Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I may be Infected!


  • This topic is locked This topic is locked

#1
Betrayed

Betrayed

    Member

  • Member
  • PipPip
  • 98 posts

Need an urgent check-up think I may be infected!

 

OTL Logs:

 

OTL logfile created on: 03/01/2015 15:26:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Betrayed\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
9.97 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 61.29% Memory free
11.53 Gb Paging File | 6.83 Gb Available in Paging File | 59.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 853.29 Gb Total Space | 636.69 Gb Free Space | 74.62% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Betrayed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/03 15:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe
PRC - [2014/12/30 18:53:31 | 000,990,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/16 11:28:54 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
PRC - [2014/12/15 11:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014/12/14 10:22:47 | 006,737,976 | ---- | M] (Spotify Ltd) -- C:\Users\Betrayed\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/12/14 10:22:46 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/12/14 10:22:46 | 000,374,840 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/12/13 00:13:07 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
PRC - [2014/12/10 01:33:10 | 002,561,848 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
PRC - [2014/12/06 01:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/04 16:43:37 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
PRC - [2014/12/02 11:21:07 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/02 11:20:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/20 08:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
PRC - [2014/11/17 21:42:19 | 000,217,304 | ---- | M] (Razer, Inc.) -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
PRC - [2014/11/17 21:42:15 | 000,214,232 | ---- | M] (Razer, Inc.) -- C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
PRC - [2014/11/13 17:08:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/12 20:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/11/03 15:47:52 | 000,585,536 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2014/10/31 22:27:38 | 000,183,488 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2014/10/26 14:52:28 | 000,508,744 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2014/10/19 20:40:54 | 000,060,176 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2014/10/09 18:59:26 | 000,179,200 | ---- | M] (Company) -- C:\Program Files (x86)\Popcorn Time\Updater.exe
PRC - [2014/09/25 12:57:46 | 000,027,904 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe
PRC - [2014/09/20 08:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
PRC - [2014/09/16 14:45:52 | 003,095,328 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014/08/13 17:10:14 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/08/13 17:09:20 | 000,835,288 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2014/08/13 17:08:12 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/07/03 05:25:22 | 000,490,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/07/03 03:09:58 | 002,694,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/06/25 15:50:56 | 005,558,944 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2014/05/21 10:22:08 | 002,135,232 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014/02/19 05:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2014/02/04 21:47:30 | 001,075,144 | ---- | M] (AOL Inc.) -- C:\Users\Betrayed\AppData\Local\AOL\AIM\aim.exe
PRC - [2013/03/29 11:18:06 | 000,026,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/30 18:53:31 | 000,990,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe
MOD - [2014/12/14 10:22:47 | 036,966,968 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/12/14 10:22:46 | 000,886,840 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/12/14 10:22:46 | 000,867,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
MOD - [2014/12/14 10:22:46 | 000,374,840 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/12/14 10:22:46 | 000,108,600 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/12/14 10:14:06 | 016,843,952 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
MOD - [2014/12/06 01:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/06 01:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 01:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/06 01:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/06 01:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/12/02 11:20:46 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/28 13:46:48 | 003,083,264 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
MOD - [2014/11/28 13:46:48 | 001,732,096 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
MOD - [2014/11/28 13:46:48 | 000,249,856 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
MOD - [2014/11/20 08:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
MOD - [2014/11/20 06:02:46 | 000,193,024 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
MOD - [2014/10/19 20:40:48 | 000,044,494 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2014/10/19 20:40:48 | 000,037,191 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2014/10/19 20:40:48 | 000,032,020 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2014/10/19 20:40:48 | 000,030,771 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2014/10/19 20:40:48 | 000,030,353 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2014/10/19 20:40:48 | 000,029,791 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2014/10/19 20:40:48 | 000,023,851 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2014/10/19 20:40:48 | 000,018,399 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2014/10/19 20:40:48 | 000,015,978 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2014/10/19 20:40:48 | 000,012,004 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2014/10/19 20:40:46 | 000,417,758 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2014/10/19 20:40:46 | 000,374,169 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2014/10/19 20:40:46 | 000,328,142 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2014/10/19 20:40:46 | 000,311,021 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2014/10/19 20:40:46 | 000,236,666 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2014/10/19 20:40:46 | 000,170,578 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2014/10/19 20:40:46 | 000,150,598 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2014/10/19 20:40:46 | 000,123,540 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2014/10/19 20:40:46 | 000,116,071 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2014/10/19 20:40:46 | 000,107,365 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2014/10/19 20:40:46 | 000,106,670 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2014/10/19 20:40:46 | 000,092,398 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2014/10/19 20:40:46 | 000,069,575 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2014/10/19 20:40:46 | 000,055,880 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2014/10/19 20:40:46 | 000,047,934 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2014/10/19 20:40:46 | 000,031,427 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2014/10/19 20:40:46 | 000,029,256 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2014/10/19 20:40:46 | 000,029,225 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2014/10/19 20:40:46 | 000,024,924 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2014/10/19 20:40:46 | 000,022,832 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2014/10/19 20:40:46 | 000,021,795 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2014/10/19 20:40:46 | 000,021,337 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2014/10/19 20:40:46 | 000,020,997 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2014/10/19 20:40:46 | 000,019,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2014/10/19 20:40:46 | 000,019,043 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2014/10/19 20:40:46 | 000,018,882 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2014/10/19 20:40:46 | 000,018,555 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2014/10/19 20:40:46 | 000,017,023 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2014/10/19 20:40:46 | 000,016,005 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2014/10/19 20:40:46 | 000,015,702 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2014/10/19 20:40:46 | 000,015,429 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2014/10/19 20:40:46 | 000,015,380 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2014/10/19 20:40:46 | 000,015,074 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2014/10/19 20:40:46 | 000,015,045 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2014/10/19 20:40:46 | 000,014,147 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2014/10/19 20:40:46 | 000,013,456 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2014/10/19 20:40:46 | 000,013,253 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2014/10/19 20:40:46 | 000,012,865 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2014/10/19 20:40:40 | 000,671,031 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2014/10/19 20:40:40 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2014/10/19 20:40:40 | 000,036,878 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libssp-0.dll
MOD - [2014/10/19 20:40:06 | 000,486,400 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2014/10/19 20:40:04 | 000,818,985 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
MOD - [2014/10/19 20:40:02 | 002,097,721 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2014/10/19 20:40:02 | 000,152,852 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2014/10/19 20:39:58 | 001,274,655 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2014/10/19 20:39:58 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsasl.dll
MOD - [2014/10/19 20:39:58 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
MOD - [2014/10/19 20:39:58 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
MOD - [2014/10/19 20:39:58 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
MOD - [2014/10/19 20:39:58 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
MOD - [2014/10/19 20:39:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
MOD - [2014/10/17 18:57:20 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll
MOD - [2014/10/17 18:57:19 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/17 18:55:20 | 000,155,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\JSON\83ae5749259d10193dc2370f7f07efd6\JSON.ni.dll
MOD - [2014/10/17 18:55:10 | 011,926,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\6074b87793a7906a01317ea8832e7330\System.Web.ni.dll
MOD - [2014/10/17 18:54:47 | 001,433,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HD-Agent\dc62f3768fcd1b75b184d39344737486\HD-Agent.ni.exe
MOD - [2014/10/17 18:54:47 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\0f06c6152e5384e75e9517c79ed500d4\System.Configuration.ni.dll
MOD - [2014/10/17 15:28:20 | 005,467,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll
MOD - [2014/10/17 15:28:15 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4897677eda02404f00d5c54c24114c7b\System.Windows.Forms.ni.dll
MOD - [2014/10/17 15:28:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\828956d62d94914af63efc7fb36d1120\System.Drawing.ni.dll
MOD - [2014/10/17 15:27:24 | 007,995,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll
MOD - [2014/10/17 15:27:16 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\9b0c1539963f393f6641949a67757b8f\System.Xml.Linq.ni.dll
MOD - [2014/10/17 15:27:15 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2014/10/17 15:27:09 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2014/10/17 15:27:07 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll
MOD - [2014/10/17 15:26:56 | 000,219,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\2938a07c482f15730b58d0fddbf869d1\System.ServiceProcess.ni.dll
MOD - [2014/10/17 15:26:32 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
MOD - [2014/10/17 15:26:28 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\8843bc51abc35b8247ffb506ef61d954\System.Management.ni.dll
MOD - [2014/10/17 15:26:26 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2014/10/17 15:26:18 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\00fc7d14bbb38db00e4103912c041adf\System.Configuration.ni.dll
MOD - [2014/10/17 15:26:17 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll
MOD - [2014/10/17 15:26:16 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll
MOD - [2014/10/17 15:25:18 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll
MOD - [2014/10/17 15:25:00 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll
MOD - [2014/10/17 15:24:53 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll
MOD - [2014/10/17 15:24:41 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/09/25 12:57:46 | 000,027,904 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe
MOD - [2014/08/14 09:50:50 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll
MOD - [2014/08/13 14:09:24 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/07/21 16:10:36 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll
MOD - [2014/07/18 16:01:29 | 000,216,992 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2014/07/18 16:01:29 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2014/07/18 16:01:29 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2014/07/18 16:01:28 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2014/07/18 16:01:28 | 000,553,382 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2014/07/18 16:01:28 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2014/07/18 16:01:28 | 000,177,586 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2014/07/03 05:45:40 | 032,733,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
MOD - [2014/06/25 15:50:56 | 005,558,944 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/05/24 16:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 16:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2014/03/18 15:27:55 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2014/02/04 21:47:28 | 023,782,856 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\AOL\AIM\libcef.dll
MOD - [2014/02/04 19:33:46 | 016,233,864 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\AOL\AIM\NPSWF32.dll
MOD - [2014/01/23 11:37:18 | 000,036,352 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
MOD - [2014/01/04 00:20:46 | 034,755,072 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
MOD - [2014/01/04 00:20:46 | 000,970,240 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
MOD - [2013/12/21 13:20:42 | 000,040,448 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
MOD - [2013/12/21 13:20:32 | 000,053,248 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
MOD - [2013/12/21 13:02:24 | 000,061,952 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
MOD - [2013/11/27 15:50:12 | 000,018,944 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
MOD - [2013/03/29 11:18:06 | 000,026,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe
MOD - [2013/01/29 16:20:40 | 000,082,944 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
MOD - [2013/01/29 16:20:40 | 000,066,048 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
MOD - [2012/09/09 13:17:08 | 000,472,576 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll
MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll
MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll
MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll
MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll
MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll
MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll
MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll
MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll
MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll
MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
MOD - [2011/06/12 13:06:22 | 000,106,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\select.pyd
MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\select.pyd
MOD - [2011/06/12 13:06:20 | 000,688,128 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
MOD - [2011/02/13 15:02:12 | 000,031,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
MOD - [2010/10/10 22:23:52 | 000,723,968 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/13 00:13:04 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/12/13 00:13:03 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/12/02 11:20:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/12/02 11:20:43 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/10/31 04:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/14 19:33:28 | 000,174,600 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2014/10/07 01:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/22 03:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 03:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 00:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 00:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 07:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/07/17 20:31:53 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/07/17 20:31:53 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/07/17 20:27:11 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/06/05 12:15:06 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2014/03/18 15:27:40 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 15:27:40 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 15:27:35 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 15:27:33 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 15:27:32 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 15:27:30 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/30 18:46:48 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2015/01/02 11:16:34 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/15 11:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/12/14 10:14:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014/11/25 17:01:39 | 000,226,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/11/25 17:01:28 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/11/18 20:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/11/12 20:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/10/31 22:27:38 | 000,183,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2014/10/09 18:59:26 | 000,179,200 | ---- | M] (Company) [Auto | Running] -- C:\Program Files (x86)\Popcorn Time\Updater.exe -- (Update service)
SRV - [2014/09/20 08:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe -- (NCO)
SRV - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/08/13 17:10:14 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/08/13 17:08:12 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/08/13 17:07:40 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/07/17 20:27:11 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2014/05/21 10:22:08 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/02/27 17:40:46 | 000,906,432 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2014/02/07 15:29:38 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/03/01 01:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/13 00:13:03 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/12/03 16:12:37 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/02 11:21:08 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/02 11:20:47 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/12/02 11:20:47 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/02 11:20:47 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/12/02 11:20:47 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/02 11:20:47 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/02 11:20:47 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/02 11:20:47 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/02 11:20:43 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/11/25 17:01:29 | 000,107,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/11/22 10:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/11/17 21:37:21 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2014/11/13 00:20:36 | 000,039,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvadarm.sys -- (NVVADARM)
DRV:64bit: - [2014/10/31 22:27:07 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2014/10/14 19:33:28 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2014/10/13 02:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/13 02:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/13 02:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/10 01:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/22 03:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 03:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 02:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/09/17 04:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/05 03:27:52 | 000,160,424 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2014/09/05 03:27:52 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 15:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 15:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 11:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/07/17 20:33:11 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/07/17 20:31:53 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/07/17 20:31:53 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/07/17 20:31:53 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/06/12 17:23:04 | 000,064,728 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2014/06/12 17:22:50 | 000,031,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2014/06/12 17:22:02 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2014/06/12 17:22:02 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2014/06/12 17:21:58 | 000,033,496 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2014/03/18 15:27:34 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 15:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 15:27:20 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 15:27:19 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 15:27:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 15:27:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 15:27:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 15:27:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 15:10:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/02/27 17:40:32 | 000,054,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2014/02/07 15:29:38 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2014/02/07 15:29:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/10/28 09:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/10/24 16:29:06 | 000,022,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\UsbCharger.sys -- (UsbCharger)
DRV:64bit: - [2013/10/08 17:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2013/10/08 17:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2013/09/27 19:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE07080.017\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/21 09:35:14 | 000,816,344 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/05/31 14:53:12 | 000,222,200 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2013/03/08 08:47:50 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2013/03/01 01:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/11/20 12:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/08/30 13:22:06 | 000,050,288 | ---- | M] (UB658) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ElgatoGC658.sys -- (ElgatoGC658Y)
DRV - [2014/12/10 18:22:42 | 000,063,064 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys -- (ESProtectionDriver)
DRV - [2014/08/13 17:08:00 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2014/02/07 15:29:38 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 18 85 69 34 C1 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.10
FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.28
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:4.0.2
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.17
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..network.proxy.backup.ftp: "202.77.124.93"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "202.77.124.93"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "202.77.124.93"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "23.99.85.64"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "23.99.85.64"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "23.99.85.64"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "23.99.85.64"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.2.7-next: C:\Users\Betrayed\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Betrayed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn\ [2015/01/03 09:05:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/02 11:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 10:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/08/08 19:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Extensions
[2015/01/03 13:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions
[2015/01/03 00:13:00 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2015/01/01 15:03:19 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/03 13:23:38 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:04:33 | 000,947,620 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:05:56 | 000,002,829 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:07:15 | 000,329,995 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:05:06 | 000,082,295 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:01:44 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:06:18 | 000,065,568 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2015/01/01 15:06:18 | 000,061,649 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2015/01/01 15:00:42 | 000,544,302 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/11/09 17:16:44 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2015/01/01 15:00:10 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/01 15:06:18 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2015/01/02 11:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/02 11:16:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/02 11:20:48 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9.131_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.16_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: First user = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\
 
O1 HOSTS File: ([2014/10/27 17:40:22 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 54.225.95.126 baefoldjnepdncjikpmjiamfbjgicfol
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NAT Service] C:\Program Files (x86)\NAT Service\natsv.exe ()
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AceStream] C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\Betrayed\AppData\Local\Skillbrains\lightshot\Lightshot.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [VPN] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect ve8urxhw.ovpn File not found
O4 - HKCU..\Run: [win32.exe] C:\Users\Betrayed\AppData\Roaming\sample.exe ()
O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAAFDFD2-5B3F-49F9-9B7F-8EFA6C07E48F}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C1A0FF-625E-4755-9A0E-5A504D75229B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C1A0FF-625E-4755-9A0E-5A504D75229B}: NameServer = 8.8.8.8,8.8.4.4
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/03 15:25:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe
[2015/01/03 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\New folder
[2015/01/03 10:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAT Service
[2015/01/03 10:14:08 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\D0AAD974-68DA-45A6-9616-F7B59434E6A4
[2015/01/02 11:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/01 15:23:02 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\School
[2015/01/01 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\Card
[2015/01/01 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\Stuff
[2014/12/28 10:38:14 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Imminent Monitor
[2014/12/28 10:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imminent Monitor
[2014/12/27 17:01:23 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Thunderbird
[2014/12/27 17:01:23 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Local\Thunderbird
[2014/12/27 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/12/18 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
[2014/12/13 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2014/12/08 16:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2014/12/07 23:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2014/12/07 23:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2014/12/04 16:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/12/04 16:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/12/04 16:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[1 C:\Users\Betrayed\AppData\Local\*.tmp files -> C:\Users\Betrayed\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/03 15:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe
[2015/01/03 15:17:48 | 000,000,158 | ---- | M] () -- C:\Users\Betrayed\Desktop\New WinRAR archive.rar
[2015/01/03 15:13:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/03 15:02:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/03 13:46:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2015/01/03 13:27:03 | 000,001,438 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk
[2015/01/03 12:41:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-114786149-1812099484-2380863628-1001.job
[2015/01/03 10:16:02 | 000,001,710 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2015/01/03 10:14:00 | 000,386,048 | ---- | M] () -- C:\Users\Betrayed\Desktop\SteamStealer.exe
[2015/01/03 09:06:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/03 09:05:14 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/03 09:04:47 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/01/03 09:04:44 | 4266,278,911 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/02 15:47:51 | 006,121,806 | ---- | M] () -- C:\Users\Betrayed\Desktop\Viphf December 2014.sql.zip
[2015/01/02 10:52:02 | 002,460,608 | ---- | M] () -- C:\Users\Betrayed\Desktop\sjdb.zip
[2015/01/01 15:14:59 | 000,000,952 | ---- | M] () -- C:\Users\Betrayed\Desktop\Start Tor Browser.lnk
[2014/12/31 20:09:55 | 000,073,780 | ---- | M] () -- C:\Users\Betrayed\Desktop\VAxM3ZR.jpg
[2014/12/30 18:53:31 | 000,990,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe
[2014/12/27 20:25:54 | 000,001,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DuckDnsUpdater.lnk
[2014/12/27 20:25:54 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\DuckDns Updater.lnk
[2014/12/27 10:56:41 | 005,041,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/12/18 20:37:25 | 000,000,425 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\UserProducts.xml
[2014/12/18 17:29:19 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/16 20:54:11 | 000,001,456 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/12/13 20:42:16 | 000,001,791 | ---- | M] () -- C:\Users\Betrayed\Desktop\Cain.lnk
[2014/12/07 23:22:51 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/12/06 20:42:45 | 001,153,180 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/12/06 20:42:45 | 000,949,038 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/12/06 20:42:45 | 000,210,174 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[1 C:\Users\Betrayed\AppData\Local\*.tmp files -> C:\Users\Betrayed\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/03 15:17:03 | 000,000,158 | ---- | C] () -- C:\Users\Betrayed\Desktop\New WinRAR archive.rar
[2015/01/03 13:25:50 | 000,001,438 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk
[2015/01/03 13:25:50 | 000,000,924 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk
[2015/01/03 10:14:00 | 000,386,048 | ---- | C] () -- C:\Users\Betrayed\Desktop\SteamStealer.exe
[2015/01/02 15:46:17 | 006,121,806 | ---- | C] () -- C:\Users\Betrayed\Desktop\Viphf December 2014.sql.zip
[2015/01/02 10:51:48 | 002,460,608 | ---- | C] () -- C:\Users\Betrayed\Desktop\sjdb.zip
[2014/12/31 20:09:51 | 000,073,780 | ---- | C] () -- C:\Users\Betrayed\Desktop\VAxM3ZR.jpg
[2014/12/30 18:54:47 | 000,990,720 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\sample.exe
[2014/12/27 20:22:32 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\DuckDns Updater.lnk
[2014/12/27 17:01:02 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2014/12/26 21:36:16 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2014/12/13 20:42:16 | 000,001,791 | ---- | C] () -- C:\Users\Betrayed\Desktop\Cain.lnk
[2014/12/07 23:22:51 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/12/02 15:28:56 | 000,000,046 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/12/01 23:37:35 | 000,000,218 | ---- | C] () -- C:\Users\Betrayed\.recently-used.xbel
[2014/11/15 23:58:16 | 000,000,671 | ---- | C] () -- C:\Users\Betrayed\_viminfo
[2014/10/27 17:40:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/05 11:22:33 | 000,001,710 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2014/10/03 15:54:02 | 000,000,000 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\{E45C296A-8CC8-4B2F-BFED-7780D7D38690}
[2014/09/09 15:45:10 | 000,218,200 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2014/07/19 18:08:28 | 000,001,456 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/07/19 16:31:51 | 000,827,226 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/07/18 15:43:59 | 000,000,017 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\resmon.resmoncfg
[2014/07/17 15:12:29 | 000,000,425 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\UserProducts.xml
[2014/07/17 14:26:51 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2014/07/17 14:26:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2014/03/18 15:27:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 15:27:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/03/01 01:47:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll
 
========== ZeroAccess Check ==========
 
[2014/08/31 20:41:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 00:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 22:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/11 17:28:56 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.ACEStream
[2014/07/24 12:38:18 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.firefox
[2014/11/08 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.minecraft
[2015/01/03 15:20:38 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.purple
[2014/08/03 11:48:17 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\ACEStream
[2014/11/16 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Atom
[2014/12/02 11:21:43 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\AVAST Software
[2014/08/25 21:08:26 | 000,000,000 | -HSD | M] -- C:\Users\Betrayed\AppData\Roaming\Common
[2015/01/03 10:14:09 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\D0AAD974-68DA-45A6-9616-F7B59434E6A4
[2014/12/02 11:38:45 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Dropbox
[2014/10/25 16:35:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\DVDVideoSoft
[2014/08/08 18:13:32 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Elgato
[2014/12/02 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\FileZilla
[2014/09/10 18:42:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Geek Uninstaller
[2014/08/06 23:43:58 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Gyazo
[2014/10/26 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\HandBrake
[2014/11/09 09:41:26 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\HexChat
[2014/10/27 17:43:13 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\ICQ-Profile
[2014/11/29 21:25:33 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\iMazing
[2014/12/28 12:58:19 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Imminent Monitor
[2014/07/24 16:20:23 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\LolClient
[2014/12/30 10:17:05 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\MultiBit
[2014/10/26 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Notepad++
[2014/07/19 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\OmniCoin
[2014/10/11 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Opera Software
[2015/01/03 15:39:20 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\PhrozenSoft
[2014/08/29 21:11:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\PopcornTime
[2014/10/23 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Psi
[2014/11/28 16:33:28 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\QFX Software
[2014/07/17 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Rainmeter
[2014/07/23 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Riot Games
[2015/01/03 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Spotify
[2014/10/04 18:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Betrayed\AppData\Roaming\SubFolder
[2014/11/15 23:59:08 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Sublime Text 2
[2014/12/29 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TeamViewer
[2014/07/24 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TechSmith
[2014/12/27 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Thunderbird
[2014/11/08 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TS3Client
[2014/12/14 23:12:50 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\uTorrent
[2014/10/28 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\VIP72 Socks Client
[2014/12/01 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Wireshark
[2014/08/31 16:31:02 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\XBMC
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Betrayed\OneDrive:ms-properties
 
< End of report >

 

 
 
 
Extra.txt Logs:
 

OTL Extras logfile created on: 03/01/2015 15:26:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Betrayed\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
9.97 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 61.29% Memory free
11.53 Gb Paging File | 6.83 Gb Available in Paging File | 59.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 853.29 Gb Total Space | 636.69 Gb Free Space | 74.62% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Betrayed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{270D2868-22A2-4466-A697-B34B63DF18CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{466B33BE-10D2-4F14-91D7-076AA369E7D4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4BF635C5-45B0-47E8-8106-E3DD61116871}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{4ED6C3E8-5F40-4114-B3AB-DCAE16C03512}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{D24B3291-6AFA-4991-B121-E28E840EDE18}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{E86CA1CE-F940-4CE1-926B-55C7680889D7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{F4D52FAE-DF2A-40D8-8164-7F2607A8CF23}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F854E27D-FB79-457E-9A71-B12F9D08D2FB}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{FCE26EB0-38F4-44C2-BD69-3C20E05E7534}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01586A70-0631-4A9A-99D1-E331615D4B28}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{0297A4BF-8EE5-4066-B170-C9649319445C}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe | 
"{032F5726-9BB4-4C60-818D-512C17A0C161}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe | 
"{04BC492C-135B-4B44-A28E-3CA62025C63F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | 
"{0985DB30-FF27-490A-BA9D-522BB79FF18C}" = dir=out | [email protected]{microsoft.bingfinance_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{0AF0A0C7-64FD-429C-BD10-7F96E0CEAE5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | 
"{0CDF0C52-18C9-44ED-AD2D-82098AFFD8CD}" = dir=in | name=check point vpn | 
"{10F47BA0-14FA-4103-96A3-40FE621CEBA0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{11D45E71-3E24-48D3-A57C-E75EA961BC13}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe | 
"{16EA40E7-4D8F-496A-B379-FC06D036F59A}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe | 
"{20E96A55-A367-41D1-B5A9-0B9E5DB565AE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | 
"{219A89BE-8FB3-4E79-9D7B-214C52F1DB17}" = dir=in | name=onenote | 
"{226B6A0D-A74B-4269-B835-CC815E99E246}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe | 
"{24977E18-AEFB-40D2-AEA4-84D6663D11EB}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.4.254_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{24F78543-EA8A-4F3E-90FA-67DBB631EC31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{2906E9D1-3CDA-45C7-950C-522C91B4E865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{2B4CB772-C27C-41DD-8A58-BDED0DF78F9E}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{2E494D90-655E-4D67-851F-821299907607}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2ED79297-9BEB-43BC-9ADF-3E505444386D}" = dir=out | name=juniper networks junos pulse | 
"{34B593AF-6BEF-4E94-9220-CDDCF055CBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe | 
"{351810D8-5A26-4A72-9564-35E90ABE5831}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{3637A890-45BE-4BED-A9AA-23556DE9155F}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe | 
"{3842E306-5EF7-4584-96EF-B173CF41FDAB}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe | 
"{38782879-AF6E-4076-8775-CF448D6F0ED0}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{397D4628-329D-4054-A8A3-D9E722D0569A}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{3A127339-E715-42EA-AE63-54A76A8CFF62}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{3D79D453-7FC1-46AC-9832-7C353EE4EA1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4379A432-C740-4902-B40F-42F2660CF8F2}" = dir=out | [email protected]{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{43F3725F-3D22-40D6-9199-0D84B58C2CB2}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{4AF1B487-FC0B-4D0C-8EA5-246B9008A974}" = dir=out | [email protected]{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{4CD1F759-2B96-4272-AD2F-8CA82CAA9DD0}" = dir=in | name=f5 vpn | 
"{4E487BE6-AB79-4E40-837D-39B0417BDC85}" = dir=out | name=skype | 
"{5067784F-201C-45A3-9B72-6C80B5E2F430}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\utorrent\utorrent.exe | 
"{51405022-4981-436D-8428-3282C823B594}" = dir=in | name=juniper networks junos pulse | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{54DA3183-34FA-4F2A-9B65-0B3429E7D5D7}" = dir=out | [email protected]{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{581E3EEF-BAE7-42F4-AF1E-DB26391BC057}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{59E74CAA-A586-47AE-90D9-30419AB25A42}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe | 
"{5BA1B673-74B9-4583-B742-A5791642D604}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{62E1E668-FF6C-48E5-8C26-5B88192485A7}" = dir=out | name=windows_ie_ac_001 | 
"{65D5DCD3-3E41-4F8B-9EDA-15096900FA06}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{65E1014A-ABBE-42E7-863C-6AF086509451}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{65F72EB0-1E60-4BA8-90AA-F08A4C464128}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\utorrent\utorrent.exe | 
"{69EEA542-48E8-49C6-A6B7-18431F4AB0EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | 
"{6B3FD1A9-DB62-493A-A67C-5E9ADC9E2B76}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{6DB4AD52-B01D-491E-83E4-41A80C739B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6F29F2A3-DE09-445C-9460-0D0389F3BB38}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{6F9CA8ED-8384-4C42-AA36-A49A7E16841B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{747D51A2-08BB-4DCA-8865-41AAC2A3BEFA}" = dir=in | name=sonicwall mobile connect | 
"{7599D70E-1709-432E-B9A5-143C9C8C8B8C}" = dir=out | name=windows_ie_ac_001 | 
"{79B35A56-9554-40E6-B216-ABFA5E539F09}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{79FCF850-AF25-435A-876B-45183A412AD1}" = dir=out | name=f5 vpn | 
