Need help after browser hijacker removed. _MEI31722 folder possible trojan?

[roliks]

I was recently (although I dont know how) was infected by a browser hijacker. I used my tools (Spybot, Kaspersky, windows security essentials, etc... to remove it) It was preventing me opening malwarebytes. I started looking into it and it appears that there have been a couple threads in places that say the folder in C:\Users\USER\AppData\Local\Temp named is a trojan program. This folder contains some pythoncom.dll, win32api.pyd and other pyd and dll files. Is this a malware/virus/trojan/etc... ? Can anyone help or direct me in this matter it would be greatly appreciated.

Thanks!

[roliks]

I was recently (although I dont know how) was infected by a browser hijacker. I used my tools (Spybot, Kaspersky, windows security essentials, etc... to remove it) It was preventing me opening malwarebytes. I started looking into it and it appears that there have been a couple threads in places that say the folder in C:\Users\USER\AppData\Local\Temp named is a trojan program. This folder contains some pythoncom.dll, win32api.pyd and other pyd and dll files. Is this a malware/virus/trojan/etc... ? Can anyone help or direct me in this matter it would be greatly appreciated.

Thanks!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by SMl (administrator) on WILBUR on 07-07-2014 15:27:20
Running from C:\Users\SMl\Desktop\Malware
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\AMD\amdacpusrsvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
() C:\Windows\DAODx.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2013-03-23] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9993344 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1226775838-3376272204-400615213-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)
HKU\S-1-5-21-1226775838-3376272204-400615213-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)
HKU\S-1-5-21-1226775838-3376272204-400615213-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\Users\SMl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
BootExecute:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDDE10D4DE627CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...0321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\SMl\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\SMl\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\SMl\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\SMl\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\SMl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SMl\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\SMl\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\Extensions\artur.dubovoy@gmail.com [2014-04-10]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-04-10]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-01-26]
FF Extension: Download YouTube Videos as MP4 - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-04-10]
FF Extension: Easy YouTube Video Downloader - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-04-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-07-01]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [112640 2014-05-22] () [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-27] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-03-23] (Creative Labs) [File not signed]
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-09-30] (Creative Technology Ltd) [File not signed]
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon) [File not signed]
S4 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-30] (iolo technologies, LLC)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-14] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [276192 2014-05-22] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-05-29] (EldoS Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-01] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [67992 2009-10-07] (Logitech Inc.)
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39080 2014-04-08] (Razer Inc)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-03-31] (Razer USA Ltd) [File not signed]
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31400 2014-04-08] (Razer Inc)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-02-16] (Windows (R) Win 7 DDK provider)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)
S3 GPU-Z; \??\C:\Users\SMl\AppData\Local\Temp\GPU-Z.sys [X]
S1 ialfidkc; \??\C:\Windows\system32\drivers\ialfidkc.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-07 15:27 - 2014-07-07 15:27 - 00000000 ____D () C:\FRST
2014-07-07 15:26 - 2014-07-07 15:27 - 00000000 ____D () C:\Users\SMl\Desktop\Malware
2014-07-07 14:05 - 2014-07-07 14:05 - 00000166 _____ () C:\Users\SMl\Desktop\Need help after browser hijacker removed. _MEI31722 folder possible trojan-.url
2014-07-07 13:50 - 2014-07-07 13:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-07 12:48 - 2014-07-07 12:48 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\SMl\Downloads\iExplore64.exe
2014-07-07 12:44 - 2014-07-07 12:44 - 00000089 _____ () C:\Users\SMl\Desktop\How to easily clean an infected computer (Malware Removal Guide).url
2014-07-07 12:42 - 2014-07-07 12:50 - 00001780 _____ () C:\Users\SMl\Desktop\Rkill.txt
2014-07-07 12:41 - 2014-07-07 12:41 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\SMl\Downloads\iExplore.exe
2014-07-07 12:38 - 2014-07-07 12:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\SMl\Downloads\tdsskiller.exe
2014-07-07 02:54 - 2014-07-07 02:55 - 109513976 _____ (Microsoft Corporation) C:\Users\SMl\Downloads\msert.exe
2014-07-07 02:34 - 2014-07-01 03:21 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140707-023434.backup
2014-07-02 20:12 - 2014-07-07 13:13 - 00125019 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 20:11 - 2014-07-07 13:09 - 00000224 _____ () C:\Windows\setupact.log
2014-07-02 20:11 - 2014-07-02 20:11 - 00001110 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-02 20:11 - 2014-07-02 20:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 20:10 - 2014-07-02 20:10 - 00003288 ____N () C:\bootsqm.dat
2014-07-02 06:36 - 2014-07-02 06:36 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-07-01 23:43 - 2014-07-01 23:43 - 00004370 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-01 23:43 - 2014-07-01 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-01 23:22 - 2014-07-01 23:22 - 00002216 _____ () C:\Users\SMl\Desktop\Safe Money.lnk
2014-07-01 23:22 - 2014-07-01 23:22 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-07-01 23:22 - 2014-07-01 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
2014-07-01 23:22 - 2013-11-11 22:18 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-07-01 23:21 - 2014-07-01 23:38 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-01 23:21 - 2014-07-01 23:38 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-01 23:21 - 2014-07-01 23:21 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-07-01 23:21 - 2014-07-01 23:21 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-01 23:21 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-07-01 23:21 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-07-01 22:51 - 2014-07-01 22:51 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\SMl\Desktop\pur13.0.2.558abcdEN_5352.exe
2014-07-01 22:50 - 2014-07-01 22:51 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\SMl\Downloads\pur13.0.2.558abcdEN_5352.exe
2014-07-01 20:37 - 2014-07-07 13:04 - 00000000 ____D () C:\Users\SMl\Desktop\mbar
2014-07-01 20:27 - 2014-07-01 20:27 - 00003230 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 20:26 - 2014-07-01 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-07-01 04:36 - 2014-07-01 04:36 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-01 04:36 - 2014-07-01 04:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-01 04:36 - 2014-07-01 04:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-30 23:31 - 2014-07-07 12:49 - 05215766 ____R (Swearware) C:\Users\SMl\Downloads\ComboFix.exe
2014-06-30 23:31 - 2014-07-01 03:28 - 00000000 ____D () C:\Windows\erdnt
2014-06-30 23:25 - 2014-06-30 23:25 - 00066592 _____ () C:\Users\SMl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 22:34 - 2014-07-07 02:34 - 05020298 _____ () C:\immudebug.log
2014-06-30 22:28 - 2014-06-30 22:28 - 00001258 _____ () C:\Users\SMl\Desktop\Spybot - Search & Destroy.lnk
2014-06-30 22:28 - 2014-06-30 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-30 22:10 - 2014-06-30 22:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-30 22:10 - 2014-06-30 22:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 22:09 - 2014-06-30 22:09 - 00120536 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-06-30 22:09 - 2014-05-20 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SMl\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-30 02:18 - 2014-06-30 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 02:18 - 2014-06-30 22:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 02:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-30 02:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-30 01:43 - 2014-07-07 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-30 01:43 - 2014-07-07 12:55 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 01:43 - 2014-07-07 12:55 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-30 01:43 - 2014-06-30 01:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SMl\Downloads\mbar-1.07.0.1012.exe
2014-06-30 01:33 - 2014-06-30 01:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:26 - 2014-06-30 01:26 - 00000109 _____ () C:\Users\SMl\Desktop\MBAM Clean Removal Process - Malwarebytes Anti-Malware Help - Malwarebytes Forum.url
2014-06-30 01:07 - 2014-06-30 01:19 - 00000003 _____ () C:\Users\SMl\AppData\Local\proxy.log
2014-06-29 22:36 - 2014-06-29 22:36 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-06-29 21:40 - 2014-07-07 02:00 - 00000000 ____D () C:\Users\SMl\AppData\Local\Adobe
2014-06-26 00:52 - 2014-06-26 00:52 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\TheBannerSaga
2014-06-19 21:09 - 2014-06-19 21:09 - 00001857 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-06-19 21:09 - 2014-06-19 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
2014-06-19 21:09 - 2014-06-19 21:09 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-06-19 21:07 - 2014-06-19 21:09 - 53904873 _____ () C:\Users\SMl\Downloads\blender-2.70a-windows64.exe
2014-06-18 23:22 - 2014-06-18 23:22 - 00000075 _____ () C:\Users\SMl\Desktop\Landmark - Player Studio.url
2014-06-17 21:02 - 2014-06-17 21:02 - 00127712 _____ () C:\Users\SMl\Documents\HouseandLot.skp
2014-06-17 19:52 - 2014-06-17 19:52 - 00002025 _____ () C:\Users\Public\Desktop\SketchUp 8.lnk
2014-06-17 19:52 - 2014-06-17 19:52 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\Google
2014-06-17 19:52 - 2014-06-17 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 8
2014-06-17 19:52 - 2014-06-17 19:52 - 00000000 ____D () C:\ProgramData\Google
2014-06-17 19:50 - 2014-06-17 19:50 - 35800192 _____ (Trimble Navigation Limited) C:\Users\SMl\Downloads\FW-3-0-16846-EN.exe
2014-06-17 00:03 - 2014-06-17 00:03 - 00000114 _____ () C:\Users\SMl\Desktop\4K TVs with passive 3D- Finally, a good use for all those pixels - CNET.url
2014-06-14 22:28 - 2014-06-14 22:55 - 00000000 ____D () C:\Users\SMl\Documents\BFH.Beta
2014-06-14 01:11 - 2014-06-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2014-06-12 18:36 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 18:36 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 18:36 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 18:36 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 18:36 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 18:36 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 18:36 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 18:36 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 18:36 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 18:36 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 18:36 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 18:36 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 18:36 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 18:36 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 18:36 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 18:36 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 18:36 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 18:36 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 18:36 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 18:36 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 18:36 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 18:36 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 18:36 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 18:36 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 18:36 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 18:36 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 18:36 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 18:36 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 18:36 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 18:36 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 18:36 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 18:36 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 18:36 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 18:36 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 18:36 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 18:36 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 18:36 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 18:36 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 18:36 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 18:36 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 18:36 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 18:36 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 18:36 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 18:36 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 18:36 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 18:36 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 18:36 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 18:36 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 18:36 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 18:36 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 18:36 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 18:36 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 18:36 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 18:36 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 18:36 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 18:36 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 18:36 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 18:36 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 18:36 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 18:36 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 18:36 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 18:36 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 18:36 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 18:36 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 18:36 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 18:36 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 18:36 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 18:36 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-10 21:57 - 2014-06-10 21:57 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\CardScan
2014-06-10 21:56 - 2014-06-10 21:56 - 00000000 ____D () C:\Users\SMl\AppData\Local\CardScan
2014-06-08 02:52 - 2014-06-08 02:52 - 00002086 _____ () C:\Users\SMl\Desktop\Mozilla Thunderbird.lnk
2014-06-08 02:52 - 2014-06-08 02:52 - 00001366 _____ () C:\Users\SMl\Desktop\10259977_633922886698838_6270856621390936851_n.jpg - Shortcut.lnk
2014-06-08 02:52 - 2014-06-08 02:52 - 00001244 _____ () C:\Users\SMl\Desktop\7c4dd283d827dec81ebafa0ad7859946.jpg - Shortcut.lnk
2014-06-08 02:52 - 2014-06-08 02:52 - 00000170 _____ () C:\Users\SMl\Desktop\[Guide] Legendary Crafting Materials - Drop locations & uses - Diablo III General Discussion - Diablo III General Forums - Forums - Diablo Fans (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000102 _____ () C:\Users\SMl\Desktop\Anfield's 8.11 Mod Pack - World of Tanks Mods & Addons - World of Tanks official forum (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000069 _____ () C:\Users\SMl\Desktop\Mead Recipes (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000069 _____ () C:\Users\SMl\Desktop\Diablo 3 Reaper of Souls - Beginner Crusader Gearing (1 Day to Torment IV) - YouTube (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000069 _____ () C:\Users\SMl\Desktop\2014 Gumball 3000 Day 2 VLOG - YouTube (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000059 _____ () C:\Users\SMl\Desktop\ad4distribution (2).url
2014-06-07 23:39 - 2014-06-07 23:39 - 00000069 _____ () C:\Users\SMl\Desktop\Diablo 3 Reaper of Souls - Beginner Crusader Gearing (1 Day to Torment IV) - YouTube.url

==================== One Month Modified Files and Folders =======

2014-07-07 15:27 - 2014-07-07 15:27 - 00000000 ____D () C:\FRST
2014-07-07 15:27 - 2014-07-07 15:26 - 00000000 ____D () C:\Users\SMl\Desktop\Malware
2014-07-07 15:18 - 2013-04-25 00:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000UA.job
2014-07-07 15:17 - 2013-12-22 16:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 14:48 - 2013-06-21 21:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-07 14:45 - 2013-03-23 16:38 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-07 14:05 - 2014-07-07 14:05 - 00000166 _____ () C:\Users\SMl\Desktop\Need help after browser hijacker removed. _MEI31722 folder possible trojan-.url
2014-07-07 13:50 - 2014-07-07 13:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-07 13:35 - 2013-04-23 22:22 - 00000000 ___RD () C:\Users\SMl\Google Drive
2014-07-07 13:17 - 2009-07-14 00:45 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-07 13:17 - 2009-07-14 00:45 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-07 13:13 - 2014-07-02 20:12 - 00125019 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 13:11 - 2013-12-16 23:37 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\Raptr
2014-07-07 13:10 - 2013-03-23 16:38 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-07 13:09 - 2014-07-02 20:11 - 00000224 _____ () C:\Windows\setupact.log
2014-07-07 13:09 - 2013-03-23 11:12 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-07 13:09 - 2013-03-23 10:54 - 01106948 _____ () C:\Windows\PFRO.log
2014-07-07 13:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 13:04 - 2014-07-01 20:37 - 00000000 ____D () C:\Users\SMl\Desktop\mbar
2014-07-07 13:04 - 2014-06-30 01:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-07 12:57 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-07 12:55 - 2014-06-30 01:43 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 12:55 - 2014-06-30 01:43 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 12:50 - 2014-07-07 12:42 - 00001780 _____ () C:\Users\SMl\Desktop\Rkill.txt
2014-07-07 12:49 - 2014-06-30 23:31 - 05215766 ____R (Swearware) C:\Users\SMl\Downloads\ComboFix.exe
2014-07-07 12:48 - 2014-07-07 12:48 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\SMl\Downloads\iExplore64.exe
2014-07-07 12:45 - 2014-05-30 23:52 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-07-07 12:44 - 2014-07-07 12:44 - 00000089 _____ () C:\Users\SMl\Desktop\How to easily clean an infected computer (Malware Removal Guide).url
2014-07-07 12:41 - 2014-07-07 12:41 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\SMl\Downloads\iExplore.exe
2014-07-07 12:39 - 2014-07-07 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\SMl\Downloads\tdsskiller.exe
2014-07-07 12:21 - 2013-03-23 22:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-07 02:55 - 2014-07-07 02:54 - 109513976 _____ (Microsoft Corporation) C:\Users\SMl\Downloads\msert.exe
2014-07-07 02:34 - 2014-06-30 22:34 - 05020298 _____ () C:\immudebug.log
2014-07-07 02:32 - 2013-08-28 20:34 - 00000000 ____D () C:\ProgramData\Origin
2014-07-07 02:28 - 2013-08-28 20:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-07 02:26 - 2013-10-06 03:17 - 00000000 ____D () C:\Users\SMl\Desktop\Tor
2014-07-07 02:00 - 2014-06-29 21:40 - 00000000 ____D () C:\Users\SMl\AppData\Local\Adobe
2014-07-02 21:18 - 2013-04-25 00:50 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000Core.job
2014-07-02 20:11 - 2014-07-02 20:11 - 00001110 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-02 20:11 - 2014-07-02 20:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 20:10 - 2014-07-02 20:10 - 00003288 ____N () C:\bootsqm.dat
2014-07-02 06:36 - 2014-07-02 06:36 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-07-01 23:43 - 2014-07-01 23:43 - 00004370 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-01 23:43 - 2014-07-01 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-01 23:43 - 2013-10-22 19:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-01 23:43 - 2013-03-23 21:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-01 23:38 - 2014-07-01 23:21 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-01 23:38 - 2014-07-01 23:21 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-01 23:38 - 2013-11-11 22:18 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-07-01 23:38 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-07-01 23:22 - 2014-07-01 23:22 - 00002216 _____ () C:\Users\SMl\Desktop\Safe Money.lnk
2014-07-01 23:22 - 2014-07-01 23:22 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-07-01 23:22 - 2014-07-01 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
2014-07-01 23:21 - 2014-07-01 23:21 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-07-01 23:21 - 2014-07-01 23:21 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-01 22:51 - 2014-07-01 22:51 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\SMl\Desktop\pur13.0.2.558abcdEN_5352.exe
2014-07-01 22:51 - 2014-07-01 22:50 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\SMl\Downloads\pur13.0.2.558abcdEN_5352.exe
2014-07-01 22:46 - 2013-03-23 07:38 - 00000000 ____D () C:\Users\SMl
2014-07-01 22:42 - 2013-12-13 01:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-01 22:42 - 2013-12-11 02:57 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-07-01 22:41 - 2009-07-14 03:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-01 22:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-01 20:27 - 2014-07-01 20:27 - 00003230 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 20:26 - 2014-07-01 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-07-01 20:26 - 2013-12-11 01:48 - 00001103 _____ () C:\Users\Public\Desktop\Samsung Magician.lnk
2014-07-01 18:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\TAPI
2014-07-01 04:36 - 2014-07-01 04:36 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-01 04:36 - 2014-07-01 04:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-01 04:36 - 2014-07-01 04:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-01 04:36 - 2013-03-30 12:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-01 03:33 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-01 03:28 - 2014-06-30 23:31 - 00000000 ____D () C:\Windows\erdnt
2014-07-01 03:21 - 2014-07-07 02:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140707-023434.backup
2014-07-01 00:16 - 2013-10-17 01:50 - 00000000 ____D () C:\Temp
2014-06-30 23:25 - 2014-06-30 23:25 - 00066592 _____ () C:\Users\SMl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 23:08 - 2014-03-03 21:20 - 00000000 ____D () C:\Users\SMl\Desktop\Games
2014-06-30 22:47 - 2013-12-08 14:13 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-06-30 22:46 - 2013-12-02 22:54 - 00000000 ____D () C:\Users\SMl\AppData\Local\Battle.net
2014-06-30 22:33 - 2013-12-13 01:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-30 22:28 - 2014-06-30 22:28 - 00001258 _____ () C:\Users\SMl\Desktop\Spybot - Search & Destroy.lnk
2014-06-30 22:28 - 2014-06-30 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-30 22:13 - 2014-06-30 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-30 22:13 - 2014-06-30 22:10 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 22:13 - 2014-06-30 02:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 22:13 - 2014-06-30 02:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 22:09 - 2014-06-30 22:09 - 00120536 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-06-30 22:01 - 2014-06-04 19:28 - 00000000 ____D () C:\AMD
2014-06-30 22:01 - 2013-08-12 20:21 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\vlc
2014-06-30 22:01 - 2013-03-23 22:35 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\Ventrilo
2014-06-30 04:31 - 2013-12-16 23:37 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-30 02:42 - 2013-03-24 12:10 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-30 02:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding
2014-06-30 01:43 - 2014-06-30 01:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SMl\Downloads\mbar-1.07.0.1012.exe
2014-06-30 01:43 - 2014-06-30 01:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 01:26 - 2014-06-30 01:26 - 00000109 _____ () C:\Users\SMl\Desktop\MBAM Clean Removal Process - Malwarebytes Anti-Malware Help - Malwarebytes Forum.url
2014-06-30 01:19 - 2014-06-30 01:07 - 00000003 _____ () C:\Users\SMl\AppData\Local\proxy.log
2014-06-29 22:38 - 2013-04-23 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-29 22:36 - 2014-06-29 22:36 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-06-29 22:36 - 2013-04-01 19:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-26 01:23 - 2013-12-02 22:54 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-26 01:16 - 2013-10-13 03:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-26 00:52 - 2014-06-26 00:52 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\TheBannerSaga
2014-06-25 23:07 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-25 21:37 - 2013-12-22 16:46 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-25 21:37 - 2013-12-22 16:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 21:37 - 2013-12-22 16:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-25 21:37 - 2013-03-24 01:41 - 00000000 ____D () C:\Users\SMl\Documents\StarCraft II
2014-06-24 21:46 - 2013-04-23 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-24 21:13 - 2013-04-25 00:50 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000UA
2014-06-24 21:13 - 2013-04-25 00:50 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000Core
2014-06-20 18:41 - 2013-09-08 15:29 - 00000254 _____ () C:\Users\SMl\Install-VzInHomeAgentLog.log
2014-06-20 18:41 - 2013-05-12 21:19 - 00000000 ____D () C:\Program Files (x86)\Verizon
2014-06-20 18:30 - 2013-06-29 00:58 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-06-19 21:40 - 2013-03-23 16:38 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 21:40 - 2013-03-23 16:38 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 21:09 - 2014-06-19 21:09 - 00001857 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-06-19 21:09 - 2014-06-19 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
2014-06-19 21:09 - 2014-06-19 21:09 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-06-19 21:09 - 2014-06-19 21:07 - 53904873 _____ () C:\Users\SMl\Downloads\blender-2.70a-windows64.exe
2014-06-19 21:08 - 2013-10-10 00:13 - 00000000 ____D () C:\Program Files (x86)\Blender Foundation
2014-06-18 23:22 - 2014-06-18 23:22 - 00000075 _____ () C:\Users\SMl\Desktop\Landmark - Player Studio.url
2014-06-17 21:02 - 2014-06-17 21:02 - 00127712 _____ () C:\Users\SMl\Documents\HouseandLot.skp
2014-06-17 19:54 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 19:52 - 2014-06-17 19:52 - 00002025 _____ () C:\Users\Public\Desktop\SketchUp 8.lnk
2014-06-17 19:52 - 2014-06-17 19:52 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\Google
2014-06-17 19:52 - 2014-06-17 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 8
2014-06-17 19:52 - 2014-06-17 19:52 - 00000000 ____D () C:\ProgramData\Google
2014-06-17 19:52 - 2013-12-13 19:41 - 00000000 ____D () C:\Users\SMl\Desktop\Convert
2014-06-17 19:51 - 2013-03-23 16:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-17 19:50 - 2014-06-17 19:50 - 35800192 _____ (Trimble Navigation Limited) C:\Users\SMl\Downloads\FW-3-0-16846-EN.exe
2014-06-17 00:03 - 2014-06-17 00:03 - 00000114 _____ () C:\Users\SMl\Desktop\4K TVs with passive 3D- Finally, a good use for all those pixels - CNET.url
2014-06-14 22:55 - 2014-06-14 22:28 - 00000000 ____D () C:\Users\SMl\Documents\BFH.Beta
2014-06-14 01:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-14 01:11 - 2014-06-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2014-06-14 01:10 - 2013-10-13 03:22 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-14 01:10 - 2013-10-13 03:22 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-14 01:10 - 2013-10-13 03:22 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-12 18:41 - 2013-07-15 00:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:38 - 2013-03-23 11:47 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 18:37 - 2014-04-27 10:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-10 22:22 - 2013-12-24 23:26 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-10 21:57 - 2014-06-10 21:57 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\CardScan
2014-06-10 21:56 - 2014-06-10 21:56 - 00000000 ____D () C:\Users\SMl\AppData\Local\CardScan
2014-06-10 19:32 - 2013-03-23 22:27 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-06-10 18:43 - 2013-04-10 00:02 - 00000000 ____D () C:\Users\SMl\AppData\Roaming\Mozilla
2014-06-08 05:13 - 2014-06-12 18:36 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-12 18:36 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-08 02:52 - 2014-06-08 02:52 - 00002086 _____ () C:\Users\SMl\Desktop\Mozilla Thunderbird.lnk
2014-06-08 02:52 - 2014-06-08 02:52 - 00001366 _____ () C:\Users\SMl\Desktop\10259977_633922886698838_6270856621390936851_n.jpg - Shortcut.lnk
2014-06-08 02:52 - 2014-06-08 02:52 - 00001244 _____ () C:\Users\SMl\Desktop\7c4dd283d827dec81ebafa0ad7859946.jpg - Shortcut.lnk
2014-06-08 02:52 - 2014-06-08 02:52 - 00000170 _____ () C:\Users\SMl\Desktop\[Guide] Legendary Crafting Materials - Drop locations & uses - Diablo III General Discussion - Diablo III General Forums - Forums - Diablo Fans (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000102 _____ () C:\Users\SMl\Desktop\Anfield's 8.11 Mod Pack - World of Tanks Mods & Addons - World of Tanks official forum (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000069 _____ () C:\Users\SMl\Desktop\Mead Recipes (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000069 _____ () C:\Users\SMl\Desktop\Diablo 3 Reaper of Souls - Beginner Crusader Gearing (1 Day to Torment IV) - YouTube (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000069 _____ () C:\Users\SMl\Desktop\2014 Gumball 3000 Day 2 VLOG - YouTube (2).url
2014-06-08 02:52 - 2014-06-08 02:52 - 00000059 _____ () C:\Users\SMl\Desktop\ad4distribution (2).url
2014-06-07 23:39 - 2014-06-07 23:39 - 00000069 _____ () C:\Users\SMl\Desktop\Diablo 3 Reaper of Souls - Beginner Crusader Gearing (1 Day to Torment IV) - YouTube.url

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 21:16

==================== End Of Log ============================

[roliks]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by SMl at 2014-07-07 15:28:11
Running from C:\Users\SMl\Desktop\Malware
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Accent RAR Password Recovery (HKLM\...\{DFAF45CA-0089-4AB9-AFD5-FBB9610F48AB}) (Version: 3.0.48.2927 - Passcovery Co. Ltd.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Gaming SDK 1.2 (HKLM-x32\...\{323D371C-CD65-43E2-9E42-BC643F2D4D81}) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.40522 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81007.2229 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{A231A6F2-2C80-6203-ED35-2CFB96B25A38}) (Version: 2.0.4719.35969 - Advanced Micro Devices, Inc.)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.2 - ASUSTeK Computer Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Beyond Compare Version 3.2.4 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
Corel WinDVD Pro 11 (HKLM-x32\...\_{EF13E6B7-86D2-4E2C-82FB-375654407D4F}) (Version: 11.6.1.13 - Corel Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID ROG CPU-Z 1.58 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.58 - CPUID, Inc.)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Master On Off Monitor (HKLM-x32\...\CTONOFFMon) (Version: 1.10 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Demonbuddy (HKCU\...\{bec84359-f573-423f-8b60-9bd86109edb7}) (Version: 1.0.1446.317 - Bossland GmbH)
Demonbuddy (x32 Version: 1.0.1446.317 - Bossland GmbH) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve )
Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 2.1 - Treexy)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Dyad (HKLM-x32\...\Steam App 223450) (Version: - ][ Games Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ffdshow v1.3.4515 [2013-06-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4515.0 - )
Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version: - Red 5 Studios)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.0.1.0 - Google Inc.)
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
High-Definition Video Playback (x32 Version: 7.1.13400.42.0 - Nero AG) Hidden
ICA (x32 Version: 11.6.1.13 - Corel Inc.) Hidden
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Infinity Tuner (HKLM-x32\...\{2E94187B-B22C-4052-A31E-A1AF41E4EAFC}) (Version: 2.90.6305 - Advanced Engine Management, Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)
IPM (x32 Version: 11.5 - Corel Inc.) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Landmark Beta (HKCU\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.10.3 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mixxx 1.11.0 (HKLM-x32\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version: - Airtight Games)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.2.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.2.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.2.10100.1.0 - Nero AG)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.2.10100.1.0 - Nero AG)
Nero 10 Movie ThemePack 3 (HKLM-x32\...\{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}) (Version: 10.2.10100.1.0 - Nero AG)
Nero 10 Movie ThemePack 4 (HKLM-x32\...\{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}) (Version: 10.2.10100.1.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero 10 PiP EffectPack 1 (HKLM-x32\...\{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}) (Version: 10.2.10000.0.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Video TransitionPack 1 (HKLM-x32\...\{85BEC8F6-9AA3-43FF-B56B-8276277137B3}) (Version: 10.2.10000.0.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11000.11.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.10700.7.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10300.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.12100.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11100.12.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10300.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.12300.27.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Platinum HD (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.5.10900 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.8.10400.3.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10600.7.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.8.10200.1.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11100.10.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.2.14700.9.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.8.10400.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100 (HKLM-x32\...\InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}) (Version: 1.00.0000 - NETGEAR)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: - Pando Networks Inc.)
Parallel Password Recovery (RAR module) v. 2.1 Demo (HKLM-x32\...\{A7CA94CC-F5ED-4992-A070-E81A3C85405F}}_is1) (Version: - Parallel Password Recovery)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.6.31580 - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Popcorn Time (HKLM-x32\...\{38B39D8E-1AEF-4F01-82BE-36F3307244F5}) (Version: 2.0.0 - Time4Popcorn)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.19 - AMD)
RAIDXpert (x32 Version: 3.3.1540.19 - AMD) Hidden
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
Raptr (HKLM-x32\...\Raptr) (Version: - )
RAR Password Recovery Professional (HKLM-x32\...\RAR Password Recovery Professional) (Version: - SmartKey, Inc.)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version: - Capcom)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Setup (x32 Version: 11.6.1.13 - Corel Inc.) Hidden
SHOUTcast DNAS Server v2 (HKLM-x32\...\SHOUTcast) (Version: - )
SHOUTcast Source DSP Plug-in v2 (HKLM-x32\...\SHOUTcast Source DSP) (Version: 2.3.2 - Nullsoft, Inc)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version: - Rebellion)
Sound Blaster X-Fi MB (HKLM-x32\...\{818690C7-8DA5-4623-BBA8-A73CFBD44077}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version: - Cryptic Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29327 - TeamViewer)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - )
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.18 - )
Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version: - Epic Games, Inc.)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Virtual Audio Cable 4.12 (HKLM\...\Virtual Audio Cable 4.12) (Version: - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.59.0 - Verizon)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version: - Ubisoft)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
WinDVD (x32 Version: 11.6.1.13 - Corel Inc.) Hidden
WinFF 1.5.2 64 bit (Codename EMMA) (HKLM\...\WinFF_is1) (Version: - WinFF.org)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WN111v2 (x32 Version: 3.0.0.5 - NETGEAR) Hidden
WNDA3100 (x32 Version: 1.00.0000 - NETGEAR) Hidden
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
Wrapper (HKLM-x32\...\{394E7D98-28C7-4CD8-B503-7E43BC43A0F2}) (Version: 1.00.0000 - Verizon)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Restore Points =========================

07-07-2014 03:37:19 Windows Update
07-07-2014 17:27:54 OTL Restore Point - 7/7/2014 1:27:52 PM

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-07-07 02:34 - 00449915 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {041C4D46-39AB-495E-8AEE-90A8F8224E98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {1CBBBD64-575D-4390-8784-194A7EE06B82} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {2F727B71-E192-4F18-B6BA-BC765FACCFAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-25] (Adobe Systems Incorporated)
Task: {43B36A98-3392-479A-8A6A-5D275DA52B4B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000UA => C:\Users\SMl\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {463AE5F1-BFD6-4ED0-AFE4-135A104814A4} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-03-25] (ASUSTeK Computer Inc.)
Task: {656A9E4B-AAE0-486D-9F27-0452C207699E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {78806BBA-89D6-48FD-BB05-D54A938AC2AE} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {7E42A82D-EEB7-49FD-90C6-CAD2334447B6} - System32\Tasks\AdobeAAMUpdater-1.0-Wilbur-SMl => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {9944E107-518F-496A-A6F6-88A3B07E0686} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000Core => C:\Users\SMl\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {A64F9320-C03D-411B-9C9A-6C1955673478} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {A9A49C03-CFBB-445F-AF21-0941E592C756} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {B7749F10-56CB-48E2-BB56-C6808B6BBC79} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-WILBUR => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {DCEB63E7-E9DF-4691-9A07-FE8427E3F8F0} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-04-30] (iolo technologies, LLC)
Task: {E74AFE93-EA70-4F9D-852D-B5415C6FF671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000Core.job => C:\Users\SMl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226775838-3376272204-400615213-1000UA.job => C:\Users\SMl\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-22 21:44 - 2014-05-22 21:44 - 00112640 ____N () C:\AMD\amdacpusrsvc.exe
2009-03-30 10:32 - 2009-03-30 10:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-10-13 03:22 - 2014-06-14 01:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-13 13:20 - 2013-12-13 13:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-22 21:59 - 2014-05-22 21:59 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-07 13:50 - 2014-05-23 10:55 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2011-07-22 14:48 - 2011-07-22 14:48 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-03-23 10:51 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2013-03-23 10:51 - 2008-12-10 20:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2013-12-11 02:57 - 2014-05-06 11:24 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2013-12-11 02:57 - 2014-05-19 20:20 - 00103424 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll
2013-12-11 02:57 - 2014-05-19 20:20 - 00039424 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll
2013-12-11 02:57 - 2014-05-19 20:19 - 00038400 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll
2013-12-11 02:57 - 2014-05-19 20:20 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll
2013-12-11 02:57 - 2014-05-19 20:19 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll
2013-03-23 10:51 - 2009-06-24 08:47 - 00061440 _____ () C:\Program Files\ASUS\TurboV EVO\flashobj.dll
2014-07-07 13:10 - 2014-07-07 13:10 - 00098816 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32api.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00110080 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\pywintypes27.dll
2014-07-07 13:10 - 2014-07-07 13:10 - 00364544 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\pythoncom27.dll
2014-07-07 13:10 - 2014-07-07 13:10 - 00045568 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\_socket.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 01160704 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\_ssl.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00320512 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32com.shell.shell.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00713216 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\_hashlib.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 01175040 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._core_.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00805888 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._gdi_.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00811008 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._windows_.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 01062400 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._controls_.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00735232 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._misc_.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00128512 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\_elementtree.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00127488 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\pyexpat.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00557056 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\pysqlite2._sqlite.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00007168 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\hashobjs_ext.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00087552 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\_ctypes.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00119808 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32file.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00108544 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32security.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00018432 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32event.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00038912 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32inet.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00070656 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._html2.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00167936 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32gui.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00011264 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32crypt.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00027136 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\_multiprocessing.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00122368 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._wizard.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00010240 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\select.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00024064 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32pipe.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00686080 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\unicodedata.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00025600 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32pdh.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00525640 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\windows._lib_cacheinvalidation.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00035840 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32process.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00017408 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32profile.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00022528 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\win32ts.pyd
2014-07-07 13:10 - 2014-07-07 13:10 - 00078336 _____ () C:\Users\SMl\AppData\Local\Temp\_MEI31722\wx._animate.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 16:28 - 2012-02-06 16:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 16:28 - 2012-02-06 16:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 16:28 - 2012-02-06 16:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 15:01 - 2011-05-10 15:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-06-12 18:42 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 18:42 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 18:42 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 18:42 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 18:42 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-12 18:42 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:NahRzLQnROPRTG5IC0fX9I8hF
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:XJnmLf9HUCs8LB1YC4kDT
AlternateDataStreams: C:\ProgramData\Microsoft:eW5nndkbAc0SyyJxt50l
AlternateDataStreams: C:\ProgramData\Microsoft:ZV80YgCAp0zrhtz0wFr4
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\ProgramData\TEMP:76650B61

