/12/22 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Notepad++
[2014/01/10 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\OpenDNS Updater
[2013/10/19 16:18:44 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Origin
[2013/10/23 11:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PDAppFlex
[2013/12/21 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PearlMountain
[2013/10/19 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Preme for Windows
[2013/11/02 09:47:47 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\RoboForm
[2013/10/28 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TAC
[2013/12/07 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TeamViewer
[2014/01/03 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TuneUp Software
[2013/11/22 17:35:22 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Unity
[2014/01/11 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\uTorrent
[2013/11/18 21:42:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\VDownloader
[2013/11/08 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Wargaming.net
[2013/12/24 01:15:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Xirrus
[2014/01/11 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Yandex

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/13 23:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 23:08:49 | 000,020,522 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/12/06 21:54:46 | 000,000,320 | ---- | C] () -- C:\Windows\Tasks\Start Registry Reviver for [email protected](logon).job
[2013/12/18 09:07:49 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\GlaryInitialize 3.job
[2013/12/18 09:09:51 | 000,000,378 | ---- | C] () -- C:\Windows\Tasks\GlaryUpdate 3.job
[2013/12/29 16:05:15 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/01/07 21:06:22 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/01/07 21:06:22 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 780E-9C25
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Rybak
10/16/2013 08:57 AM <JUNCTION> Application Data [C:\Users\Rybak\AppData\Roaming]
10/16/2013 08:57 AM <JUNCTION> Cookies [C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Cookies]
10/16/2013 08:57 AM <JUNCTION> Local Settings [C:\Users\Rybak\AppData\Local]
10/16/2013 08:57 AM <JUNCTION> My Documents [C:\Users\Rybak\Documents]
10/16/2013 08:57 AM <JUNCTION> NetHood [C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/16/2013 08:57 AM <JUNCTION> PrintHood [C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/16/2013 08:57 AM <JUNCTION> Recent [C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Recent]
10/16/2013 08:57 AM <JUNCTION> SendTo [C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\SendTo]
10/16/2013 08:57 AM <JUNCTION> Start Menu [C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu]
10/16/2013 08:57 AM <JUNCTION> Templates [C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Rybak\AppData\Local
10/16/2013 08:57 AM <JUNCTION> Application Data [C:\Users\Rybak\AppData\Local]
10/16/2013 08:57 AM <JUNCTION> History [C:\Users\Rybak\AppData\Local\Microsoft\Windows\History]
10/16/2013 08:57 AM <JUNCTION> Temporary Internet Files [C:\Users\Rybak\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Rybak\Documents
10/16/2013 08:57 AM <JUNCTION> My Music [C:\Users\Rybak\Music]
10/16/2013 08:57 AM <JUNCTION> My Pictures [C:\Users\Rybak\Pictures]
10/16/2013 08:57 AM <JUNCTION> My Videos [C:\Users\Rybak\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
10/16/2013 12:36 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
10/16/2013 12:36 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
10/16/2013 12:36 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
10/16/2013 12:36 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
10/16/2013 12:36 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/16/2013 12:36 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/16/2013 12:36 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
10/16/2013 12:36 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
10/16/2013 12:36 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
10/16/2013 12:36 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
10/16/2013 12:36 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
10/16/2013 12:36 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
10/16/2013 12:36 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
10/16/2013 12:36 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
10/16/2013 12:36 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
10/16/2013 12:36 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 38,976,417,792 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

========== Files - Unicode (All) ==========
[2014/01/11 19:02:19 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Яндекс

========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
--------------------------------------------------



But there was no Extras.txt report produced.


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thanks for that, it failed so I will need to get in touch with the developer... Anyway I can still do it manually :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\RunOnce: [dtrgf] C:\Users\Rybak\dtrgf\34152.vbs ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\RunOnce: [hcoxo] C:\Users\Rybak\hcoxo\89969.vbs ()
O4 - HKU\S-1-5-21-494354007-691658305-523761783-1000..\RunOnce: [vigqr] C:\Users\Rybak\vigqr\88170.vbs ()
[2014/01/11 15:04:05 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\dtrgf
[2014/01/10 14:45:40 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\phjjt
[2014/01/10 08:21:24 | 000,025,088 | ---- | C] (Microsoft Cooperation Inc.) -- C:\Users\Rybak\AppData\Roaming\Pin.exe
[2014/01/10 08:20:41 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\eqnqp
[2014/01/09 15:24:23 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\ukuot
[2014/01/07 13:03:20 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\hcoxo
[2014/01/07 12:31:44 | 000,000,000 | -H-D | C] -- C:\{$1284-9213-2940-1289$}
[2014/01/07 12:31:41 | 000,000,000 | RHSD | C] -- C:\Users\Rybak\vigqr
[2014/01/12 12:02:30 | 002,633,042 | ---- | M] () -- C:\Users\Rybak\Desktop\MCShield-Setup.exe
[2014/01/12 11:58:23 | 000,373,248 | ---- | M] () -- C:\Users\Rybak\Desktop\Anti-VBSVBEx64.exe
[2014/01/12 07:07:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\iznIy


:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
BearCavalry

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
Hello Essex. I did as you said, as soon as I clicked "Run Fix", I got the BSOD. I assume the same thing is going to happen if I do it again.
I'm scared.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope, I can get around this

Can you reboot to safe mode and then run OTL again please.. If necessary we will temporarily kill wscript a windows file :)
  • 0

#7
BearCavalry

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
okay, will try now. be back. Thank you again.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

#9
BearCavalry

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
Okay, I did the Safe Mode, and ran the program as you said.
And it said it needed to reboot, and it did, and it showed me this text:
Does it mean I am clean now? Because, what does the message "Unable to start System Restore Service. Error code 1084" mean?


All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-494354007-691658305-523761783-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\dtrgf deleted successfully.
C:\Users\Rybak\dtrgf\34152.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-21-494354007-691658305-523761783-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\hcoxo deleted successfully.
C:\Users\Rybak\hcoxo\89969.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-21-494354007-691658305-523761783-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\vigqr deleted successfully.
C:\Users\Rybak\vigqr\88170.vbs moved successfully.
C:\Users\Rybak\dtrgf folder moved successfully.
C:\Users\Rybak\phjjt folder moved successfully.
C:\Users\Rybak\AppData\Roaming\Pin.exe moved successfully.
C:\Users\Rybak\eqnqp folder moved successfully.
C:\Users\Rybak\ukuot folder moved successfully.
C:\Users\Rybak\hcoxo folder moved successfully.
C:\{$1284-9213-2940-1289$} folder moved successfully.
C:\Users\Rybak\vigqr folder moved successfully.
C:\Users\Rybak\Desktop\MCShield-Setup.exe moved successfully.
C:\Users\Rybak\Desktop\Anti-VBSVBEx64.exe moved successfully.
C:\Users\Rybak\AppData\Roaming\iznIy folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: Public

User: Rybak
->Temp folder emptied: 332300146 bytes
->Temporary Internet Files folder emptied: 104115452 bytes
->Java cache emptied: 58206 bytes
->FireFox cache emptied: 22904656 bytes
->Google Chrome cache emptied: 27866255 bytes
->Flash cache emptied: 76998 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 46074168 bytes
%systemroot%\System32 (64bit) .tmp files removed: 33798256 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7652444 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 256982 bytes
RecycleBin emptied: 158499210 bytes

Total Files Cleaned = 700.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01122014_141158

Files\Folders moved on Reboot...
C:\Users\Rybak\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rybak\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
System restore does not work in safe mode so OTL was unable to create a restore point.

Could you run a fresh OTL scan please ensuring all users is selected.

Also has Kaspersky ceased alerting ?
  • 0

Advertisements


#11
BearCavalry

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts

System restore does not work in safe mode so OTL was unable to create a restore point.

Could you run a fresh OTL scan please ensuring all users is selected.

Also has Kaspersky ceased alerting ?


Yes sir. Here it is. Is it okay that I attach it as a .txt document? it seems to be so messy to copy and paste the whole thing here.

Attached Files


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a quickscan with Kaspersky should now come up clean ... It may detect the bad boys in the C:\_OTL\moved files folder, a quarantine area

How is the computer behaving now ?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OOps I missed one folder

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
C:\Users\Rybak\AppData\Roaming\BfToe

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
    .

  • 0

#14
BearCavalry

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
:thumbsup::thumbsup:

Okay, I ran OTL again.

Here is the result:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Rybak\AppData\Roaming\BfToe folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: Public

User: Rybak
->Temp folder emptied: 19376521 bytes
->Temporary Internet Files folder emptied: 12400782 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67595425 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1293 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7442405 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 39627974850 bytes

Total Files Cleaned = 37,894.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01122014_144813

Files\Folders moved on Reboot...
C:\Users\Rybak\AppData\Local\Temp\VPN_3839\B7091C83.dll moved successfully.
C:\Users\Rybak\AppData\Local\Temp\VPN_3839\VPN_Lock.dat moved successfully.
C:\Users\Rybak\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rybak\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\VPN_B54A\48616C33.dll not found!
File\Folder C:\Windows\temp\VPN_B54A\B7091C83.dll not found!
File\Folder C:\Windows\temp\VPN_B54A\VPN_Lock.dat not found!
File\Folder C:\Windows\temp\VPN_4313\VPN_Lock.dat not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
-----------------------------------------


The Kaspersky quick scan shows I am clean.
Posted Image

Thank you so much Essex. I am blown away at your quick answers, knowledge, and the amount of whoopass you helped me open up on my malware and viruses. You are the best!!
Thank you so much.

Posted Image Posted Image <---Essex


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK one final task if I may before I tidy up.. Could you zip the C:\_OTL folder and attach it to your next post please. I will then pass it on to dr_bora so tha he can figure out where the anti vbs programme failed

Once that is done then.................

In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP