PRC - C:\Users\Rybak\Desktop\RESCUE\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Rybak\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
PRC - C:\Users\Rybak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\KLS Soft\KLS Backup 2013 Professional\klsbservice.exe (KirySoft)
PRC - C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe (New Softwares.net)
PRC - C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe ( New Softwares.net)
PRC - C:\Windows\SysWOW64\WinFLService.exe (New Softwares.net)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe ()
PRC - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
PRC - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - c:\Users\Rybak\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmxsmpa.dll ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\_ssl.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._controls_.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._windows_.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._gdi_.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\_hashlib.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\unicodedata.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\pyexpat.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32file.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\PyWinTypes27.dll ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32security.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._html2.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32inet.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\_multiprocessing.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32pdh.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32pipe.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32event.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32profile.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\select.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\hashobjs_ext.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._core_.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._misc_.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\pythoncom27.dll ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32com.shell.shell.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32gui.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\_elementtree.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._wizard.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32api.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\_ctypes.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\wx._animate.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\_socket.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32process.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32ts.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Temp\_MEI32842\win32crypt.pyd ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P0071ad0b#\d05da467c365579eac9cba7923856b1c\Microsoft.Practices.Prism.Interactivity.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359e693030a92977455667e67fb74267\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P4d3ce419#\66170d519f0c7f74d9578bbd6c66d86c\Microsoft.Practices.ServiceLocation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f7f05deb53e1502b575bfc3ef7bdbcf1\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\549aa924ef5af7232f4024eb6f8cb97a\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\50c0f8e6740b97c74e9ee6c14a92bae6\System.ServiceModel.ni.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_blist.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\58599be6aedb2bcc25a266fc1efcc03c\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75537eea06d1200805de72f3f7751091\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\19156dbc54c3ded7ba00c53d19b6ee96\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae01d58bd1cb283ec7b603919e2a8fb3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\ace_update.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd ()
MOD - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
MOD - C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32api.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32api.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\win32file.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\win32file.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_socket.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_socket.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\select.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\select.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Users\Rybak\AppData\Roaming\ACEStream\engine\lib\apsw.pyd ()
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:[b]64bit:[/b] - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (ArcService) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (Perfect World Entertainment Inc)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (KLSBackup2013Pro) -- C:\Program Files (x86)\KLS Soft\KLS Backup 2013 Professional\klsbservice.exe (KirySoft)
SRV - (FLService) -- C:\Windows\SysWOW64\WinFLService.exe (New Softwares.net)
SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:[b]64bit:[/b] - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:[b]64bit:[/b] - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (klflt) -- C:\Windows\SysNative\drivers\klflt.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (SEE) -- C:\Windows\SysNative\drivers\see.sys (SoftEther VPN Project at University of Tsukuba, Japan.)
DRV:[b]64bit:[/b] - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_0117.sys (SoftEther Project at University of Tsukuba, Japan.)
DRV:[b]64bit:[/b] - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:[b]64bit:[/b] - (TS_AR5416) -- C:\Windows\SysNative\drivers\ts_athwx.sys (TamoSoft)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:[b]64bit:[/b] - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (klpd) -- C:\Windows\SysNative\drivers\klpd.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (DFX11_1) -- C:\Windows\SysNative\drivers\dfx11_1x64.sys (Windows (R) Win 7 DDK provider)
DRV:[b]64bit:[/b] - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:[b]64bit:[/b] - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:[b]64bit:[/b] - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:[b]64bit:[/b] - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (ANDNetModem) -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys (LG Electronics Inc.)
DRV:[b]64bit:[/b] - (AndNetDiag) -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys (LG Electronics Inc.)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:[b]64bit:[/b] - (anvsnddrv) -- C:\Windows\SysNative\drivers\anvsnddrv.sys (AnvSoft Inc.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (fspad_win764) -- C:\Windows\SysNative\drivers\fspad_win764.sys (Windows (R) Win 7 DDK provider)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:[b]64bit:[/b] - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:[b]64bit:[/b] - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:[b]64bit:[/b] - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (NEWDRIVER) -- C:\Windows\SysWOW64\WinVDEdrv6.sys ()
DRV - (WinVDEDrv) -- C:\Windows\SysWOW64\WinVDEdrv.sys (NewSoftwares.net, Inc.)
DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 02 19 69 9E CA CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{03767D78-CF21-41A5-BA55-E41A3D69C659}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ussemispecialgbit014a.xirvik.com:7128
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5
FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2014.07.06.05
FF - prefs.js..extensions.enabledAddons: sitesearch%40dewdrops.net:1.2.1
FF - prefs.js..extensions.enabledAddons: myipms2%40myip.ms:1.591
FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:1.0.3
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8:  File not found
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.10.2: C:\Users\Rybak\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rybak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014/07/28 03:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014/07/28 03:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014/07/28 03:17:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014/07/28 03:17:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014/07/28 03:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 21:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2014/05/03 21:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2014/05/03 21:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/23 01:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: D:\Program Files (x86)\Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: D:\Program Files (x86)\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\Rybak\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014/07/10 12:06:14 | 000,000,000 | ---D | M]
 
[2014/01/27 19:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions
[2013/11/10 14:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2014/01/27 19:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2014/07/29 08:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions
[2014/07/29 08:29:58 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2014/07/29 08:29:56 | 000,000,000 | ---D | M] (Whois &amp; Flags Firefox &amp; Websites Popularity Rating) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\myipms2@myip.ms
[2014/07/29 08:29:55 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\support@lastpass.com
[2014/07/29 08:29:56 | 000,344,276 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi
[2014/07/29 08:19:41 | 000,458,672 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\CSTBB@NArisT2_Noia4dev.xpi
[2014/07/29 08:18:13 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\elemhidehelper@adblockplus.org.xpi
[2014/07/29 08:29:56 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\facebook@disconnect.me.xpi
[2014/07/29 08:29:56 | 000,139,960 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\LDSI_plashcor@gmail.com.xpi
[2014/07/29 08:29:55 | 000,007,152 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\sitesearch@dewdrops.net.xpi
[2014/07/29 08:29:55 | 000,179,297 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\status4evar@caligonstudios.com.xpi
[2014/07/29 08:27:16 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\the-addon-bar@GeekInTraining-GiT.xpi
[2014/07/29 08:29:55 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\twitter@disconnect.me.xpi
[2014/07/29 08:29:13 | 000,046,596 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\vdpure@link64.xpi
[2014/07/29 08:29:55 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi
[2014/07/29 08:29:34 | 000,093,296 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
[2014/07/29 08:29:55 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2014/07/29 08:18:05 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Rybak\AppData\Roaming\Mozilla\Firefox\Profiles\o71z7696.default-1406590195578\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/23 01:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/23 01:37:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: eBay = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\2.0.0_0\
CHR - Extension: Facebook = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Omnibox Site Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cckcidchbmodjccllbmegoignhmidncg\1.0_0\
CHR - Extension: Adblock Plus = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.1_0\
CHR - Extension: Tampermonkey = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.8_0\
CHR - Extension: HTML Revealer and Password Revealer = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn\2.0_0\
CHR - Extension: The QR Code Generator = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.6_0\
CHR - Extension: AdBlock = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.8_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.45_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0\
CHR - Extension: Media file downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab\2.0_0\
CHR - Extension: Webcam Toy = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\
CHR - Extension: FVD Downloader = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.9.5_0\
CHR - Extension: Speed Dial [FVD] - New Tab Page, 3D, Sync... = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\5.5.4_0\
CHR - Extension: SaveFrom.net helper = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl\3.70_0\
CHR - Extension: AS Magic Player = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.0_0\
CHR - Extension: Awesome New Tab PageÃ¢â€žÂ¢ = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2014.112.31_0\
CHR - Extension: USA Independence Day Theme = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgggmlhfbnbhbkeogednenglhggdfif\1_0\
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: Project Naptha = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf\0.9.3_0\
CHR - Extension: LastPass Vault = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: MuteTab = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc\2.12_0\
CHR - Extension: Google Wallet = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.5.1_0\
CHR - Extension: OverTask = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiijfgmbaopeehamdhiiepidbpfkcda\1.0.0.3_0\
CHR - Extension: MyHarmony Chrome Plugin = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_1\
CHR - Extension: better Browser - for Chrome = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh\3.9_0\
CHR - Extension: Gmail = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Rybak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_1\
 
O1 HOSTS File: ([2014/07/19 11:36:17 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [fspuip] C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [AceStream] C:\Users\Rybak\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
O4 - HKCU..\Run: [FBackup 5 Tray Agent]  File not found
O4 - HKCU..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe (New Softwares.net)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [icq] C:\Users\Rybak\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Rybak\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [TouchFreeze] C:\Users\Rybak\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
O4 - HKLM..\RunOnce: [NSIS.Library.RegTool.v3] C:\Program Files (x86)\FileZilla FTP Client\NSIS.Library.RegTool.v3.{1C7A7C4A-F4A1-4DF5-A32F-7D44A70DB737}.exe ()
O4 - Startup: C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rybak\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:[b]64bit:[/b] - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A62D84-5369-47FE-91A4-70B26301F3FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85152643-06AE-4E27-B0DC-622EC7F2DFEB}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e803f2c5-fa49-11e3-b234-00ac473cb173}\Shell - "" = AutoRun
O33 - MountPoints2\{e803f2c5-fa49-11e3-b234-00ac473cb173}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/07/28 22:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014/07/28 22:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/07/28 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check My Specs 2012 v3
[2014/07/28 18:30:01 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Old Firefox Data
[2014/07/26 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\tiger-k
[2014/07/26 16:39:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\Leawo
[2014/07/26 16:39:17 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Leawo
[2014/07/26 16:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2014/07/26 16:39:09 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2014/07/26 16:39:09 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2014/07/26 16:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2014/07/26 16:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2014/07/26 16:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2014/07/26 16:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2014/07/25 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiBit-0.5.18
[2014/07/25 11:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit
[2014/07/23 17:14:56 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2014/07/23 17:14:55 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Ubisoft Game Launcher
[2014/07/23 13:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2014/07/23 12:27:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/23 07:45:23 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Fallout3
[2014/07/23 01:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/22 23:38:55 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RecoveryMechanic
[2014/07/22 23:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RecoveryMechanic
[2014/07/22 23:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RecoveryMechanic
[2014/07/22 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Aurora 3D Animation Maker
[2014/07/21 06:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/07/21 06:40:28 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\FarCry 3 OG Files
[2014/07/21 06:29:01 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\FarCry3 Mods
[2014/07/20 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aoao Video to GIF Converter
[2014/07/20 11:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Aoao Video to GIF Converter
[2014/07/19 20:05:38 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Futuremark_Corporation
[2014/07/19 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\PCMark 7
[2014/07/19 20:01:58 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\IsolatedStorage
[2014/07/19 19:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NovaTech Network
[2014/07/19 19:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaBench
[2014/07/19 19:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novawave
[2014/07/19 19:27:51 | 000,000,000 | R--D | C] -- C:\Users\Rybak\Searches
[2014/07/19 11:54:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/19 11:52:40 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/07/19 11:52:40 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Temp
[2014/07/19 11:42:23 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\RESCUE
[2014/07/19 09:25:55 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/19 08:53:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/18 20:53:40 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\UA-Su25
[2014/07/18 18:23:48 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\FLEXnet
[2014/07/16 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0
[2014/07/16 20:36:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
[2014/07/16 20:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2014/07/16 20:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2014/07/16 20:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2014/07/16 20:35:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2014/07/16 20:29:15 | 000,131,856 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2014/07/16 20:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/07/16 16:07:04 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Focus Home Interactive
[2014/07/15 14:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP-MAC Scanner
[2014/07/15 14:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AthTek
[2014/07/13 19:18:37 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\PowerISO
[2014/07/13 19:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/07/13 15:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\CrashRpt
[2014/07/12 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\StarCraft II
[2014/07/12 10:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2014/07/12 10:25:45 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\IDMComp
[2014/07/12 10:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2014/07/12 10:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2014/07/11 17:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2014/07/10 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/10 16:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/10 16:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/10 16:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/07/10 16:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/07/10 16:28:13 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Nero
[2014/07/10 16:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2014/07/10 16:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2014/07/10 16:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2014/07/10 16:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2014/07/10 11:56:38 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Apple
[2014/07/10 11:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2014/07/10 11:21:53 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Natasha
[2014/07/10 10:56:15 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Shpack
[2014/07/08 13:53:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/07/07 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer
[2014/07/07 22:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MindFusion Limited
[2014/07/07 20:40:25 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\HUA
[2014/07/07 13:00:23 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Skyrim - Legendary Edition
[2014/07/07 13:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
[2014/07/07 12:49:27 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Skyrim
[2014/07/06 23:09:19 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Electrum
[2014/07/06 17:30:24 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\Games for Windows - LIVE Demos
[2014/07/05 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Desktop\Ukraine Trip - Mama
[2014/07/03 19:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2014/07/03 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\LogoMaker
[2014/07/03 14:24:06 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\LogoMaker
[2014/07/03 14:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio V5
[2014/07/03 14:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Studio V5
[2014/07/03 12:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2014/07/03 04:23:32 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\Laughingbird Documents
[2014/07/03 04:05:12 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
[2014/07/03 04:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bitcoin
[2014/07/03 03:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2014/07/01 22:36:52 | 000,000,000 | R--D | C] -- C:\Drive
[2014/07/01 21:43:09 | 000,000,000 | ---D | C] -- C:\Users\Rybak\Documents\Larian Studios
[2014/07/01 16:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2014/07/01 16:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2014/07/01 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2014/07/01 15:17:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2014/06/30 01:17:08 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Roaming\uTorrent
[2014/06/29 10:28:46 | 000,000,000 | ---D | C] -- C:\Users\Rybak\AppData\Local\Sniper3
[2013/02/24 20:59:34 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/07/29 03:47:09 | 000,000,600 | ---- | M] () -- C:\Users\Rybak\AppData\Local\PUTTY.RND
[2014/07/29 03:34:37 | 000,078,762 | ---- | M] () -- C:\Users\Rybak\Desktop\Last.Week.Tonight.With.John.Oliver.S01E11.720p.HDTV.x264-BATV.torrent
[2014/07/28 22:19:51 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014/07/28 22:16:30 | 000,112,905 | ---- | M] () -- C:\Users\Rybak\Desktop\gpuz.jpg
[2014/07/28 22:09:53 | 000,006,465 | ---- | M] () -- C:\Users\Rybak\Desktop\[rutracker.org].t4668567.torrent
[2014/07/28 18:17:48 | 000,039,709 | ---- | M] () -- C:\Users\Rybak\Desktop\1234683_10154443852670440_4629939098936341722_n.jpg
[2014/07/28 18:12:18 | 000,043,537 | ---- | M] () -- C:\Users\Rybak\Desktop\35948.gif
[2014/07/28 15:13:14 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/28 15:13:14 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/28 01:00:51 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/07/27 20:33:33 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/27 20:33:33 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/27 20:33:33 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/27 15:35:47 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/27 15:07:43 | 000,000,380 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys
[2014/07/27 15:07:36 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2014/07/26 19:39:25 | 000,090,356 | ---- | M] () -- C:\Users\Rybak\Desktop\error.jpg
[2014/07/26 16:39:09 | 000,001,225 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Video Converter Pro.lnk
[2014/07/26 16:39:09 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Video Converter Pro.lnk
[2014/07/25 11:46:19 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\MultiBit 0.5.18.lnk
[2014/07/25 03:31:03 | 000,001,049 | ---- | M] () -- C:\Users\Rybak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/24 13:15:30 | 000,086,016 | ---- | M] () -- C:\Users\Rybak\Desktop\appts.pdf
[2014/07/23 17:19:18 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/07/23 17:19:18 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/07/23 17:14:56 | 000,001,197 | ---- | M] () -- C:\Users\Rybak\Desktop\Uplay.lnk
[2014/07/23 16:47:50 | 000,001,282 | ---- | M] () -- C:\Users\Rybak\Desktop\Far Cry 3.lnk
[2014/07/23 16:30:38 | 000,282,512 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/07/23 16:30:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/07/22 20:27:37 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/22 20:27:37 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/20 11:52:58 | 000,000,967 | ---- | M] () -- C:\Users\Rybak\Desktop\Aoao Video to GIF Converter.lnk
[2014/07/19 11:36:17 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/19 11:34:52 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/07/19 06:20:46 | 000,007,605 | ---- | M] () -- C:\Users\Rybak\AppData\Local\Resmon.ResmonCfg
[2014/07/18 18:22:59 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/07/18 14:45:13 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2014/07/16 20:37:21 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2014/07/15 19:12:22 | 000,002,867 | ---- | M] () -- C:\Users\Rybak\Desktop\Nero Burning ROM.lnk
[2014/07/15 14:47:37 | 000,001,124 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\IP-MAC Scanner.lnk
[2014/07/15 14:47:37 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\IP-MAC Scanner.lnk
[2014/07/14 02:52:26 | 000,000,851 | ---- | M] () -- C:\Users\Rybak\Desktop\�Torrent.lnk
[2014/07/14 02:52:26 | 000,000,831 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\�Torrent.lnk
[2014/07/13 22:37:08 | 000,001,089 | ---- | M] () -- C:\Users\Rybak\Desktop\FastStone Capture.lnk
[2014/07/12 10:23:26 | 000,002,084 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2014/07/12 10:23:26 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2014/07/11 17:18:24 | 000,001,378 | ---- | M] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/07/11 17:18:24 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2014/07/10 17:52:40 | 000,002,218 | ---- | M] () -- C:\Users\Rybak\Desktop\Google Chrome.lnk
[2014/07/10 16:38:26 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/10 16:18:27 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
[2014/07/10 11:43:49 | 008,324,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/07 21:22:57 | 000,000,773 | ---- | M] () -- C:\Users\Rybak\Desktop\index.html
[2014/07/07 16:21:06 | 000,000,891 | ---- | M] () -- C:\Users\Rybak\Desktop\Mozilla Thunderbird.lnk
[2014/07/07 13:42:07 | 000,000,949 | ---- | M] () -- C:\Users\Rybak\Desktop\Skyrim (SKSE).lnk