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: ioloSystemService => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CTMasterOnOffMonitor => Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
MSCONFIG\startupreg: MusicManager => "C:\Users\SMl\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2014 00:50:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (07/07/2014 00:50:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (07/07/2014 00:50:32 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (07/07/2014 00:43:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1bcc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/07/2014 02:31:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xb4c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/01/2014 11:42:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service pcregservice Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/01/2014 11:12:49 PM) (Source: System Restore) (EventID: 8204) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (RAPID).

Error: (07/01/2014 10:52:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: Wilbur)
Description: Application: Kaspersky PURE 3.0 -- Your computer already has a Kaspersky Lab application installed. Please uninstall it before installing Kaspersky PURE 3.0.

Error: (07/01/2014 10:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1584
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/01/2014 10:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: addfilter.exe, version: 1.0.1.68, time stamp: 0x537a1454
Faulting module name: addfilter.exe, version: 1.0.1.68, time stamp: 0x537a1454
Exception code: 0xc0000409
Fault offset: 0x000000000000f738
Faulting process id: 0x1504
Faulting application start time: 0xaddfilter.exe0
Faulting application path: addfilter.exe1
Faulting module path: addfilter.exe2
Report Id: addfilter.exe3


System errors:
=============
Error: (07/07/2014 03:26:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.

Error: (07/07/2014 01:26:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.

Error: (07/07/2014 01:23:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.

Error: (07/07/2014 01:10:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.

Error: (07/07/2014 01:10:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147467259

Error: (07/07/2014 01:10:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147467259

Error: (07/07/2014 01:10:07 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.

Error: (07/07/2014 01:10:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error:
%%2

Error: (07/07/2014 01:09:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error:
%%2

Error: (07/07/2014 00:59:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/07/2014 00:50:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (07/07/2014 00:50:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (07/07/2014 00:50:32 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (07/07/2014 00:43:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1bcc01cf9a028943007fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllcbb79544-05f5-11e4-a0c7-20cf3067f1f1

Error: (07/07/2014 02:31:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdb4c01cf99ad12303beeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5809b34c-05a0-11e4-aca0-20cf3067f1f1

Error: (07/01/2014 11:42:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service pcregservice Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/01/2014 11:12:49 PM) (Source: System Restore) (EventID: 8204) (User: )
Description: RAPID

Error: (07/01/2014 10:52:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: Wilbur)
Description: Application: Kaspersky PURE 3.0 -- Your computer already has a Kaspersky Lab application installed. Please uninstall it before installing Kaspersky PURE 3.0.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/01/2014 10:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd158401cf95a0a2fa61b2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle4e2f895-0193-11e4-a31e-20cf3067f1f1

Error: (07/01/2014 10:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: addfilter.exe1.0.1.68537a1454addfilter.exe1.0.1.68537a1454c0000409000000000000f738150401cf95a03efac48cC:\Program Files (x86)\RAPID\CacheFilter\addfilter.exeC:\Program Files (x86)\RAPID\CacheFilter\addfilter.exe7d86c2a0-0193-11e4-a31e-20cf3067f1f1


CodeIntegrity Errors:
===================================
Date: 2014-07-01 00:26:19.574
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-01 00:26:19.444
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-01 00:26:19.324
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-01 00:26:19.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-30 23:42:58.235
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-30 23:42:58.090
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-13 21:04:34.590
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-13 21:04:34.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-13 21:04:34.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-13 21:04:34.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 16317.76 MB
Available physical RAM: 12003.71 MB
Total Pagefile: 32633.7 MB
Available Pagefile: 27535.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.54 GB) (Free:1156.51 GB) NTFS
Drive e: (SSD) (Fixed) (Total:209.59 GB) (Free:75.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F80032EA)
Partition 1: (Not Active) - (Size=210 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4A4EAA34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-199130873856) - (Type=07 NTFS)

==================== End Of Log ============================

[tashi]

Hello roliks,

Please see the sticky which includes guidelines for this forum in post #1 and instructions in post #2 on how to provide the preliminary logs which are used for analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic providing only the logs requested with a link back to this thread and a volunteer analyst will advise.

Best regards.