OTL logfile created on: 8-8-2012 10:07:09 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = D:\Waga\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,78% Memory free 7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,77 Gb Total Space | 211,20 Gb Free Space | 74,43% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 85,26 Gb Free Space | 28,60% Space Free | Partition Type: NTFS Drive E: | 14,03 Gb Total Space | 2,32 Gb Free Space | 16,54% Space Free | Partition Type: NTFS Drive F: | 99,34 Mb Total Space | 92,75 Mb Free Space | 93,37% Space Free | Partition Type: FAT32 Drive H: | 1,86 Gb Total Space | 1,67 Gb Free Space | 89,93% Space Free | Partition Type: FAT Computer Name: JA-PC | User Name: Ja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-22 07:17:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-07-14 01:34:44 | 002,048,616 | ---- | M] () -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe PRC - [2012-07-12 10:06:40 | 001,073,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe PRC - [2012-07-12 10:06:40 | 000,884,856 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe PRC - [2012-06-14 12:11:03 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Ja\AppData\Local\MediaGet2\mediaget.exe PRC - [2012-06-05 05:16:06 | 000,880,528 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012-05-14 12:39:49 | 001,816,976 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012-04-13 11:14:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- D:\Waga\OTL\OTL.exe PRC - [2011-10-13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011-03-01 19:16:04 | 000,615,936 | ---- | M] (Ultima Prime & Pawel Porwisz) -- C:\Program Files (x86)\TC UP\TC UP.exe PRC - [2010-12-17 07:56:10 | 003,707,808 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files (x86)\TC UP\TOTALCMD.EXE PRC - [2009-10-06 22:56:44 | 000,415,016 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe PRC - [2009-10-05 23:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009-09-04 13:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-22 07:17:43 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-07-14 01:34:44 | 002,048,616 | ---- | M] () -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe MOD - [2012-06-14 23:28:39 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\db6668b547e7504d74c3f345e2519b65\WindowsFormsIntegration.ni.dll MOD - [2012-06-14 23:28:27 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\0a0d6610975706aee94ec9f44191bab8\System.Configuration.Install.ni.dll MOD - [2012-06-14 12:11:05 | 011,742,440 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtWebKit4.dll MOD - [2012-06-14 12:11:05 | 002,554,088 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtXmlPatterns4.dll MOD - [2012-06-14 12:11:05 | 000,343,784 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtXml4.dll MOD - [2012-06-14 12:11:04 | 008,227,560 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtGui4.dll MOD - [2012-06-14 12:11:04 | 002,430,184 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtDeclarative4.dll MOD - [2012-06-14 12:11:04 | 002,297,576 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtCore4.dll MOD - [2012-06-14 12:11:04 | 001,298,152 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtScript4.dll MOD - [2012-06-14 12:11:04 | 000,979,176 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtNetwork4.dll MOD - [2012-06-14 12:11:04 | 000,224,488 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\imageformats\qmng4.dll MOD - [2012-06-14 12:11:04 | 000,200,424 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\imageformats\qjpeg4.dll MOD - [2012-06-14 12:11:04 | 000,195,304 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\QtSql4.dll MOD - [2012-06-14 12:11:04 | 000,030,440 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\imageformats\qgif4.dll MOD - [2012-06-14 12:11:03 | 002,267,368 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\libvlccore.dll MOD - [2012-06-14 12:11:03 | 000,105,192 | ---- | M] () -- C:\Users\Ja\AppData\Local\MediaGet2\libvlc.dll MOD - [2012-06-14 00:58:52 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll MOD - [2012-06-14 00:58:37 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll MOD - [2012-06-14 00:58:31 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012-06-14 00:58:24 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll MOD - [2012-06-14 00:58:22 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012-05-10 00:07:45 | 001,885,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9c2da5bc8e93845d80dc6768efa78de7\System.Web.Services.ni.dll MOD - [2012-05-10 00:07:33 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll MOD - [2012-05-10 00:07:09 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll MOD - [2012-05-10 00:05:34 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll MOD - [2012-05-10 00:05:34 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll MOD - [2012-05-10 00:05:33 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll MOD - [2012-05-10 00:05:33 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll MOD - [2012-05-10 00:05:32 