Pirrit and Dota 2

[SWM88]

Few hours ago a program was installed called "pirrit" its somekind of spam virus or whatever on my computer. Well, i removed it successfully. After that i opened up Dota 2 and was looking for a game and then this showed up.*link to pic http://i62.tinypic.com/2hykvtf.pngAlso on Facebook the youtube links look kinda weird now they all have big white stripe under their thumbnail.I also clicked on the ad, Malwarebytes instantly blocked the website and "disconnected" from the website. Already scanned with Spybot and ESET NOD32 Antivirus. They found nothing. When my scan finished with Malwarebytes it found smoething and i instantly removed it. But i still have these problems.Can someone help me? Cheers

I think i have the same or atleast a similar problem as this gentlemen. https://forums.malwa...howtopic=142749

Sorry for double post.

Cheers

[Maniac]

Hello SWM88! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

[SWM88]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Admin (administrator) on ADMIN-PC on 17-04-2014 00:58:11
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
() C:\Windows\DAODx.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\LiveUpd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-04] (AMD)
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [Mobile Partner] => D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] ()
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: E - "E:\Diablo III Setup.exe"
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: G - G:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {11d0d086-3275-11e2-8103-20cf3092b053} - H:\LGAutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {15f8f047-0a3f-11e3-aeeb-a8dac7a89c77} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {20840f13-1eda-11e3-a7f6-cfa5a7489e29} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0c8e-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0ca9-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {279b1066-d1a1-11e0-be7c-20cf3092b053} - F:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {284e8834-137f-11e3-808a-89daba781751} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d52-22f5-11e3-a2eb-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d91-22f5-11e3-a2eb-a0b43365dd2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {3696f653-e149-11e0-a98c-20cf3092b053} - G:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a86c-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a879-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a884-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a88f-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a894-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063d4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063f4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb31a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb345-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb35a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {500c9ee0-d2da-11df-842a-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e738ca-14b6-11e3-87b4-b49057f69231} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73929-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73934-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7d6ff44f-181f-11e3-9b39-be42a6262c2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7ecde6c3-d2d8-11df-9c48-806e6f6e6963} - E:\Launch.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {86a557d7-0cc5-11e3-a9e0-c1ccd0af8704} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {9b744473-07c1-11e1-b1ec-20cf3092b053} - G:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b3a61115-13e2-11e3-b660-99b2a4e7fe53} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69d5-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69f1-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d4d08413-90a1-11e0-adc2-20cf3092b053} - F:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d651983c-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d6519847-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {dbea53c3-4580-11e3-ac41-20cf3092b053} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb1fc-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb214-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb232-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2b6-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2c4-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2d0-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f056648e-593e-11e0-b1bb-20cf3092b053} - F:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f2c0fae1-1581-11e3-ab60-b9c730ea1479} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f439eaad-145e-11e3-9133-a0a9361b4322} - F:\AutoRun.exe
IFEO\ccleaner64.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nusb3utl.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC82E533625EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{138FB2CB-AA09-4F9E-8B76-96C785947EFE}: [NameServer]194.48.139.254 194.48.124.200
Tcpip\..\Interfaces\{98158FD1-7547-4DC3-8D55-C80CC96EE5E5}: [NameServer]194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{A4037DDA-029B-4029-96F1-5A6D26DB6855}: [NameServer]194.48.139.254 194.48.128.199
Tcpip\..\Interfaces\{D93CAB26-3943-4D3E-9B86-45352821D63C}: [NameServer]194.48.139.254 194.48.124.200

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: about:home

FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldheroespatcher@ea.com [2012-01-28]
FF Extension: Battlefield Play4Free - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldplay4free@ea.com [2012-04-01]
FF Extension: Google Docs Viewer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\adonis.cuhk@gmail.com.xpi [2012-09-18]
FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\personas@christopher.beard.xpi [2012-01-24]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-24]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-07-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25]

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
S2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; D:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
S4 PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904 2014-02-20] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-04] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S4 TeamViewer9; D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4915040 2014-02-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-24] (Google Inc)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
R3 TuneUpUtilitiesDrv; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 DNIMp50a64; System32\Drivers\DNIMp50a64.sys [X]
S3 DNISp50a64; System32\Drivers\DNISp50a64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 00:58 - 2014-04-17 00:58 - 00022358 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log
2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe
2014-04-16 08:35 - 2014-04-16 08:36 - 00048873 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-04-16 08:34 - 2014-04-17 00:58 - 00000000 ____D () C:\FRST
2014-04-16 08:34 - 2014-04-16 08:36 - 00044834 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-04-16 08:33 - 2014-04-16 08:33 - 02054144 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-04-16 07:41 - 2014-04-16 07:42 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log
2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 05:02 - 2014-04-16 23:59 - 00000280 _____ () C:\Windows\setupact.log
2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-16 04:54 - 2014-04-16 20:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 04:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 04:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 04:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 04:52 - 2014-04-16 04:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST
2014-04-15 23:55 - 2014-04-15 23:56 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-04-14 03:01 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-14 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-14 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-14 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 03:01 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-14 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-14 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-14 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-14 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-14 03:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-14 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-14 03:00 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-14 03:00 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-14 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-14 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-14 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-14 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-14 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-14 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-14 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-14 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-14 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-14 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-14 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-14 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-14 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-14 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-14 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-14 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt
2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip
2014-04-09 20:27 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 20:27 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 20:27 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 20:27 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 20:27 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 20:27 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 20:27 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3

==================== One Month Modified Files and Folders =======

2014-04-17 00:59 - 2014-04-17 00:58 - 00022358 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-17 00:58 - 2014-04-16 08:34 - 00000000 ____D () C:\FRST
2014-04-16 23:59 - 2014-04-16 05:02 - 00000280 _____ () C:\Windows\setupact.log
2014-04-16 23:59 - 2010-10-10 14:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-16 20:02 - 2014-04-16 04:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 19:37 - 2013-05-15 04:02 - 00000000 ____D () C:\Windows\rescache
2014-04-16 09:22 - 2013-06-25 21:56 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log
2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe
2014-04-16 08:52 - 2012-03-06 10:20 - 02010477 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 08:36 - 2014-04-16 08:35 - 00048873 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-04-16 08:36 - 2014-04-16 08:34 - 00044834 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-04-16 08:33 - 2014-04-16 08:33 - 02054144 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-04-16 08:25 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 08:25 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 07:42 - 2014-04-16 07:41 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-16 07:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log
2014-04-16 05:31 - 2010-10-10 13:42 - 00002878 _____ () C:\Windows\System32\Tasks\{55FFC241-A927-4FEF-B898-D45E30517C06}
2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 05:11 - 2012-01-07 12:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Paint.NET
2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 04:52 - 2014-04-16 04:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 04:39 - 2012-04-16 21:02 - 00000000 ____D () C:\Windows\pss
2014-04-16 04:17 - 2012-06-26 19:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-04-16 03:58 - 2011-07-21 15:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-16 03:57 - 2010-10-08 15:34 - 00000000 ____D () C:\Windows\Panther
2014-04-16 03:56 - 2010-10-10 13:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 01:10 - 2010-10-10 13:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-04-15 23:57 - 2010-10-08 14:40 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST
2014-04-15 23:56 - 2014-04-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-04-14 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-13 23:30 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-13 23:30 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-13 23:30 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt
2014-04-12 21:54 - 2011-07-12 01:12 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip
2014-04-09 20:30 - 2013-07-31 08:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 20:28 - 2010-10-08 15:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 18:16 - 2013-08-17 03:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-08 18:16 - 2010-10-10 13:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2014-04-03 09:51 - 2014-04-16 04:53 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 04:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 04:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 17:49 - 2010-10-26 10:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-03-28 12:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3
2014-03-24 09:43 - 2013-08-21 07:57 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 08:11

==================== End Of Log ============================

[Maniac]

What about Addition.txt content?

[SWM88]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Admin at 2014-04-16 08:35:31
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.04.0000 - AMD) Hidden
AMD System Monitor (HKLM-x32\...\{13EE03A3-7B77-47BC-9C42-B60576AB3A08}) (Version: 1.0.0 - Advanced Micro Devices, Inc.)
AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 11.1.0.50504 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
BioShock 2 (x32 Version: 1.0.0003.131 - Take-Two Interactive Software) Hidden
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (HKLM-x32\...\{1C943495-B69F-4D41-AE0E-23C57ECD90EE}) (Version: 6.4.7.2 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto Vice City (HKCU\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
LG United Mobile Drivers (HKLM-x32\...\{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}) (Version: 3.6.0.0 - LG Electronics)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.00.801 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.9.13.22054 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PC Suite For Android Handset (HKLM-x32\...\PC Suite For Android Handset) (Version: 12.09.109.U8230D100SP03 - Huawei Technologies Co.,Ltd)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.3 - NETGEAR)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Lycosa (HKLM-x32\...\{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}) (Version: 3.00.0000 - Razer USA Ltd.)
Razer Megalodon Firmware Updater (HKLM-x32\...\{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}) (Version: 2.12.02 - Razer USA Ltd.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.15.209.2010 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.10.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.143 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.20 - )
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Windows Driver Frameworks Update Packages (HKLM-x32\...\{42267A4D-9BDD-4B06-9FB7-2A7D7D5D6D6F}) (Version: 8.0.0.0 - Microsoft)
Windows Driver Kit (HKLM-x32\...\{b30a945f-0808-4e62-adc1-827f8fbd259e}) (Version: 8.59.29757 - Microsoft Corporation)
Windows Driver Kit (x32 Version: 8.59.29757 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WN111v2 (x32 Version: 3.0.0.3 - NETGEAR) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17128 - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: 0.0.0.0 - Blizzard Entertainment)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-16 03:52 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {00926A6A-BFC6-421A-BFFE-759A448E78E3} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe [2010-04-02] (ASUSTeK Computer Inc.)
Task: {4F7202EC-ECDD-48F7-9C5A-1310DF981A38} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => D:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-12] (TuneUp Software)
Task: {54111914-134D-4383-B7C1-4AE02AFEC3BE} - System32\Tasks\{55FFC241-A927-4FEF-B898-D45E30517C06} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {5AD5E2A9-3D94-43BE-9FDB-D964386D6C6F} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {66D55E1E-2C58-47A3-BC5D-37539239FF97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {E257F55C-BE05-48C2-9514-8C13CD0A6D0E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => D:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-08-19 15:09 - 2012-06-28 04:46 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2012-01-28 15:08 - 2013-11-04 14:23 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-12 03:29 - 2013-10-12 03:29 - 00757048 _____ () D:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-09-21 21:39 - 2012-08-06 09:08 - 00515072 _____ () D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2013-08-19 15:09 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-08-19 15:09 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-08-19 15:09 - 2010-07-23 06:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-08-19 15:09 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-08-19 15:09 - 2012-06-28 04:34 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-08-19 15:09 - 2010-02-10 16:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-10-09 14:27 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
2010-10-09 14:27 - 2008-12-10 20:04 - 00253952 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00518144 _____ () D:\Program Files (x86)\Mobile Partner\core.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00286720 _____ () D:\Program Files (x86)\Mobile Partner\sdk.dll
2013-09-21 21:39 - 2010-07-23 06:58 - 02415104 _____ () D:\Program Files (x86)\Mobile Partner\QtCore4.dll
2013-09-21 21:39 - 2009-01-10 12:32 - 00011362 _____ () D:\Program Files (x86)\Mobile Partner\mingwm10.dll
2013-09-21 21:39 - 2009-06-22 20:42 - 00043008 _____ () D:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2013-09-21 21:39 - 2010-02-10 16:43 - 09515520 _____ () D:\Program Files (x86)\Mobile Partner\QtGui4.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00405504 _____ () D:\Program Files (x86)\Mobile Partner\Proxy.DLL
2013-09-21 21:39 - 2012-08-06 09:04 - 00628224 _____ () D:\Program Files (x86)\Mobile Partner\Common.dll
2013-09-21 21:39 - 2012-08-06 09:04 - 00157184 _____ () D:\Program Files (x86)\Mobile Partner\Trace.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00583168 _____ () D:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00646144 _____ () D:\Program Files (x86)\Mobile Partner\AtCodec.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00729088 _____ () D:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00195584 _____ () D:\Program Files (x86)\Mobile Partner\XCodec.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00241152 _____ () D:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00164864 _____ () D:\Program Files (x86)\Mobile Partner\OSDialup.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00155136 _____ () D:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00177152 _____ () D:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00672768 _____ () D:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00219648 _____ () D:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00142336 _____ () D:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00157184 _____ () D:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00730624 _____ () D:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:04 - 00065536 _____ () D:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2013-09-21 21:39 - 2012-06-06 03:22 - 00155648 _____ () D:\Program Files (x86)\Mobile Partner\Win7Support.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 01124352 _____ () D:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00704000 _____ () D:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00187392 _____ () D:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00569344 _____ () D:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00158720 _____ () D:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00236032 _____ () D:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:04 - 00102400 _____ () D:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00201216 _____ () D:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00131584 _____ () D:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2013-09-21 21:39 - 2012-07-27 08:53 - 01114112 _____ () D:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00702464 _____ () D:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00062976 _____ () D:\Program Files (x86)\Mobile Partner\OSCall.dll
2013-09-21 21:39 - 2012-06-06 03:22 - 00224256 _____ () D:\Program Files (x86)\Mobile Partner\tdpcvoice.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00581120 _____ () D:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2013-09-21 21:39 - 2010-02-10 16:06 - 00398336 _____ () D:\Program Files (x86)\Mobile Partner\QtXml4.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00168960 _____ () D:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00270848 _____ () D:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00323584 _____ () D:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00359936 _____ () D:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:05 - 00592896 _____ () D:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00097792 _____ () D:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00117248 _____ () D:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:08 - 00119296 _____ () D:\Program Files (x86)\Mobile Partner\ConnectMgrUIPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00330752 _____ () D:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:07 - 00302592 _____ () D:\Program Files (x86)\Mobile Partner\DiagnosisPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:07 - 00493568 _____ () D:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00854528 _____ () D:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00818688 _____ () D:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2013-09-21 21:39 - 2012-08-06 09:06 - 00219648 _____ () D:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2013-09-21 21:39 - 2012-06-28 04:34 - 00694272 _____ () D:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2013-09-21 21:39 - 2010-02-10 16:10 - 01148416 _____ () D:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2013-09-21 21:39 - 2012-06-06 03:21 - 00082944 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2013-09-21 21:39 - 2012-06-06 03:21 - 00081920 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2013-09-21 21:39 - 2012-06-06 03:21 - 00192000 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2013-09-21 21:39 - 2012-06-06 03:21 - 00350720 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2013-09-21 21:39 - 2012-06-06 03:21 - 00370176 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2013-08-17 03:55 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-08 09:43 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 09:43 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 18:10 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2011-07-13 07:01 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2010-10-10 14:39 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-03-16 11:18 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-03-16 11:18 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-03-16 11:18 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-08-21 09:43 - 2012-06-28 04:45 - 01545088 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\LiveUpd.exe
2013-08-19 15:09 - 2010-02-10 16:43 - 09515520 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtGui4.dll
2013-08-21 09:43 - 2012-06-06 03:21 - 00082944 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\plugins\imageformats\qgif4.dll
2013-08-21 09:43 - 2012-06-06 03:21 - 00081920 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\plugins\imageformats\qico4.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Fax => 3
MSCONFIG\Services: PirritDesktop => 2
MSCONFIG\Services: PirritUpdater => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: A1Webassistent => C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe /auto
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"                                                                                                                                                                     
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe                                                                                                                                                                                                              
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TAG_A1Dashboard.exe => C:\Program Files (x86)\A1 Dashboard\A1Dashboard.exe
MSCONFIG\startupreg: TAG_A1Dashboard_Launcher.exe => C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe
MSCONFIG\startupreg: TurboV EVO => "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: WinSATRestorePower => powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 08:35:36 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (04/16/2014 08:35:36 AM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (04/16/2014 08:28:20 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0x80072EE7) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.

Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0x80072EE7

Error: (04/16/2014 08:17:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x51891507
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0xa00
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3

Error: (04/16/2014 08:17:23 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (04/16/2014 08:15:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (04/16/2014 07:42:43 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x51f2569a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000010087607
ID des fehlerhaften Prozesses: 0x58c
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (04/16/2014 04:40:34 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed WinDealist; Fehler = 0x80042302).


System errors:
=============
Error: (04/16/2014 07:42:45 AM) (Source: Service Control Manager) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/16/2014 07:42:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/16/2014 07:42:18 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (04/16/2014 07:42:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/16/2014 05:03:15 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (04/16/2014 04:27:34 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (04/15/2014 11:56:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRST" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/15/2014 11:56:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PirritDesktop" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/15/2014 11:56:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PirritUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/15/2014 05:55:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (04/16/2014 08:35:36 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (04/16/2014 08:35:36 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (04/16/2014 08:28:20 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE766c92734-d682-4d71-983e-d6ec3f16059f

Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 08:20:26:285 - http://go.microsoft.com)
00030002(0x00000000, 08:20:26:379 - 0)
00040001(0x00000000, 08:20:26:379 - http://go.microsoft.com)
00040002(0x00000000, 08:20:26:566 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 08:20:26:800 - <NULL>)
00040006(0x00000000, 08:20:26:800 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 08:20:26:800 - 0)
00020007(0x80072EE7, 08:20:26:800)
00010002(0x80072EE7, 08:20:26:800 - <NULL>)
00010003(0x80072EE7, 08:20:26:800)

Error: (04/16/2014 08:17:25 AM) (Source: Application Error)(User: )
Description: MOM.exe4.5.0.051891507KERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940da0001cf593b851e72b5C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\KERNELBASE.dllc6a42931-c52e-11e3-89c5-20cf3092b053

Error: (04/16/2014 08:17:23 AM) (Source: .NET Runtime)(User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (04/16/2014 08:15:39 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (04/16/2014 07:42:43 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll_unloaded0.0.0.051f2569ac0000005000000001008760758c01cf59369ef0bbe5C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeDevice.dlledb5cf64-c529-11e3-89c5-20cf3092b053

Error: (04/16/2014 04:40:34 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved WinDealist0x80042302


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 4094.18 MB
Available physical RAM: 2546.79 MB
Total Pagefile: 8188.36 MB
Available Pagefile: 6020.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:77.6 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:81.89 GB) NTFS
Drive e: (D3C1.0.0) (CDROM) (Total:7.66 GB) (Free:0 GB) UDF
Drive f: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 714A9E11)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Maniac]

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate new fresh log files from FRST.

[SWM88]

I already uninstalled µTorrent. Here's the new log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Admin (administrator) on ADMIN-PC on 21-04-2014 14:27:12
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-04] (AMD)
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [Mobile Partner] => D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] ()
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: E - "E:\Diablo III Setup.exe"
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: G - G:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {11d0d086-3275-11e2-8103-20cf3092b053} - H:\LGAutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {15f8f047-0a3f-11e3-aeeb-a8dac7a89c77} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {20840f13-1eda-11e3-a7f6-cfa5a7489e29} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0c8e-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0ca9-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {279b1066-d1a1-11e0-be7c-20cf3092b053} - F:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {284e8834-137f-11e3-808a-89daba781751} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d52-22f5-11e3-a2eb-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d91-22f5-11e3-a2eb-a0b43365dd2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {3696f653-e149-11e0-a98c-20cf3092b053} - G:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a86c-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a879-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a884-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a88f-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a894-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063d4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063f4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb31a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb345-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb35a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {500c9ee0-d2da-11df-842a-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e738ca-14b6-11e3-87b4-b49057f69231} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73929-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73934-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7d6ff44f-181f-11e3-9b39-be42a6262c2c} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7ecde6c3-d2d8-11df-9c48-806e6f6e6963} - E:\Launch.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {86a557d7-0cc5-11e3-a9e0-c1ccd0af8704} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {9b744473-07c1-11e1-b1ec-20cf3092b053} - G:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b3a61115-13e2-11e3-b660-99b2a4e7fe53} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69d5-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69f1-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d4d08413-90a1-11e0-adc2-20cf3092b053} - F:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d651983c-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d6519847-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {dbea53c3-4580-11e3-ac41-20cf3092b053} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb1fc-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb214-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb232-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2b6-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2c4-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2d0-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f056648e-593e-11e0-b1bb-20cf3092b053} - F:\PcOptions.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f2c0fae1-1581-11e3-ab60-b9c730ea1479} - F:\AutoRun.exe
HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f439eaad-145e-11e3-9133-a0a9361b4322} - F:\AutoRun.exe
IFEO\ccleaner64.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nusb3utl.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC82E533625EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{138FB2CB-AA09-4F9E-8B76-96C785947EFE}: [NameServer]194.48.139.254 194.48.124.200
Tcpip\..\Interfaces\{98158FD1-7547-4DC3-8D55-C80CC96EE5E5}: [NameServer]194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{A4037DDA-029B-4029-96F1-5A6D26DB6855}: [NameServer]194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{D93CAB26-3943-4D3E-9B86-45352821D63C}: [NameServer]194.48.139.254 194.48.124.200

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: about:home

FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldheroespatcher@ea.com [2012-01-28]
FF Extension: Battlefield Play4Free - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldplay4free@ea.com [2012-04-01]
FF Extension: Google Docs Viewer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\adonis.cuhk@gmail.com.xpi [2012-09-18]
FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\personas@christopher.beard.xpi [2012-01-24]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-24]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-07-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; D:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
S4 PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904 2014-02-20] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-04] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S4 TeamViewer9; D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4915040 2014-02-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-24] (Google Inc)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
R3 TuneUpUtilitiesDrv; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 DNIMp50a64; System32\Drivers\DNIMp50a64.sys [X]
S3 DNISp50a64; System32\Drivers\DNISp50a64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 14:26 - 2014-04-21 14:27 - 00022175 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-21 14:25 - 2014-04-21 14:25 - 02056704 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-04-20 05:12 - 2014-04-20 05:32 - 184122242 _____ () C:\Users\Admin\Downloads\testavi.avi
2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log
2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe
2014-04-16 08:34 - 2014-04-21 14:27 - 00000000 ____D () C:\FRST
2014-04-16 07:41 - 2014-04-16 07:42 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log
2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 05:02 - 2014-04-21 04:15 - 00001120 _____ () C:\Windows\setupact.log
2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-16 04:54 - 2014-04-21 09:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 04:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 04:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 04:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST
2014-04-15 23:55 - 2014-04-15 23:56 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-04-14 03:01 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-14 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-14 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-14 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 03:01 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-14 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-14 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-14 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-14 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-14 03:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-14 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-14 03:00 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-14 03:00 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-14 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-14 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-14 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-14 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-14 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-14 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-14 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-14 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-14 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-14 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-14 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-14 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-14 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-14 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-14 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-14 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt
2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip
2014-04-09 20:27 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 20:27 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 20:27 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 20:27 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 20:27 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 20:27 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 20:27 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 20:27 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3

==================== One Month Modified Files and Folders =======

2014-04-21 14:27 - 2014-04-21 14:26 - 00022175 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-21 14:27 - 2014-04-16 08:34 - 00000000 ____D () C:\FRST
2014-04-21 14:25 - 2014-04-21 14:25 - 02056704 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-04-21 09:15 - 2014-04-16 04:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 04:28 - 2010-10-10 14:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-21 04:24 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 04:24 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 04:15 - 2014-04-16 05:02 - 00001120 _____ () C:\Windows\setupact.log
2014-04-21 04:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 19:09 - 2012-03-06 10:20 - 01108687 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 16:35 - 2012-01-07 12:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Paint.NET
2014-04-20 05:37 - 2012-06-26 19:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-04-20 05:32 - 2014-04-20 05:12 - 184122242 _____ () C:\Users\Admin\Downloads\testavi.avi
2014-04-19 10:44 - 2010-10-10 13:42 - 00002878 _____ () C:\Windows\System32\Tasks\{55FFC241-A927-4FEF-B898-D45E30517C06}
2014-04-18 02:49 - 2010-10-10 13:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-04-17 10:03 - 2012-04-30 02:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-16 19:37 - 2013-05-15 04:02 - 00000000 ____D () C:\Windows\rescache
2014-04-16 09:22 - 2013-06-25 21:56 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log
2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe
2014-04-16 07:42 - 2014-04-16 07:41 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log
2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 04:39 - 2012-04-16 21:02 - 00000000 ____D () C:\Windows\pss
2014-04-16 03:58 - 2011-07-21 15:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-16 03:57 - 2010-10-08 15:34 - 00000000 ____D () C:\Windows\Panther
2014-04-16 03:56 - 2010-10-10 13:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 23:57 - 2010-10-08 14:40 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit
2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST
2014-04-15 23:56 - 2014-04-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-04-14 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-13 23:30 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-13 23:30 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-13 23:30 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt
2014-04-12 21:54 - 2011-07-12 01:12 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip
2014-04-09 20:30 - 2013-07-31 08:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 20:28 - 2010-10-08 15:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 18:16 - 2013-08-17 03:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-08 18:16 - 2010-10-10 13:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2014-04-03 09:51 - 2014-04-16 04:53 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 04:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 04:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 17:49 - 2010-10-26 10:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-03-31 09:35 - 2010-10-08 15:02 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 12:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3
2014-03-24 09:43 - 2013-08-21 07:57 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 08:11

==================== End Of Log ============================

[Maniac]

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

[SWM88]

The program found nothing. I cant post a log. This is the only information i can get:

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 22.04.2014 06:29:47, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 22.04.2014 06:30:50, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Started,
Protection, 22.04.2014 06:44:36, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 22.04.2014 06:44:37, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 22.04.2014 06:44:37, SYSTEM, ADMIN-PC, Protection, Malware Protection, Stopping,
Protection, 22.04.2014 06:44:37, SYSTEM, ADMIN-PC, Protection, Malware Protection, Stopped,
Protection, 22.04.2014 06:45:51, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 22.04.2014 06:45:51, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Started,
Update, 22.04.2014 06:46:11, SYSTEM, ADMIN-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 22.04.2014 06:46:15, SYSTEM, ADMIN-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.22.1,
Protection, 22.04.2014 06:46:15, SYSTEM, ADMIN-PC, Protection, Refresh, Starting,
Protection, 22.04.2014 06:46:15, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 22.04.2014 06:46:16, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 22.04.2014 06:46:24, SYSTEM, ADMIN-PC, Protection, Refresh, Success,
Protection, 22.04.2014 06:46:24, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 22.04.2014 06:46:24, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Started,

(end)

[Maniac]

Please follow my instructions carefully, I don't need this log file.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!