Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Think I may be Infected!

Started by Betrayed , Jan 03 2015 09:46 AM

This topic is locked

#1
Betrayed

Posted 03 January 2015 - 09:46 AM

Member

Member
119 posts

Need an urgent check-up think I may be infected!

OTL Logs:

OTL logfile created on: 03/01/2015 15:26:27 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betrayed\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17498)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.97 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 61.29% Memory free

11.53 Gb Paging File | 6.83 Gb Available in Paging File | 59.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 853.29 Gb Total Space | 636.69 Gb Free Space | 74.62% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Betrayed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/03 15:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe

PRC - [2014/12/30 18:53:31 | 000,990,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe

PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014/12/16 11:28:54 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe

PRC - [2014/12/15 11:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

PRC - [2014/12/14 10:22:47 | 006,737,976 | ---- | M] (Spotify Ltd) -- C:\Users\Betrayed\AppData\Roaming\Spotify\spotify.exe

PRC - [2014/12/14 10:22:46 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2014/12/14 10:22:46 | 000,374,840 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

PRC - [2014/12/13 00:13:07 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

PRC - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

PRC - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

PRC - [2014/12/10 01:33:10 | 002,561,848 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

PRC - [2014/12/06 01:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/12/04 16:43:37 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe

PRC - [2014/12/02 11:21:07 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe

PRC - [2014/12/02 11:20:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2014/11/20 08:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

PRC - [2014/11/17 21:42:19 | 000,217,304 | ---- | M] (Razer, Inc.) -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe

PRC - [2014/11/17 21:42:15 | 000,214,232 | ---- | M] (Razer, Inc.) -- C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe

PRC - [2014/11/13 17:08:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

PRC - [2014/11/12 20:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2014/11/03 15:47:52 | 000,585,536 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

PRC - [2014/10/31 22:27:38 | 000,183,488 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

PRC - [2014/10/26 14:52:28 | 000,508,744 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

PRC - [2014/10/19 20:40:54 | 000,060,176 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe

PRC - [2014/10/09 18:59:26 | 000,179,200 | ---- | M] (Company) -- C:\Program Files (x86)\Popcorn Time\Updater.exe

PRC - [2014/09/25 12:57:46 | 000,027,904 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe

PRC - [2014/09/20 08:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe

PRC - [2014/09/16 14:45:52 | 003,095,328 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe

PRC - [2014/08/13 17:10:14 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

PRC - [2014/08/13 17:09:20 | 000,835,288 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe

PRC - [2014/08/13 17:08:12 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

PRC - [2014/07/03 05:25:22 | 000,490,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

PRC - [2014/07/03 03:09:58 | 002,694,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

PRC - [2014/06/25 15:50:56 | 005,558,944 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

PRC - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

PRC - [2014/05/21 10:22:08 | 002,135,232 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

PRC - [2014/02/19 05:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

PRC - [2014/02/04 21:47:30 | 001,075,144 | ---- | M] (AOL Inc.) -- C:\Users\Betrayed\AppData\Local\AOL\AIM\aim.exe

PRC - [2013/03/29 11:18:06 | 000,026,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/30 18:53:31 | 000,990,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe

MOD - [2014/12/14 10:22:47 | 036,966,968 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libcef.dll

MOD - [2014/12/14 10:22:46 | 000,886,840 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libGLESv2.dll

MOD - [2014/12/14 10:22:46 | 000,867,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\ffmpegsumo.dll

MOD - [2014/12/14 10:22:46 | 000,374,840 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

MOD - [2014/12/14 10:22:46 | 000,108,600 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libEGL.dll

MOD - [2014/12/14 10:14:06 | 016,843,952 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

MOD - [2014/12/06 01:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

MOD - [2014/12/06 01:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

MOD - [2014/12/06 01:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

MOD - [2014/12/06 01:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

MOD - [2014/12/06 01:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

MOD - [2014/12/02 11:20:46 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2014/11/28 13:46:48 | 003,083,264 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd

MOD - [2014/11/28 13:46:48 | 001,732,096 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd

MOD - [2014/11/28 13:46:48 | 000,249,856 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd

MOD - [2014/11/20 08:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

MOD - [2014/11/20 06:02:46 | 000,193,024 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll

MOD - [2014/10/19 20:40:48 | 000,044,494 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll

MOD - [2014/10/19 20:40:48 | 000,037,191 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll

MOD - [2014/10/19 20:40:48 | 000,032,020 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll

MOD - [2014/10/19 20:40:48 | 000,030,771 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll

MOD - [2014/10/19 20:40:48 | 000,030,353 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll

MOD - [2014/10/19 20:40:48 | 000,029,791 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll

MOD - [2014/10/19 20:40:48 | 000,023,851 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll

MOD - [2014/10/19 20:40:48 | 000,018,399 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll

MOD - [2014/10/19 20:40:48 | 000,015,978 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll

MOD - [2014/10/19 20:40:48 | 000,012,004 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll

MOD - [2014/10/19 20:40:46 | 000,417,758 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll

MOD - [2014/10/19 20:40:46 | 000,374,169 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll

MOD - [2014/10/19 20:40:46 | 000,328,142 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll

MOD - [2014/10/19 20:40:46 | 000,311,021 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll

MOD - [2014/10/19 20:40:46 | 000,236,666 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll

MOD - [2014/10/19 20:40:46 | 000,170,578 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll

MOD - [2014/10/19 20:40:46 | 000,150,598 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll

MOD - [2014/10/19 20:40:46 | 000,123,540 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll

MOD - [2014/10/19 20:40:46 | 000,116,071 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll

MOD - [2014/10/19 20:40:46 | 000,107,365 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll

MOD - [2014/10/19 20:40:46 | 000,106,670 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll

MOD - [2014/10/19 20:40:46 | 000,092,398 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll

MOD - [2014/10/19 20:40:46 | 000,069,575 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll

MOD - [2014/10/19 20:40:46 | 000,055,880 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll

MOD - [2014/10/19 20:40:46 | 000,047,934 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll

MOD - [2014/10/19 20:40:46 | 000,031,427 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll

MOD - [2014/10/19 20:40:46 | 000,029,256 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll

MOD - [2014/10/19 20:40:46 | 000,029,225 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll

MOD - [2014/10/19 20:40:46 | 000,024,924 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll

MOD - [2014/10/19 20:40:46 | 000,022,832 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll

MOD - [2014/10/19 20:40:46 | 000,021,795 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll

MOD - [2014/10/19 20:40:46 | 000,021,337 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll

MOD - [2014/10/19 20:40:46 | 000,020,997 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll

MOD - [2014/10/19 20:40:46 | 000,019,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll

MOD - [2014/10/19 20:40:46 | 000,019,043 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll

MOD - [2014/10/19 20:40:46 | 000,018,882 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll

MOD - [2014/10/19 20:40:46 | 000,018,555 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll

MOD - [2014/10/19 20:40:46 | 000,017,023 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll

MOD - [2014/10/19 20:40:46 | 000,016,005 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll

MOD - [2014/10/19 20:40:46 | 000,015,702 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll

MOD - [2014/10/19 20:40:46 | 000,015,429 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll

MOD - [2014/10/19 20:40:46 | 000,015,380 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll

MOD - [2014/10/19 20:40:46 | 000,015,074 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll

MOD - [2014/10/19 20:40:46 | 000,015,045 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll

MOD - [2014/10/19 20:40:46 | 000,014,147 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll

MOD - [2014/10/19 20:40:46 | 000,013,456 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll

MOD - [2014/10/19 20:40:46 | 000,013,253 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll

MOD - [2014/10/19 20:40:46 | 000,012,865 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll

MOD - [2014/10/19 20:40:40 | 000,671,031 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll

MOD - [2014/10/19 20:40:40 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll

MOD - [2014/10/19 20:40:40 | 000,036,878 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libssp-0.dll

MOD - [2014/10/19 20:40:06 | 000,486,400 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll

MOD - [2014/10/19 20:40:04 | 000,818,985 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll

MOD - [2014/10/19 20:40:02 | 002,097,721 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll

MOD - [2014/10/19 20:40:02 | 000,152,852 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll

MOD - [2014/10/19 20:39:58 | 001,274,655 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll

MOD - [2014/10/19 20:39:58 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsasl.dll

MOD - [2014/10/19 20:39:58 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll

MOD - [2014/10/19 20:39:58 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll

MOD - [2014/10/19 20:39:58 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll

MOD - [2014/10/19 20:39:58 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll

MOD - [2014/10/19 20:39:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll

MOD - [2014/10/17 18:57:20 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll

MOD - [2014/10/17 18:57:19 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll

MOD - [2014/10/17 18:55:20 | 000,155,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\JSON\83ae5749259d10193dc2370f7f07efd6\JSON.ni.dll

MOD - [2014/10/17 18:55:10 | 011,926,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\6074b87793a7906a01317ea8832e7330\System.Web.ni.dll

MOD - [2014/10/17 18:54:47 | 001,433,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HD-Agent\dc62f3768fcd1b75b184d39344737486\HD-Agent.ni.exe

MOD - [2014/10/17 18:54:47 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\0f06c6152e5384e75e9517c79ed500d4\System.Configuration.ni.dll

MOD - [2014/10/17 15:28:20 | 005,467,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll

MOD - [2014/10/17 15:28:15 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4897677eda02404f00d5c54c24114c7b\System.Windows.Forms.ni.dll

MOD - [2014/10/17 15:28:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\828956d62d94914af63efc7fb36d1120\System.Drawing.ni.dll

MOD - [2014/10/17 15:27:24 | 007,995,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll

MOD - [2014/10/17 15:27:16 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\9b0c1539963f393f6641949a67757b8f\System.Xml.Linq.ni.dll

MOD - [2014/10/17 15:27:15 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll

MOD - [2014/10/17 15:27:09 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll

MOD - [2014/10/17 15:27:07 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll

MOD - [2014/10/17 15:26:56 | 000,219,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\2938a07c482f15730b58d0fddbf869d1\System.ServiceProcess.ni.dll

MOD - [2014/10/17 15:26:32 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll

MOD - [2014/10/17 15:26:28 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\8843bc51abc35b8247ffb506ef61d954\System.Management.ni.dll

MOD - [2014/10/17 15:26:26 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll

MOD - [2014/10/17 15:26:18 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\00fc7d14bbb38db00e4103912c041adf\System.Configuration.ni.dll

MOD - [2014/10/17 15:26:17 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll

MOD - [2014/10/17 15:26:16 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll

MOD - [2014/10/17 15:25:18 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll

MOD - [2014/10/17 15:25:00 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll

MOD - [2014/10/17 15:24:53 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll

MOD - [2014/10/17 15:24:41 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll

MOD - [2014/09/25 12:57:46 | 000,027,904 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe

MOD - [2014/08/14 09:50:50 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll

MOD - [2014/08/13 14:09:24 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

MOD - [2014/07/21 16:10:36 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll

MOD - [2014/07/18 16:01:29 | 000,216,992 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll

MOD - [2014/07/18 16:01:29 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll

MOD - [2014/07/18 16:01:29 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll

MOD - [2014/07/18 16:01:28 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll

MOD - [2014/07/18 16:01:28 | 000,553,382 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll

MOD - [2014/07/18 16:01:28 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll

MOD - [2014/07/18 16:01:28 | 000,177,586 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll

MOD - [2014/07/03 05:45:40 | 032,733,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll

MOD - [2014/06/25 15:50:56 | 005,558,944 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

MOD - [2014/05/24 16:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll

MOD - [2014/05/24 16:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll

MOD - [2014/03/18 15:27:55 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll

MOD - [2014/02/04 21:47:28 | 023,782,856 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\AOL\AIM\libcef.dll

MOD - [2014/02/04 19:33:46 | 016,233,864 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\AOL\AIM\NPSWF32.dll

MOD - [2014/01/23 11:37:18 | 000,036,352 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd

MOD - [2014/01/04 00:20:46 | 034,755,072 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll

MOD - [2014/01/04 00:20:46 | 000,970,240 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll

MOD - [2013/12/21 13:20:42 | 000,040,448 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd

MOD - [2013/12/21 13:20:32 | 000,053,248 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_blist.pyd

MOD - [2013/12/21 13:02:24 | 000,061,952 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd

MOD - [2013/11/27 15:50:12 | 000,018,944 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd

MOD - [2013/03/29 11:18:06 | 000,026,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe

MOD - [2013/01/29 16:20:40 | 000,082,944 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd

MOD - [2013/01/29 16:20:40 | 000,066,048 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd

MOD - [2012/09/09 13:17:08 | 000,472,576 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll

MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll

MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll

MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32api.pyd

MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32api.pyd

MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd

MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd

MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32file.pyd

MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32file.pyd

MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll

MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll

MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd

MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd

MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd

MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd

MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd

MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd

MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd

MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd

MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd

MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd

MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll

MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll

MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll

MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll

MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll

MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll

MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll

MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll

MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll

MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll

MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd

MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd

MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_socket.pyd

MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_socket.pyd

MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd

MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd

MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd

MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd

MOD - [2011/06/12 13:06:22 | 000,106,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd

MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\select.pyd

MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\select.pyd

MOD - [2011/06/12 13:06:20 | 000,688,128 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd

MOD - [2011/02/13 15:02:12 | 000,031,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd

MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd

MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd

MOD - [2010/10/10 22:23:52 | 000,723,968 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\apsw.pyd

========== Services (SafeList) ==========

SRV:64bit: - [2014/12/13 00:13:04 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)

SRV:64bit: - [2014/12/13 00:13:03 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV:64bit: - [2014/12/02 11:20:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2014/12/02 11:20:43 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)

SRV:64bit: - [2014/10/31 04:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014/10/14 19:33:28 | 000,174,600 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2014/10/07 01:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2014/09/22 03:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)

SRV:64bit: - [2014/09/22 03:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2014/08/16 00:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2014/08/16 00:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2014/07/24 07:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2014/07/17 20:31:53 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2014/07/17 20:31:53 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2014/07/17 20:27:11 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2014/06/05 12:15:06 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV:64bit: - [2014/03/18 15:27:40 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2014/03/18 15:27:40 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2014/03/18 15:27:35 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2014/03/18 15:27:33 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2014/03/18 15:27:32 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2014/03/18 15:27:30 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2013/08/30 18:46:48 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV - [2015/01/02 11:16:34 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/12/15 11:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)

SRV - [2014/12/14 10:14:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)

SRV - [2014/11/25 17:01:39 | 000,226,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)

SRV - [2014/11/25 17:01:28 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2014/11/18 20:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014/11/12 20:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2014/10/31 22:27:38 | 000,183,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)

SRV - [2014/10/09 18:59:26 | 000,179,200 | ---- | M] (Company) [Auto | Running] -- C:\Program Files (x86)\Popcorn Time\Updater.exe -- (Update service)

SRV - [2014/09/20 08:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe -- (NCO)

SRV - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2014/08/13 17:10:14 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)

SRV - [2014/08/13 17:08:12 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)

SRV - [2014/08/13 17:07:40 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)

SRV - [2014/07/17 20:27:11 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2014/05/21 10:22:08 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)

SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2014/02/27 17:40:46 | 000,906,432 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2014/02/07 15:29:38 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/03/01 01:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/13 00:13:03 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)

DRV:64bit: - [2014/12/03 16:12:37 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/12/02 11:21:08 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)

DRV:64bit: - [2014/12/02 11:20:47 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2014/12/02 11:20:47 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/12/02 11:20:47 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)

DRV:64bit: - [2014/12/02 11:20:47 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2014/12/02 11:20:47 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/12/02 11:20:47 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2014/12/02 11:20:47 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV:64bit: - [2014/12/02 11:20:43 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)

DRV:64bit: - [2014/11/25 17:01:29 | 000,107,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2014/11/22 10:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)

DRV:64bit: - [2014/11/17 21:37:21 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)

DRV:64bit: - [2014/11/13 00:20:36 | 000,039,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvadarm.sys -- (NVVADARM)

DRV:64bit: - [2014/10/31 22:27:07 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)

DRV:64bit: - [2014/10/14 19:33:28 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV:64bit: - [2014/10/13 02:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2014/10/13 02:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2014/10/13 02:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2014/10/10 01:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2014/09/22 03:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2014/09/22 03:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2014/09/22 02:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2014/09/17 04:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2014/09/05 03:27:52 | 000,160,424 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)

DRV:64bit: - [2014/09/05 03:27:52 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)

DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2014/07/24 15:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2014/07/24 15:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2014/07/24 11:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2014/07/17 20:33:11 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2014/07/17 20:31:53 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2014/07/17 20:31:53 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)

DRV:64bit: - [2014/07/17 20:31:53 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2014/06/12 17:23:04 | 000,064,728 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2014/06/12 17:22:50 | 000,031,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2014/06/12 17:22:02 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2014/06/12 17:22:02 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2014/06/12 17:21:58 | 000,033,496 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2014/03/18 15:27:34 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2014/03/18 15:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2014/03/18 15:27:20 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2014/03/18 15:27:19 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2014/03/18 15:27:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2014/03/18 15:27:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2014/03/18 15:27:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2014/03/18 15:27:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2014/03/18 15:10:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2014/02/27 17:40:32 | 000,054,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2014/02/07 15:29:38 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2014/02/07 15:29:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2013/10/28 09:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)

DRV:64bit: - [2013/10/24 16:29:06 | 000,022,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\UsbCharger.sys -- (UsbCharger)

DRV:64bit: - [2013/10/08 17:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2013/10/08 17:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 12:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013/06/21 09:35:14 | 000,816,344 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2013/05/31 14:53:12 | 000,222,200 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)

DRV:64bit: - [2013/03/01 01:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2012/11/20 12:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)

DRV:64bit: - [2012/08/30 13:22:06 | 000,050,288 | ---- | M] (UB658) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ElgatoGC658.sys -- (ElgatoGC658Y)

DRV - [2014/12/10 18:22:42 | 000,063,064 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys -- (ESProtectionDriver)

DRV - [2014/08/13 17:08:00 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)

DRV - [2014/02/07 15:29:38 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 18 85 69 34 C1 CF 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.isUS: false

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.10

FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.28

FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:4.0.2

FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68

FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.2.0

FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.17

FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5

FF - prefs.js..network.proxy.backup.ftp: "202.77.124.93"

FF - prefs.js..network.proxy.backup.ftp_port: 3128

FF - prefs.js..network.proxy.backup.socks: "202.77.124.93"

FF - prefs.js..network.proxy.backup.socks_port: 3128

FF - prefs.js..network.proxy.backup.ssl: "202.77.124.93"

FF - prefs.js..network.proxy.backup.ssl_port: 3128

FF - prefs.js..network.proxy.ftp: "23.99.85.64"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.http: "23.99.85.64"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "23.99.85.64"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.socks_remote_dns: true

FF - prefs.js..network.proxy.ssl: "23.99.85.64"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.2.7-next: C:\Users\Betrayed\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Betrayed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn\ [2015/01/03 09:05:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/02 11:20:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 10:36:14 | 000,010,691 | ---- | M] ()

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/08/08 19:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Extensions

[2015/01/03 13:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions

[2015/01/03 00:13:00 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2015/01/01 15:03:19 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]

[2015/01/03 13:23:38 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\jid1-4P0kohSJxU1qGg@jetpack

[2015/01/01 15:04:33 | 000,947,620 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]

[2015/01/01 15:05:56 | 000,002,829 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]

[2015/01/01 15:07:15 | 000,329,995 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]

[2015/01/01 15:05:06 | 000,082,295 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]

[2015/01/01 15:01:44 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]

[2015/01/01 15:06:18 | 000,065,568 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi

[2015/01/01 15:06:18 | 000,061,649 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi

[2015/01/01 15:00:42 | 000,544,302 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2014/11/09 17:16:44 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi

[2015/01/01 15:00:10 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2015/01/01 15:06:18 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2015/01/02 11:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2015/01/02 11:16:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014/12/02 11:20:48 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: (Enabled)

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\

CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9.131_0\

CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\

CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.16_0\

CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\

CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\

CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

CHR - Extension: First user = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\

O1 HOSTS File: ([2014/10/27 17:40:22 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 54.225.95.126 baefoldjnepdncjikpmjiamfbjgicfol

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)

O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)

O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NAT Service] C:\Program Files (x86)\NAT Service\natsv.exe ()

O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [AceStream] C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe ()

O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)

O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)

O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)

O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)

O4 - HKCU..\Run: [LightShot] C:\Users\Betrayed\AppData\Local\Skillbrains\lightshot\Lightshot.exe File not found

O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)

O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKCU..\Run: [VPN] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect ve8urxhw.ovpn File not found

O4 - HKCU..\Run: [win32.exe] C:\Users\Betrayed\AppData\Roaming\sample.exe ()

O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()

O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)

O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAAFDFD2-5B3F-49F9-9B7F-8EFA6C07E48F}: DhcpNameServer = 8.8.8.8 8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C1A0FF-625E-4755-9A0E-5A504D75229B}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C1A0FF-625E-4755-9A0E-5A504D75229B}: NameServer = 8.8.8.8,8.8.4.4

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/03 15:25:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe

[2015/01/03 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\New folder

[2015/01/03 10:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAT Service

[2015/01/03 10:14:08 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\D0AAD974-68DA-45A6-9616-F7B59434E6A4

[2015/01/02 11:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2015/01/01 15:23:02 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\School

[2015/01/01 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\Card

[2015/01/01 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\Stuff

[2014/12/28 10:38:14 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Imminent Monitor

[2014/12/28 10:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imminent Monitor

[2014/12/27 17:01:23 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Thunderbird

[2014/12/27 17:01:23 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Local\Thunderbird

[2014/12/27 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2014/12/18 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot

[2014/12/13 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain

[2014/12/08 16:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie

[2014/12/07 23:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2014/12/07 23:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler

[2014/12/04 16:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2014/12/04 16:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014/12/04 16:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[1 C:\Users\Betrayed\AppData\Local\*.tmp files -> C:\Users\Betrayed\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/03 15:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe

[2015/01/03 15:17:48 | 000,000,158 | ---- | M] () -- C:\Users\Betrayed\Desktop\New WinRAR archive.rar

[2015/01/03 15:13:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2015/01/03 15:02:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2015/01/03 13:46:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job

[2015/01/03 13:27:03 | 000,001,438 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk

[2015/01/03 12:41:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-114786149-1812099484-2380863628-1001.job

[2015/01/03 10:16:02 | 000,001,710 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini

[2015/01/03 10:14:00 | 000,386,048 | ---- | M] () -- C:\Users\Betrayed\Desktop\SteamStealer.exe

[2015/01/03 09:06:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2015/01/03 09:05:14 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2015/01/03 09:04:47 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2015/01/03 09:04:44 | 4266,278,911 | -HS- | M] () -- C:\hiberfil.sys

[2015/01/02 15:47:51 | 006,121,806 | ---- | M] () -- C:\Users\Betrayed\Desktop\Viphf December 2014.sql.zip

[2015/01/02 10:52:02 | 002,460,608 | ---- | M] () -- C:\Users\Betrayed\Desktop\sjdb.zip

[2015/01/01 15:14:59 | 000,000,952 | ---- | M] () -- C:\Users\Betrayed\Desktop\Start Tor Browser.lnk

[2014/12/31 20:09:55 | 000,073,780 | ---- | M] () -- C:\Users\Betrayed\Desktop\VAxM3ZR.jpg

[2014/12/30 18:53:31 | 000,990,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe

[2014/12/27 20:25:54 | 000,001,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DuckDnsUpdater.lnk

[2014/12/27 20:25:54 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\DuckDns Updater.lnk

[2014/12/27 10:56:41 | 005,041,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2014/12/18 20:37:25 | 000,000,425 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\UserProducts.xml

[2014/12/18 17:29:19 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/12/16 20:54:11 | 000,001,456 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs

[2014/12/13 20:42:16 | 000,001,791 | ---- | M] () -- C:\Users\Betrayed\Desktop\Cain.lnk

[2014/12/07 23:22:51 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2014/12/06 20:42:45 | 001,153,180 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2014/12/06 20:42:45 | 000,949,038 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2014/12/06 20:42:45 | 000,210,174 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[1 C:\Users\Betrayed\AppData\Local\*.tmp files -> C:\Users\Betrayed\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/03 15:17:03 | 000,000,158 | ---- | C] () -- C:\Users\Betrayed\Desktop\New WinRAR archive.rar

[2015/01/03 13:25:50 | 000,001,438 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk

[2015/01/03 13:25:50 | 000,000,924 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk

[2015/01/03 10:14:00 | 000,386,048 | ---- | C] () -- C:\Users\Betrayed\Desktop\SteamStealer.exe

[2015/01/02 15:46:17 | 006,121,806 | ---- | C] () -- C:\Users\Betrayed\Desktop\Viphf December 2014.sql.zip

[2015/01/02 10:51:48 | 002,460,608 | ---- | C] () -- C:\Users\Betrayed\Desktop\sjdb.zip

[2014/12/31 20:09:51 | 000,073,780 | ---- | C] () -- C:\Users\Betrayed\Desktop\VAxM3ZR.jpg

[2014/12/30 18:54:47 | 000,990,720 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe

[2014/12/27 20:22:32 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\DuckDns Updater.lnk

[2014/12/27 17:01:02 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2014/12/26 21:36:16 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

[2014/12/13 20:42:16 | 000,001,791 | ---- | C] () -- C:\Users\Betrayed\Desktop\Cain.lnk

[2014/12/07 23:22:51 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2014/12/02 15:28:56 | 000,000,046 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2014/12/01 23:37:35 | 000,000,218 | ---- | C] () -- C:\Users\Betrayed\.recently-used.xbel

[2014/11/15 23:58:16 | 000,000,671 | ---- | C] () -- C:\Users\Betrayed\_viminfo

[2014/10/27 17:40:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2014/10/05 11:22:33 | 000,001,710 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini

[2014/10/03 15:54:02 | 000,000,000 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\{E45C296A-8CC8-4B2F-BFED-7780D7D38690}

[2014/09/09 15:45:10 | 000,218,200 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll

[2014/07/19 18:08:28 | 000,001,456 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs

[2014/07/19 16:31:51 | 000,827,226 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2014/07/18 15:43:59 | 000,000,017 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\resmon.resmoncfg

[2014/07/17 15:12:29 | 000,000,425 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\UserProducts.xml

[2014/07/17 14:26:51 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe

[2014/07/17 14:26:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini

[2014/03/18 15:27:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini

[2014/03/18 15:27:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/03/01 01:47:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll

========== ZeroAccess Check ==========

[2014/08/31 20:41:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 00:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 22:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/12/11 17:28:56 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.ACEStream

[2014/07/24 12:38:18 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.firefox

[2014/11/08 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.minecraft

[2015/01/03 15:20:38 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.purple

[2014/08/03 11:48:17 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\ACEStream

[2014/11/16 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Atom

[2014/12/02 11:21:43 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\AVAST Software

[2014/08/25 21:08:26 | 000,000,000 | -HSD | M] -- C:\Users\Betrayed\AppData\Roaming\Common

[2015/01/03 10:14:09 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\D0AAD974-68DA-45A6-9616-F7B59434E6A4

[2014/12/02 11:38:45 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Dropbox

[2014/10/25 16:35:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\DVDVideoSoft

[2014/08/08 18:13:32 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Elgato

[2014/12/02 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\FileZilla

[2014/09/10 18:42:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Geek Uninstaller

[2014/08/06 23:43:58 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Gyazo

[2014/10/26 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\HandBrake

[2014/11/09 09:41:26 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\HexChat

[2014/10/27 17:43:13 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\ICQ-Profile

[2014/11/29 21:25:33 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\iMazing

[2014/12/28 12:58:19 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Imminent Monitor

[2014/07/24 16:20:23 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\LolClient

[2014/12/30 10:17:05 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\MultiBit

[2014/10/26 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Notepad++

[2014/07/19 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\OmniCoin

[2014/10/11 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Opera Software

[2015/01/03 15:39:20 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\PhrozenSoft

[2014/08/29 21:11:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\PopcornTime

[2014/10/23 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Psi

[2014/11/28 16:33:28 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\QFX Software

[2014/07/17 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Rainmeter

[2014/07/23 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Riot Games

[2015/01/03 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Spotify

[2014/10/04 18:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Betrayed\AppData\Roaming\SubFolder

[2014/11/15 23:59:08 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Sublime Text 2

[2014/12/29 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TeamViewer

[2014/07/24 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TechSmith

[2014/12/27 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Thunderbird

[2014/11/08 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TS3Client

[2014/12/14 23:12:50 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\uTorrent

[2014/10/28 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\VIP72 Socks Client

[2014/12/01 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Wireshark

[2014/08/31 16:31:02 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\XBMC

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Betrayed\OneDrive:ms-properties

< End of report >

Extra.txt Logs:

OTL Extras logfile created on: 03/01/2015 15:26:27 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betrayed\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17498)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.97 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 61.29% Memory free

11.53 Gb Paging File | 6.83 Gb Available in Paging File | 59.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 853.29 Gb Total Space | 636.69 Gb Free Space | 74.62% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Betrayed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{270D2868-22A2-4466-A697-B34B63DF18CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{466B33BE-10D2-4F14-91D7-076AA369E7D4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{4BF635C5-45B0-47E8-8106-E3DD61116871}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |

"{4ED6C3E8-5F40-4114-B3AB-DCAE16C03512}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"{D24B3291-6AFA-4991-B121-E28E840EDE18}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{E86CA1CE-F940-4CE1-926B-55C7680889D7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{F4D52FAE-DF2A-40D8-8164-7F2607A8CF23}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{F854E27D-FB79-457E-9A71-B12F9D08D2FB}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |

"{FCE26EB0-38F4-44C2-BD69-3C20E05E7534}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01586A70-0631-4A9A-99D1-E331615D4B28}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{0297A4BF-8EE5-4066-B170-C9649319445C}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe |

"{032F5726-9BB4-4C60-818D-512C17A0C161}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe |

"{04BC492C-135B-4B44-A28E-3CA62025C63F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |

"{0985DB30-FF27-490A-BA9D-522BB79FF18C}" = dir=out | name=@{microsoft.bingfinance_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |

"{0AF0A0C7-64FD-429C-BD10-7F96E0CEAE5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe |

"{0CDF0C52-18C9-44ED-AD2D-82098AFFD8CD}" = dir=in | name=check point vpn |

"{10F47BA0-14FA-4103-96A3-40FE621CEBA0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{11D45E71-3E24-48D3-A57C-E75EA961BC13}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe |

"{16EA40E7-4D8F-496A-B379-FC06D036F59A}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe |

"{20E96A55-A367-41D1-B5A9-0B9E5DB565AE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |

"{219A89BE-8FB3-4E79-9D7B-214C52F1DB17}" = dir=in | name=onenote |

"{226B6A0D-A74B-4269-B835-CC815E99E246}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe |

"{24977E18-AEFB-40D2-AEA4-84D6663D11EB}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.254_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{24F78543-EA8A-4F3E-90FA-67DBB631EC31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |

"{2906E9D1-3CDA-45C7-950C-522C91B4E865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |

"{2B4CB772-C27C-41DD-8A58-BDED0DF78F9E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |

"{2E494D90-655E-4D67-851F-821299907607}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe |

"{2ED79297-9BEB-43BC-9ADF-3E505444386D}" = dir=out | name=juniper networks junos pulse |

"{34B593AF-6BEF-4E94-9220-CDDCF055CBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe |

"{351810D8-5A26-4A72-9564-35E90ABE5831}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{3637A890-45BE-4BED-A9AA-23556DE9155F}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe |

"{3842E306-5EF7-4584-96EF-B173CF41FDAB}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe |

"{38782879-AF6E-4076-8775-CF448D6F0ED0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{397D4628-329D-4054-A8A3-D9E722D0569A}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{3A127339-E715-42EA-AE63-54A76A8CFF62}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{3D79D453-7FC1-46AC-9832-7C353EE4EA1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |

"{4379A432-C740-4902-B40F-42F2660CF8F2}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |

"{43F3725F-3D22-40D6-9199-0D84B58C2CB2}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{4AF1B487-FC0B-4D0C-8EA5-246B9008A974}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |

"{4CD1F759-2B96-4272-AD2F-8CA82CAA9DD0}" = dir=in | name=f5 vpn |

"{4E487BE6-AB79-4E40-837D-39B0417BDC85}" = dir=out | name=skype |

"{5067784F-201C-45A3-9B72-6C80B5E2F430}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\utorrent\utorrent.exe |

"{51405022-4981-436D-8428-3282C823B594}" = dir=in | name=juniper networks junos pulse |

"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{54DA3183-34FA-4F2A-9B65-0B3429E7D5D7}" = dir=out | name=@{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |

"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |

"{581E3EEF-BAE7-42F4-AF1E-DB26391BC057}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{59E74CAA-A586-47AE-90D9-30419AB25A42}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe |

"{5BA1B673-74B9-4583-B742-A5791642D604}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |

"{62E1E668-FF6C-48E5-8C26-5B88192485A7}" = dir=out | name=windows_ie_ac_001 |

"{65D5DCD3-3E41-4F8B-9EDA-15096900FA06}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |

"{65E1014A-ABBE-42E7-863C-6AF086509451}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |

"{65F72EB0-1E60-4BA8-90AA-F08A4C464128}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\utorrent\utorrent.exe |

"{69EEA542-48E8-49C6-A6B7-18431F4AB0EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe |

"{6B3FD1A9-DB62-493A-A67C-5E9ADC9E2B76}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{6DB4AD52-B01D-491E-83E4-41A80C739B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{6F29F2A3-DE09-445C-9460-0D0389F3BB38}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{6F9CA8ED-8384-4C42-AA36-A49A7E16841B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |

"{747D51A2-08BB-4DCA-8865-41AAC2A3BEFA}" = dir=in | name=sonicwall mobile connect |

"{7599D70E-1709-432E-B9A5-143C9C8C8B8C}" = dir=out | name=windows_ie_ac_001 |

"{79B35A56-9554-40E6-B216-ABFA5E539F09}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |

"{79FCF850-AF25-435A-876B-45183A412AD1}" = dir=out | name=f5 vpn |

"{7F1B6447-E00D-49E9-966E-4EB31C173C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{835FE8D0-0F7B-4FA8-A43A-CA7159D9977A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |

"{84471AA8-6A0B-41D5-8669-9898E5A727DF}" = dir=out | name=@{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |

"{84B2064E-A90C-48A6-92FB-CFB50C3BB66E}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{8745C249-A957-4B7F-8EC6-3F29D618A163}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe |

"{8746ECDC-34D4-4762-B03E-810349BD56FA}" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe |

"{882280E6-E109-4D66-B8F1-FD4776A1CD00}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe |

"{892E4A3A-69F0-4CE4-A034-75315F70E29B}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{897CF6BD-9857-463A-BE16-0D17ED0C99EB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8BC4252B-8766-4154-8234-CBE8F1719CA3}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe |

"{8C2A305D-6E3C-4B4F-952C-9A71FA35DF1F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{8EC9B6ED-6ABB-4FB7-9A43-115286C634AB}" = dir=in | name=skype |

"{8F5D932C-23D8-4443-9F5D-B6E0B9183C07}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe |

"{912030D1-80D4-469A-82B4-AE4EA7B8C60D}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe |

"{930DAE28-9C59-4E5D-96E6-893DC08C9600}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{977437CF-F14A-4470-AEA3-0920A9B25D8C}" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe |

"{9873DA48-A4B2-485B-8BCB-967B958E977B}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe |

"{9B926BAF-5E8F-4A22-820A-B32633BA163C}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{A176847B-E928-46AD-8D90-CB27356F4B3A}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |

"{A95F8A6D-F551-4140-9862-16CB07A0543B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |

"{ADBCF0B8-CC61-4071-B18F-78C9856B6ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe |

"{B0182627-0F47-4BA2-B30E-89B234E723CF}" = protocol=17 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe |

"{B5717029-CC06-4EDB-8F30-404B613A3577}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |

"{B6F3BC60-5799-4716-9A25-0F6EC1273F78}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |

"{B8D55E89-7B5D-453E-9363-325AE0780BCE}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe |

"{BA6BCEA6-122E-42FC-87B2-ED7CDEE58594}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe |

"{BE584F75-A11A-42BC-BBE8-AFB3C9DA4FA3}" = dir=out | name=check point vpn |

"{BEEFFDCB-926F-4C96-BFE8-50DDF57E8267}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{C39B1403-39D2-4B63-9159-ADC03FB28F07}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{C8F1CD64-ED74-40DA-8826-18EE24AA3468}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe |

"{CA127A75-8122-4E0C-9587-87EB7F4F61CB}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |

"{CA326F30-D27E-4E83-B172-7415733C2B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{CC5ECC45-7863-4C88-B619-50909095E23F}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |

"{D0C400C9-9D84-4378-8010-369BC3BD2C92}" = dir=out | name=sonicwall mobile connect |

"{D11E089B-01E6-40A2-AF18-8977FF9F036B}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{D35DF8E3-DFC4-40AF-AD80-292E3E96C1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |

"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |

"{D74185FA-96A6-4A21-8FB9-78E21C18457C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |

"{DB20481C-A5E3-4DF5-9CD5-E8A652479A1C}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe |

"{DB2F3F27-DCCB-446D-A79E-80ED12D5791B}" = dir=out | name=onenote |

"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |

"{DCF9A7C1-EBDC-4620-9E0C-EDD470314999}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DD38367B-FDBA-411D-8C5F-F63FE8DB8241}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E40B7D16-5F2E-4966-940E-03DBA1894EAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |

"{E456962A-CEB4-454D-B8ED-9A0F371062BC}" = dir=out | name=@{microsoft.zunevideo_2.6.432.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{E4E68AB7-AEDE-4BA2-9264-EC410D1A387F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{EA62EE56-2B30-4D2B-9E7B-6BE5C33FB4B4}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe |

"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |

"{ECA50630-18DF-445A-85A5-762267820273}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{ED790197-857D-41CD-A374-AA790C2C32E0}" = protocol=6 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe |

"{EEE322A2-5666-4489-9A71-09A9A6D39F29}" = dir=out | name=@{microsoft.zunemusic_2.6.649.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |

"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |

"{F8CE6808-0494-47C8-8CA8-2D4ED56E1163}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{FBB1A254-9D42-4737-922D-4FB8AFDE4F18}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |

"TCP Query User{13261F0B-4916-46CC-BBBF-A80C79DF2FEC}C:\users\betrayed\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe |

"TCP Query User{1CA56E4C-6098-4AD3-965A-7F42C355CFE3}C:\program files (x86)\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe |

"TCP Query User{4A2B3CC0-95FC-485E-94DC-700058F0AE58}C:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe |

"TCP Query User{4B9ADA05-B4F1-4F04-872C-E7B1295F38EA}C:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe |

"TCP Query User{5523BF94-1191-408C-8356-F3526A99F1C2}C:\users\betrayed\downloads\nanocore.exe" = protocol=6 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe |

"TCP Query User{EBA8C3C0-CFB1-4F29-A5E2-AD50BDE7DBEB}C:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe |

"UDP Query User{0BA0C364-8575-4EFC-82E7-8775C7726A84}C:\users\betrayed\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe |

"UDP Query User{7A0CC3F9-0A73-4957-A2D3-F11FA83A0188}C:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe |

"UDP Query User{8310AB89-79A8-4F82-8992-3CCE620D2685}C:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe |

"UDP Query User{E001E283-580C-4559-A0F0-B22A7A0D7F3C}C:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe |

"UDP Query User{F53287BD-8494-4B78-9BDA-A124979D6CE7}C:\users\betrayed\downloads\nanocore.exe" = protocol=17 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe |

"UDP Query User{F94BDDD4-6DFC-493B-8843-DB58B5B58AB9}C:\program files (x86)\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)

"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64

"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.75

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.75

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.75

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 344.75

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.18.9

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio" = NVIDIA Miracast Virtual Audio 344.75

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.18.9

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27

"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support

"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030

"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"Imminent Monitor" = Imminent Monitor

"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 1.05.1.1016

"OpenVPN" = OpenVPN 2.3.4-I002

"Sandboxie" = Sandboxie 4.14 (64-bit)

"Speccy" = Speccy

"Sublime Text 2_is1" = Sublime Text 2.0.2

"TAP-Windows" = TAP-Windows 9.9.2

"WinRAR archiver" = WinRAR 5.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian

"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center

"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0

"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish

"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish

"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21

"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25

"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B12.1113.1

"{2B22C750-5C3B-4738-B621-BA786AC7A494}" = Adobe After Effects CC 2014

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English

"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch

"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.2.0.17

"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian

"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime

"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard

"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German

"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy

"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All

"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French

"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech

"{663DEEEF-EF34-4DCB-8687-73A7AA146E02}" = Adobe Media Encoder CC 2014

"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese

"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1

"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends

"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish

"{80AE23DF-71A4-4E3F-B931-F93AB5DF0BDD}" = Camtasia Studio 8

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean

"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish

"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish

"{981B38A6-E4D0-4D94-98C2-75AC645755F5}" = BlueStacks Notification Center

"{9905E4C1-14D8-4522-88FE-FD00B51A20DC}" = LogMeIn

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish

"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian

"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)

"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX

"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional

"{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}" = Elgato Game Capture HD

"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030

"{C4ADB67B-C908-4D94-B85E-585D2F3F9118}" = TweetDeck

"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014

"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4D03CB7-3B18-44CB-AA4A-4F83FBAEBE8A}_is1" = DuckDns Updater version 1.0.2

"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian

"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1" = FileSeek 3.3

"Adobe Creative Cloud" = Adobe Creative Cloud

"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI

"Avast" = Avast Free Antivirus

"Cain & Abel 4.9.56" = Cain & Abel 4.9.56

"Clownfish" = Clownfish for Skype

"Comodo Dragon" = Comodo Dragon

"DarkComet Remover_is1" = DarkComet Remover version 2.0

"FileZilla Client" = FileZilla Client 3.9.0.3

"Free YouTube Uploader_is1" = Free YouTube Uploader version 4.0.20.923

"Google Chrome" = Google Chrome

"HandBrake" = HandBrake 0.9.9.1

"HexChat_is1" = HexChat

"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1

"KeyScrambler" = KeyScrambler

"League of Legends 3.0.0" = League of Legends

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028

"Mozilla Firefox 34.0.5 (x86 en-GB)" = Mozilla Firefox 34.0.5 (x86 en-GB)

"Mozilla Thunderbird 31.3.0 (x86 en-GB)" = Mozilla Thunderbird 31.3.0 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"NST" = Norton Identity Safe

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Opera 26.0.1656.60" = Opera Stable 26.0.1656.60

"Pidgin" = Pidgin

"pidgin-otr" = pidgin-otr 4.0.0-1

"Popcorn Time_is1" = Popcorn Time

"Rainmeter" = Rainmeter

"Steam" = Steam

"Steam App 221100" = DayZ

"Steam App 240" = Counter-Strike: Source

"Steam App 273110" = Counter-Strike Nexon: Zombies

"Steam App 4000" = Garry's Mod

"Steam App 44350" = GRID 2

"Steam App 550" = Left 4 Dead 2

"Steam App 730" = Counter-Strike: Global Offensive

"TeamViewer" = TeamViewer 10

"VMware_Player" = VMware Player

"WinPcapInst" = WinPcap 4.1.3

"Wireshark" = Wireshark 1.12.2 (64-bit)

"xampp" = XAMPP

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"AceStream" = Ace Stream Media 2.2.7-next

"AIM" = AIM for Windows

"Dropbox" = Dropbox

"JoinMe" = join.me

"Spotify" = Spotify

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"UnityWebPlayer" = Unity Web Player

"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/10/2014 13:13:40 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0xe68 Faulting application start time: 0x01cfe4ad88842592 Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: c76fd465-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:13:53 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0x1d68 Faulting application start time: 0x01cfe4ad8fd019f8 Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: cebf7269-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:14:05 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0x1fd4 Faulting application start time: 0x01cfe4ad971fc64d Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: d60cc564-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:14:17 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0x1218 Faulting application start time: 0x01cfe4ad9e6d6058 Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: dd5b388d-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:14:29 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0xdac Faulting application start time: 0x01cfe4ada5bb391b Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: e4a5d68d-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:14:42 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0x1c44 Faulting application start time: 0x01cfe4adad05e760 Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: ebf40746-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:14:54 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0x1650 Faulting application start time: 0x01cfe4adb4548354 Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: f342551e-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:15:06 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0x1710 Faulting application start time: 0x01cfe4adbba27f3a Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: fa8fe2a2-50a0-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:15:18 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0x1288 Faulting application start time: 0x01cfe4adc2f1a3af Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: 01df5bb1-50a1-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

Error - 10/10/2014 13:15:31 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,

time stamp: 0x530ff71d Faulting module name: vmware-usbarbitrator64.exe, version:

12.1.17.0, time stamp: 0x530ff71d Exception code: 0xc0000005 Fault offset: 0x0000000000006092

Faulting

process ID: 0xcd4 Faulting application start time: 0x01cfe4adca3f89f2 Faulting application

path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Faulting

module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

Report

ID: 092d3d8a-50a1-11e4-bed1-74d4355589de Faulting package full name: Faulting package-relative

application ID:

[ System Events ]

Error - 06/11/2014 15:01:05 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 648 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:01:18 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 649 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:01:30 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 650 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:01:42 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 651 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:01:55 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 652 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:02:07 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 653 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:02:19 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 654 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:02:31 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 655 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:02:44 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 656 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

Error - 06/11/2014 15:02:56 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = The VMware USB Arbitration Service service terminated unexpectedly.

It has done this 657 time(s). The following corrective action will be taken in

10000 milliseconds: Restart the service.

< End of report >

#2
Machiavelli

Posted 03 January 2015 - 12:30 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello and Welcome to GeeksToGo Betrayed,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that. :alarm:

The fixes are specific to your problem and should only be used for the issue on your machine!

I'm in the 'Malware Staff Team' and will provide you with some advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

You must reply to posts within 4 days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is an important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.

Below are a few tips :alarm:

Removing Malware is usually very difficult.
We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
Please follow these instructions
If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
Please stay in contact with me until your problem is resolved
As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
Read my post completely
If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

I will come back with further instructions some time later.

#3
Machiavelli

Posted 03 January 2015 - 01:10 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hi,
there is some Malware. Please pay attention to every little detail. That's a very important point while I'm removing the Malware on your system.

Step 1: Illegal Files Warning

In your log(s) I see some things which are related to illegal Sofware. We do not support illegal Software. With the fix below we will remove the illegal software. If you opt not to remove I will have to withdraw my free assistance per this forums terms of use.

Following file(s) is/are illegal:

C:\Users\Betrayed\Desktop\SteamStealer.exe

Step 2: P2P Warning

IMPORTANT I see, you have one or more P2P (Peer to Peer) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:

4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 3: OTL Fix

Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
O1 - Hosts: 54.225.95.126 baefoldjnepdncjikpmjiamfbjgicfol
O4 - HKCU..\Run: [win32.exe] C:\Users\Betrayed\AppData\Roaming\sample.exe ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..network.proxy.backup.ftp: "202.77.124.93"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "202.77.124.93"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "202.77.124.93"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "23.99.85.64"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "23.99.85.64"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "23.99.85.64"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "23.99.85.64"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [LightShot] C:\Users\Betrayed\AppData\Local\Skillbrains\lightshot\Lightshot.exe File not found
O4 - HKCU..\Run: [VPN] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect ve8urxhw.ovpn File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2015/01/03 13:46:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2015/01/03 12:41:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-114786149-1812099484-2380863628-1001.job
[2015/01/03 10:14:00 | 000,386,048 | ---- | M] () -- C:\Users\Betrayed\Desktop\SteamStealer.exe
[2014/10/25 16:35:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\DVDVideoSoft
@Alternate Data Stream - 220 bytes -> C:\Users\Betrayed\OneDrive:ms-properties

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

Step 4: Question

Do you know these two files:

C:\Windows\SysNative\drivers\AppleCharger.sys
C:\Windows\SysNative\drivers\UsbCharger.sys

#4
Betrayed

Posted 03 January 2015 - 01:41 PM

Member

Topic Starter
Member
119 posts

OTL Logs:

OTL logfile created on: 03/01/2015 19:28:19 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betrayed\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17498)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.97 Gb Total Physical Memory | 7.82 Gb Available Physical Memory | 78.51% Memory free

11.53 Gb Paging File | 9.02 Gb Available in Paging File | 78.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 853.29 Gb Total Space | 634.64 Gb Free Space | 74.38% Space Free | Partition Type: NTFS