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll MOD - [2012-05-10 00:05:31 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll MOD - [2012-05-10 00:05:28 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012-05-10 00:00:44 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012-05-09 23:56:52 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012-05-09 23:56:50 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll MOD - [2012-05-09 23:56:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012-05-09 23:56:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012-05-09 23:56:37 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012-05-09 23:56:30 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2012-02-26 21:12:49 | 000,046,592 | ---- | M] () -- C:\Users\Ja\AppData\Local\Media Get LLC\MediaGet2\player_plugins\plugins\libwaveout_plugin.dll MOD - [2012-02-26 21:12:48 | 002,157,568 | ---- | M] () -- C:\Users\Ja\AppData\Local\Media Get LLC\MediaGet2\player_plugins\plugins\libskins2_plugin.dll MOD - [2012-02-26 21:12:46 | 000,046,592 | ---- | M] () -- C:\Users\Ja\AppData\Local\Media Get LLC\MediaGet2\player_plugins\plugins\libhotkeys_plugin.dll MOD - [2012-02-26 21:12:46 | 000,033,792 | ---- | M] () -- C:\Users\Ja\AppData\Local\Media Get LLC\MediaGet2\player_plugins\plugins\libmemcpymmxext_plugin.dll MOD - [2012-02-26 21:12:45 | 000,210,944 | ---- | M] () -- C:\Users\Ja\AppData\Local\Media Get LLC\MediaGet2\player_plugins\plugins\libdshow_plugin.dll MOD - [2012-02-26 21:12:45 | 000,067,072 | ---- | M] () -- C:\Users\Ja\AppData\Local\Media Get LLC\MediaGet2\player_plugins\plugins\libdirectx_plugin.dll MOD - [2012-02-26 21:12:43 | 000,046,592 | ---- | M] () -- C:\Users\Ja\AppData\Local\Media Get LLC\MediaGet2\player_plugins\plugins\libaout_directx_plugin.dll MOD - [2010-12-17 07:56:10 | 000,165,376 | ---- | M] () -- C:\Program Files (x86)\TC UP\unrar.dll MOD - [2009-10-06 22:57:02 | 000,279,976 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll MOD - [2009-10-06 22:57:02 | 000,120,232 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll MOD - [2009-10-06 22:57:00 | 000,464,168 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll MOD - [2009-10-05 23:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009-08-20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009-08-20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009-08-20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2011-05-13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:[b]64bit:[/b] - [2010-03-23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2009-09-04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009-08-05 05:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-03-02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2012-08-03 05:00:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-22 07:17:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-14 01:34:44 | 002,048,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru) SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-05-20 20:03:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-10-21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-10-13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010-03-23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009-03-02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2009-02-22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-05-13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:[b]64bit:[/b] - [2011-05-13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-01-26 18:27:48 | 000,030,312 | ---- | M] (CaptainFlint Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-05-27 23:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010-03-23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2009-09-21 19:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-09-17 21:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009-09-17 21:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2009-09-17 21:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009-09-17 21:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009-08-05 06:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-07-24 08:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009-06-10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009-06-10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009-06-10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2009-06-10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-05-05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2009-04-29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:[b]64bit:[/b] - [2009-03-09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2 IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2 IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{F698DC29-0565-44F8-8FCC-2FE4C1CE644C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2 IE - HKLM\..\URLSearchHook: {1a894269-562d-459e-b17e-efd8de428e41} - C:\Program Files (x86)\Kino-Filmov.Net\tbKino.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\Podsolnushki.com\prxtbPods.