[2014/07/07 13:00:23 | 000,000,820 | ---- | M] () -- C:\Users\Rybak\Desktop\Skyrim - Legendary Edition.lnk
[2014/07/06 08:25:32 | 000,004,113 | ---- | M] () -- C:\Users\Rybak\Desktop\Games to Download.ods
[2014/07/04 17:05:16 | 000,000,707 | ---- | M] () -- C:\Users\Rybak\Desktop\Digital Pictures.lnk
[2014/07/03 19:48:53 | 000,000,220 | ---- | M] () -- C:\Users\Rybak\Desktop\Sid Meier's Civilization V.url
[2014/07/02 13:14:25 | 000,001,393 | ---- | M] () -- C:\Users\Rybak\Desktop\Opera.lnk
[2014/07/01 20:51:40 | 071,006,772 | ---- | M] () -- C:\Users\Rybak\Desktop\HardNox - At The Sapphire.mp4
[2014/07/01 16:46:35 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2014/07/01 16:02:19 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/07/29 03:34:37 | 000,078,762 | ---- | C] () -- C:\Users\Rybak\Desktop\Last.Week.Tonight.With.John.Oliver.S01E11.720p.HDTV.x264-BATV.torrent
[2014/07/28 22:19:51 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014/07/28 22:16:30 | 000,112,905 | ---- | C] () -- C:\Users\Rybak\Desktop\gpuz.jpg
[2014/07/28 22:09:53 | 000,006,465 | ---- | C] () -- C:\Users\Rybak\Desktop\[rutracker.org].t4668567.torrent
[2014/07/28 18:17:48 | 000,039,709 | ---- | C] () -- C:\Users\Rybak\Desktop\1234683_10154443852670440_4629939098936341722_n.jpg
[2014/07/28 18:12:18 | 000,043,537 | ---- | C] () -- C:\Users\Rybak\Desktop\35948.gif
[2014/07/26 19:39:25 | 000,090,356 | ---- | C] () -- C:\Users\Rybak\Desktop\error.jpg
[2014/07/26 16:39:09 | 000,001,225 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Video Converter Pro.lnk
[2014/07/26 16:39:09 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Video Converter Pro.lnk
[2014/07/26 16:39:02 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/07/25 11:46:19 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\MultiBit 0.5.18.lnk
[2014/07/24 13:15:29 | 000,086,016 | ---- | C] () -- C:\Users\Rybak\Desktop\appts.pdf
[2014/07/23 17:14:56 | 000,001,197 | ---- | C] () -- C:\Users\Rybak\Desktop\Uplay.lnk
[2014/07/23 16:47:50 | 000,001,282 | ---- | C] () -- C:\Users\Rybak\Desktop\Far Cry 3.lnk
[2014/07/23 16:30:38 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/07/23 16:30:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/07/20 11:52:58 | 000,000,967 | ---- | C] () -- C:\Users\Rybak\Desktop\Aoao Video to GIF Converter.lnk
[2014/07/19 11:52:41 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/07/19 06:20:46 | 000,007,605 | ---- | C] () -- C:\Users\Rybak\AppData\Local\Resmon.ResmonCfg
[2014/07/18 18:22:59 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/07/16 20:37:21 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2014/07/15 19:12:22 | 000,002,867 | ---- | C] () -- C:\Users\Rybak\Desktop\Nero Burning ROM.lnk
[2014/07/15 14:47:37 | 000,001,124 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\IP-MAC Scanner.lnk
[2014/07/15 14:47:37 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\IP-MAC Scanner.lnk
[2014/07/13 22:37:08 | 000,001,089 | ---- | C] () -- C:\Users\Rybak\Desktop\FastStone Capture.lnk
[2014/07/12 10:23:26 | 000,002,084 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2014/07/12 10:23:26 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2014/07/11 17:18:24 | 000,001,378 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/07/11 17:18:24 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2014/07/10 17:52:40 | 000,002,218 | ---- | C] () -- C:\Users\Rybak\Desktop\Google Chrome.lnk
[2014/07/10 16:38:26 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/10 16:18:27 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
[2014/07/10 10:47:53 | 000,314,048 | ---- | C] () -- C:\Users\Rybak\Desktop\Games for Windows LIVE Disabler.exe
[2014/07/07 19:27:35 | 000,000,773 | ---- | C] () -- C:\Users\Rybak\Desktop\index.html
[2014/07/07 16:21:06 | 000,000,891 | ---- | C] () -- C:\Users\Rybak\Desktop\Mozilla Thunderbird.lnk
[2014/07/07 13:42:07 | 000,000,949 | ---- | C] () -- C:\Users\Rybak\Desktop\Skyrim (SKSE).lnk
[2014/07/07 13:00:23 | 000,000,820 | ---- | C] () -- C:\Users\Rybak\Desktop\Skyrim - Legendary Edition.lnk
[2014/07/04 17:05:16 | 000,000,707 | ---- | C] () -- C:\Users\Rybak\Desktop\Digital Pictures.lnk
[2014/07/03 19:48:53 | 000,000,220 | ---- | C] () -- C:\Users\Rybak\Desktop\Sid Meier's Civilization V.url
[2014/07/02 13:14:25 | 000,001,393 | ---- | C] () -- C:\Users\Rybak\Desktop\Opera.lnk
[2014/07/01 20:48:36 | 071,006,772 | ---- | C] () -- C:\Users\Rybak\Desktop\HardNox - At The Sapphire.mp4
[2014/07/01 16:02:19 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/06/30 01:17:46 | 000,000,851 | ---- | C] () -- C:\Users\Rybak\Desktop\�Torrent.lnk
[2014/06/30 01:17:46 | 000,000,831 | ---- | C] () -- C:\Users\Rybak\Application Data\Microsoft\Internet Explorer\Quick Launch\�Torrent.lnk
[2014/06/17 15:34:47 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2014/06/07 18:40:51 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\ISCM64.dll
[2014/06/07 18:40:51 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\ISCM32.dll
[2014/06/03 13:38:31 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2014/05/30 15:18:32 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2014/05/30 11:22:37 | 001,198,476 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/05/29 20:59:04 | 000,005,632 | ---- | C] () -- C:\Users\Rybak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/29 04:11:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/04/30 23:24:06 | 000,000,600 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\PUTTY.RND
[2014/04/28 16:17:41 | 000,001,478 | ---- | C] () -- C:\Users\Rybak\AppData\Local\recently-used.xbel
[2014/02/17 22:58:00 | 000,000,132 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2014/01/28 11:50:21 | 000,000,600 | ---- | C] () -- C:\Users\Rybak\AppData\Local\PUTTY.RND
[2014/01/18 13:17:08 | 000,000,340 | ---- | C] () -- C:\Users\Rybak\AppData\Local\HackLogs.dat
[2014/01/17 22:15:31 | 000,000,620 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\settingsFL.dat
[2014/01/17 21:58:07 | 000,001,213 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\win_fldb_sys.dat
[2014/01/17 21:58:07 | 000,000,693 | -HS- | C] () -- C:\Windows\SysWow64\win_fldb_sys.dat
[2014/01/17 21:55:46 | 000,000,700 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\systemFL7.dat
[2014/01/17 21:47:04 | 000,003,465 | -HS- | C] () -- C:\Windows\SysWow64\win_stlthdb_sys.dat
[2014/01/17 21:47:04 | 000,003,465 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\win_stlthdb_sys.dat
[2014/01/17 21:44:55 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\WinFLAdrv.sys
[2014/01/17 21:44:54 | 000,197,648 | ---- | C] () -- C:\Windows\SysWow64\WinVDEdrv6.sys
[2014/01/17 21:44:38 | 000,014,024 | ---- | C] () -- C:\Windows\SysWow64\WinFLMsgService.exe
[2014/01/17 21:44:37 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nwsftUninstall.exe
[2013/12/27 03:45:59 | 000,000,262 | ---- | C] () -- C:\Users\Rybak\uacossack.inkyp
[2013/12/07 05:46:16 | 000,355,840 | ---- | C] () -- C:\Windows\SysWow64\LiveWrapRTSP.dll
[2013/11/23 21:55:56 | 000,000,037 | -HS- | C] () -- C:\Users\Rybak\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/11/19 18:35:30 | 000,000,132 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/11/10 14:13:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/11/07 20:15:59 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/11/02 10:30:28 | 000,000,012 | ---- | C] () -- C:\Windows\wind3264st.dat
[2013/10/23 03:54:57 | 000,000,600 | ---- | C] () -- C:\Users\Rybak\PUTTY.RND
[2013/10/19 19:14:53 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2013/10/18 18:50:58 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2013/10/18 16:30:37 | 000,004,545 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamStudio.cfg
[2013/10/18 16:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamShapes.ini
[2013/10/18 16:30:37 | 000,000,408 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\CamLayout.ini
[2013/10/18 16:30:37 | 000,000,100 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\Camdata.ini
[2013/10/18 16:18:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2013/10/18 12:56:45 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/17 13:56:20 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/10/16 16:52:40 | 000,000,380 | ---- | C] () -- C:\Users\Rybak\AppData\Roaming\sp_data.sys
[2013/10/16 16:48:33 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013/10/16 16:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013/10/16 16:48:33 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013/10/16 16:48:32 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/10/16 16:48:32 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/07/04 17:04:55 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\.ACEStream
[2014/06/10 13:59:10 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\.mono
[2013/12/02 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ACEStream
[2013/12/19 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\AMS Software
[2014/02/13 09:07:32 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\AnvSoft
[2014/03/23 15:28:21 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Apowersoft
[2014/04/19 02:14:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Arc
[2013/10/20 08:59:06 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Ashampoo
[2013/12/22 20:42:26 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Asterisk Password Decryptor
[2013/11/24 17:24:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Awesomium
[2013/10/24 09:57:12 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bigasoft Video Downloader Pro
[2014/07/06 23:06:41 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Bitcoin
[2013/12/19 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Chamber
[2013/12/04 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Digital Confidence
[2014/06/18 22:20:54 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\DiskDefrag
[2014/07/25 04:23:39 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\DiskSpaceFan
[2014/07/27 15:07:52 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Dropbox
[2013/12/13 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Durbetsel 6.3
[2014/07/06 23:09:45 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Electrum
[2013/11/15 18:21:32 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FaceOffMax
[2014/07/29 07:57:43 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FileZilla
[2013/11/10 14:13:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Flock
[2014/05/30 12:32:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Foxit Software
[2013/11/05 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\freac
[2014/01/23 22:35:29 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\FTPRush
[2014/05/31 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Globalscape
[2014/06/07 11:42:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\HandBrake
[2014/01/20 07:12:31 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Hensense.com
[2014/04/11 16:20:30 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\I2P
[2014/06/02 16:09:28 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ICQ-Profile
[2014/06/02 13:19:09 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ICQM
[2014/06/08 19:48:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ImTOO
[2014/07/05 11:24:36 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\IObit
[2014/05/03 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\IrfanView
[2014/01/09 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\jagex_cache
[2014/02/04 05:58:35 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\KompoZer
[2014/05/20 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Leadertech
[2014/07/26 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Leawo
[2014/06/02 12:07:46 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\LibreOffice
[2014/01/06 23:19:57 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\LockHunter
[2014/07/03 14:24:11 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\LogoMaker
[2013/12/05 00:49:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Miranda
[2014/02/24 15:45:53 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\MouseMonitor
[2014/07/25 12:07:11 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\MultiBit
[2014/06/19 16:47:29 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\MusicBee
[2013/10/20 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\NeoDownloader
[2014/04/22 12:17:36 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\No Company Name
[2014/04/29 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Notepad++
[2014/01/10 12:58:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\OpenDNS Updater
[2014/02/02 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Opera Software
[2013/10/19 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Origin
[2014/01/19 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Passware
[2013/10/23 12:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PDAppFlex
[2013/12/21 20:05:42 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PearlMountain
[2014/06/14 08:43:15 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Pegasys Inc
[2014/07/13 19:18:37 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\PowerISO
[2013/10/19 16:37:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Preme for Windows
[2014/06/24 03:03:23 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\ProductData
[2013/11/02 10:47:47 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\RoboForm
[2014/07/07 13:00:23 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Skyrim - Legendary Edition
[2014/02/28 20:52:13 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Softland
[2014/06/02 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Spotify
[2013/10/28 16:11:25 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TAC
[2013/12/07 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TeamViewer
[2014/05/26 13:14:49 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Thunderbird
[2014/07/26 16:40:23 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\tiger-k
[2014/01/17 13:24:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TightVNC
[2014/01/27 19:06:00 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TomTom
[2014/01/03 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\TuneUp Software
[2013/11/22 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Unity
[2014/07/29 08:00:37 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\uTorrent
[2014/06/03 12:15:11 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Veronisoft
[2013/11/08 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Wargaming.net
[2014/05/25 12:08:27 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Xilisoft
[2013/12/24 02:15:17 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Xirrus
[2014/01/11 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rybak\AppData\Roaming\Yandex
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2014/01/24 19:39:26 | 000,000,162 | -H-- | M] ()(C:\Users\Rybak\Desktop\~$??????? ?????.docx) -- C:\Users\Rybak\Desktop\~$??????? ?????.docx
[2014/01/24 19:39:26 | 000,000,162 | -H-- | C] ()(C:\Users\Rybak\Desktop\~$??????? ?????.docx) -- C:\Users\Rybak\Desktop\~$??????? ?????.docx
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 54 bytes -> C:\Users\Rybak\ntuser.ini:l_encryption_d
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 12 bytes -> C:\Users\Rybak\Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3

< End of report >