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKLM\..\SearchScopes\{F698DC29-0565-44F8-8FCC-2FE4C1CE644C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ru.msn.com/?ocid=OIE9MSE IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9SE_RURU/110 IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes] IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\URLSearchHook: {1a894269-562d-459e-b17e-efd8de428e41} - C:\Program Files (x86)\Kino-Filmov.Net\tbKino.dll (Conduit Ltd.) IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\URLSearchHook: {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\Podsolnushki.com\prxtbPods.dll (Conduit Ltd.) IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\SearchScopes\{F698DC29-0565-44F8-8FCC-2FE4C1CE644C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-315289425-1897288148-839911036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=ru&source=webhp" FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=362&systemid=406&sr=0&q=" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ja\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ja\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2012-07-22 22:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-22 07:17:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-22 07:17:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-05-28 23:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ja\AppData\Roaming\Mozilla\Extensions [2012-07-22 22:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\z095vz9d.default\extensions [2012-07-19 18:53:10 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\z095vz9d.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012-05-20 01:53:23 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\z095vz9d.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-07-22 22:34:45 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\z095vz9d.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012-07-24 00:05:02 | 000,002,230 | ---- | M] () -- C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\z095vz9d.default\searchplugins\SearchTheWeb.xml [2012-07-14 03:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012-05-31 19:14:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-07-14 03:37:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-22 22:33:15 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM [2012-07-22 07:17:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-03-15 08:51:02 | 000,002,549 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mailru.xml [2012-03-15 08:51:02 | 000,005,568 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ozonru.xml [2012-03-15 08:51:02 | 000,001,133 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priceru.xml [2012-07-12 09:59:06 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml [2012-05-20 01:53:18 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-03-15 08:51:02 | 000,001,304 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ru.xml [2012-03-15 08:51:02 | 000,001,548 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-slovari.xml [2012-07-22 07:17:42 | 000,001,723 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: No name found = C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: No name found = C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\ CHR - Extension: No name found = C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.3.3_0\ CHR - Extension: No name found = C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Kino-Filmov.Net Toolbar) - {1a894269-562d-459e-b17e-efd8de428e41} - C:\Program Files (x86)\Kino-Filmov.Net\tbKino.dll (Conduit Ltd.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O2 - BHO: (Podsolnushki.com Toolbar) - {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\Podsolnushki.com\prxtbPods.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKLM\..\Toolbar: (Kino-Filmov.Net Toolbar) - {1a894269-562d-459e-b17e-efd8de428e41} - C:\Program Files (x86)\Kino-Filmov.Net\tbKino.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Podsolnushki.com Toolbar) - {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\Podsolnushki.com\prxtbPods.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKU\S-1-5-21-315289425-1897288148-839911036-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe () O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-315289425-1897288148-839911036-1000..\Run: [MediaGet2] C:\Users\Ja\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKU\S-1-5-21-315289425-1897288148-839911036-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1956918F-380D-46AD-B03C-E10E5750A5F3}: DhcpNameServer = 40.6.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00570DB-47DD-4EB6-B68C-5B389754D40F}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-08 09:12:23 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\WinRAR [2012-08-08 09:11:30 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012-08-08 09:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012-08-08 09:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012-08-08 09:09:10 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Local\GHISLER [2012-08-08 09:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander Ultima Prime [2012-08-08 09:03:35 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\HEXelon [2012-08-08 09:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TC UP [2012-07-29 21:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales 2- The Legacy CE_RUS [2012-07-29 21:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales The Bride CE Rus [2012-07-29 21:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grim Tales The Bride CE Rus [2012-07-27 01:19:59 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Elephant Games [2012-07-27 01:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games [2012-07-24 01:03:00 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Between The Worlds 2 [2012-07-22 22:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012-07-22 22:34:59 | 000,000,000 | ---D | C] -- C:\Users\Ja\Tracing [2012-07-22 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Iminent [2012-07-22 22:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar [2012-07-22 22:34:34 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012-07-22 22:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent [2012-07-22 22:33:54 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DoubleGames [2012-07-22 22:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DoubleGames.ru [2012-07-22 22:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent [2012-07-22 22:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [2012-07-22 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012-07-22 11:15:40 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Between the Worlds 2 The Pyramid [2012-07-22 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Between the Worlds 2 The Pyramid [2012-07-22 09:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CookingAcademy3RFS [2012-07-22 09:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SpookyMall [2012-07-22 08:53:33 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Orneon [2012-07-22 08:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Podsolnushki.com [2012-07-22 08:42:21 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ñòðàøíûå ñêàçêè. Æåëàíèå [2012-07-22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Echoes of the Past 3 CE Rus [2012-07-14 03:37:14 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012-07-14 03:37:13 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-07-14 03:37:13 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-07-14 03:37:13 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-07-14 03:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012-07-14 03:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012-07-14 03:01:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-07-14 03:01:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-07-14 03:01:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-07-14 03:01:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-07-14 03:01:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-07-14 03:01:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-07-14 03:01:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-07-14 03:01:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-07-14 03:01:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-07-14 03:01:34 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-07-14 03:01:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-07-14 03:01:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-07-14 03:01:33 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-07-14 01:47:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012-07-14 01:47:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012-07-14 01:47:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-07-14 01:45:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012-07-14 01:45:14 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-08 09:55:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-08 09:55:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-08 09:47:26 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJa.job [2012-08-08 09:47:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-08 09:46:46 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2012-08-08 09:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-08 09:23:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-315289425-1897288148-839911036-1000UA.job [2012-08-08 09:08:06 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TC UP.lnk [2012-08-08 09:00:00 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-08-08 09:00:00 | 000,630,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-08-08 09:00:00 | 000,112,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-08-07 07:40:22 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-315289425-1897288148-839911036-1000Core.job [2012-08-03 05:04:57 | 000,002,396 | ---- | M] () -- C:\Users\Ja\Desktop\Google Chrome.lnk [2012-08-03 05:00:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-08-03 05:00:44 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-07-29 21:23:48 | 000,001,760 | ---- | M] () -- C:\Users\Ja\Desktop\GrimTales_TheBride_CE - Shortcut.lnk [2012-07-29 21:20:47 | 000,001,344 | ---- | M] () -- C:\Users\Ja\Desktop\GrimTales_TheLegacy_CE - Shortcut.lnk [2012-07-22 22:33:55 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012-07-22 13:22:14 | 000,001,162 | ---- | M] () -- C:\Users\Ja\Desktop\Âåñåëûé ïîâàð.lnk [2012-07-22 11:15:40 | 000,002,144 | ---- | M] () -- C:\Users\Ja\Desktop\More Games At....lnk [2012-07-22 11:15:40 | 000,002,069 | ---- | M] () -- C:\Users\Ja\Desktop\Èãðàòü Between the Worlds 2 The Pyramid.lnk [2012-07-22 09:33:31 | 000,001,112 | ---- | M] () -- C:\Users\Ja\Desktop\Cooking Academy 3 Recipe For Success.lnk [2012-07-22 09:02:40 | 000,001,159 | ---- | M] () -- C:\Users\Ja\Desktop\Ïîëóíî÷íûé ìàãàçèí.lnk [2012-07-22 08:42:21 | 000,000,923 | ---- | M] () -- C:\Users\Ja\Desktop\Ñòðàøíûå ñêàçêè. Æåëàíèå.lnk [2012-07-22 08:37:07 | 000,002,499 | ---- | M] () -- C:\Users\Ja\Desktop\Echoes_of_the_Past_3_CE_Rus.lnk [2012-07-14 03:37:00 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-07-14 03:37:00 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-07-14 03:37:00 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-07-14 03:36:59 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012-07-14 03:36:59 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012-07-14 03:22:35 | 000,351,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-08 09:08:06 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TC UP.lnk [2012-08-08 09:07:29 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJa.job [2012-07-29 21:23:48 | 000,001,760 | ---- | C] () -- C:\Users\Ja\Desktop\GrimTales_TheBride_CE - Shortcut.lnk [2012-07-29 21:20:47 | 000,001,344 | ---- | C] () -- C:\Users\Ja\Desktop\GrimTales_TheLegacy_CE - Shortcut.lnk [2012-07-22 22:33:36 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012-07-22 11:15:40 | 000,002,069 | ---- | C] () -- C:\Users\Ja\Desktop\Èãðàòü Between the Worlds 2 The Pyramid.lnk [2012-07-22 09:33:31 | 000,001,112 | ---- | C] () -- C:\Users\Ja\Desktop\Cooking Academy 3 Recipe For Success.lnk [2012-07-22 09:02:40 | 000,001,159 | ---- | C] () -- C:\Users\Ja\Desktop\Ïîëóíî÷íûé ìàãàçèí.lnk [2012-07-22 08:42:21 | 000,000,923 | ---- | C] () -- C:\Users\Ja\Desktop\Ñòðàøíûå ñêàçêè. Æåëàíèå.lnk [2012-07-22 08:37:07 | 000,002,499 | ---- | C] () -- C:\Users\Ja\Desktop\Echoes_of_the_Past_3_CE_Rus.lnk [2012-03-06 21:14:47 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-02-28 00:21:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012-02-24 20:39:07 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [color=#E56717]========== LOP Check ==========[/color] [2012-07-24 02:03:21 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Between The Worlds 2 [2012-04-25 20:27:09 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\DikobrazGames [2012-04-29 07:39:58 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\EleFun Games [2012-07-29 21:23:05 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Elephant Games [2012-05-20 02:03:17 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Friday's games [2012-04-26 08:13:48 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Happy Artist Studio [2012-04-25 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Happy Chef [2012-08-08 09:03:35 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\HEXelon [2012-07-22 22:34:42 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Iminent [2012-07-24 00:11:42 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\iWin [2012-02-23 08:37:04 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Media Get LLC [2012-02-23 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\MumboJumbo [2012-05-28 23:50:52 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Opera [2012-07-22 08:53:33 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Orneon [2012-06-03 03:36:20 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\Playboom Entertainment [2012-08-08 10:08:18 | 000,000,000 | ---D | M] -- C:\Users\Ja\AppData\Roaming\uTorrent [2012-07-14 03:22:51 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2012-07-22 22:33:55 | 000,001,362 | ---- | M] ()(C:\Users\Public\Desktop\?????? ?????.lnk) -- C:\Users\Public\Desktop\Джевел квест.lnk [2012-07-22 22:33:55 | 000,001,362 | ---- | C] ()(C:\Users\Public\Desktop\?????? ?????.lnk) -- C:\Users\Public\Desktop\Джевел квест.lnk [2012-04-25 19:15:17 | 000,001,243 | ---- | M] ()(C:\Users\Ja\Desktop\????? ????????.lnk) -- C:\Users\Ja\Desktop\Магия пасьянса.lnk [2012-04-25 19:15:17 | 000,001,243 | ---- | C] ()(C:\Users\Ja\Desktop\????? ????????.lnk) -- C:\Users\Ja\Desktop\Магия пасьянса.lnk [2012-02-23 08:10:30 | 000,000,176 | ---- | M] ()(C:\Users\Ja\Desktop\?????? ? ?????????.url) -- C:\Users\Ja\Desktop\Искать в Интернете.url [2012-02-23 08:10:30 | 000,000,176 | ---- | C] ()(C:\Users\Ja\Desktop\?????? ? ?????????.url) -- C:\Users\Ja\Desktop\Искать в Интернете.url [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:87A3A233 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:67D43EFA @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D6255023 < End of report >