"{7F1B6447-E00D-49E9-966E-4EB31C173C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{835FE8D0-0F7B-4FA8-A43A-CA7159D9977A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{84471AA8-6A0B-41D5-8669-9898E5A727DF}" = dir=out | [email protected]{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{84B2064E-A90C-48A6-92FB-CFB50C3BB66E}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{8745C249-A957-4B7F-8EC6-3F29D618A163}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe | 
"{8746ECDC-34D4-4762-B03E-810349BD56FA}" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe | 
"{882280E6-E109-4D66-B8F1-FD4776A1CD00}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe | 
"{892E4A3A-69F0-4CE4-A034-75315F70E29B}" = dir=out | [email protected]{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{897CF6BD-9857-463A-BE16-0D17ED0C99EB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8BC4252B-8766-4154-8234-CBE8F1719CA3}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8C2A305D-6E3C-4B4F-952C-9A71FA35DF1F}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8EC9B6ED-6ABB-4FB7-9A43-115286C634AB}" = dir=in | name=skype | 
"{8F5D932C-23D8-4443-9F5D-B6E0B9183C07}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe | 
"{912030D1-80D4-469A-82B4-AE4EA7B8C60D}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe | 
"{930DAE28-9C59-4E5D-96E6-893DC08C9600}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{977437CF-F14A-4470-AEA3-0920A9B25D8C}" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe | 
"{9873DA48-A4B2-485B-8BCB-967B958E977B}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe | 
"{9B926BAF-5E8F-4A22-820A-B32633BA163C}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A176847B-E928-46AD-8D90-CB27356F4B3A}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{A95F8A6D-F551-4140-9862-16CB07A0543B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | 
"{ADBCF0B8-CC61-4071-B18F-78C9856B6ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimeupdater.exe | 
"{B0182627-0F47-4BA2-B30E-89B234E723CF}" = protocol=17 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe | 
"{B5717029-CC06-4EDB-8F30-404B613A3577}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{B6F3BC60-5799-4716-9A25-0F6EC1273F78}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{B8D55E89-7B5D-453E-9363-325AE0780BCE}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe | 
"{BA6BCEA6-122E-42FC-87B2-ED7CDEE58594}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe | 
"{BE584F75-A11A-42BC-BBE8-AFB3C9DA4FA3}" = dir=out | name=check point vpn | 
"{BEEFFDCB-926F-4C96-BFE8-50DDF57E8267}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{C39B1403-39D2-4B63-9159-ADC03FB28F07}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{C8F1CD64-ED74-40DA-8826-18EE24AA3468}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe | 
"{CA127A75-8122-4E0C-9587-87EB7F4F61CB}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{CA326F30-D27E-4E83-B172-7415733C2B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{CC5ECC45-7863-4C88-B619-50909095E23F}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{D0C400C9-9D84-4378-8010-369BC3BD2C92}" = dir=out | name=sonicwall mobile connect | 
"{D11E089B-01E6-40A2-AF18-8977FF9F036B}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{D35DF8E3-DFC4-40AF-AD80-292E3E96C1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D74185FA-96A6-4A21-8FB9-78E21C18457C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{DB20481C-A5E3-4DF5-9CD5-E8A652479A1C}" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DB2F3F27-DCCB-446D-A79E-80ED12D5791B}" = dir=out | name=onenote | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DCF9A7C1-EBDC-4620-9E0C-EDD470314999}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DD38367B-FDBA-411D-8C5F-F63FE8DB8241}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E40B7D16-5F2E-4966-940E-03DBA1894EAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{E456962A-CEB4-454D-B8ED-9A0F371062BC}" = dir=out | [email protected]{microsoft.zunevideo_2.6.432.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{E4E68AB7-AEDE-4BA2-9264-EC410D1A387F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EA62EE56-2B30-4D2B-9E7B-6BE5C33FB4B4}" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ECA50630-18DF-445A-85A5-762267820273}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{ED790197-857D-41CD-A374-AA790C2C32E0}" = protocol=6 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe | 
"{EEE322A2-5666-4489-9A71-09A9A6D39F29}" = dir=out | [email protected]{microsoft.zunemusic_2.6.649.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F8CE6808-0494-47C8-8CA8-2D4ED56E1163}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{FBB1A254-9D42-4737-922D-4FB8AFDE4F18}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"TCP Query User{13261F0B-4916-46CC-BBBF-A80C79DF2FEC}C:\users\betrayed\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{1CA56E4C-6098-4AD3-965A-7F42C355CFE3}C:\program files (x86)\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe | 
"TCP Query User{4A2B3CC0-95FC-485E-94DC-700058F0AE58}C:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe | 
"TCP Query User{4B9ADA05-B4F1-4F04-872C-E7B1295F38EA}C:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe | 
"TCP Query User{5523BF94-1191-408C-8356-F3526A99F1C2}C:\users\betrayed\downloads\nanocore.exe" = protocol=6 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe | 
"TCP Query User{EBA8C3C0-CFB1-4F29-A5E2-AD50BDE7DBEB}C:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe" = protocol=6 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe | 
"UDP Query User{0BA0C364-8575-4EFC-82E7-8775C7726A84}C:\users\betrayed\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{7A0CC3F9-0A73-4957-A2D3-F11FA83A0188}C:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe | 
"UDP Query User{8310AB89-79A8-4F82-8992-3CCE620D2685}C:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\mozilla\firefox\profiles\25u2pab7.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe | 
"UDP Query User{E001E283-580C-4559-A0F0-B22A7A0D7F3C}C:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\betrayed\appdata\roaming\acestream\engine\ace_engine.exe | 
"UDP Query User{F53287BD-8494-4B78-9BDA-A124979D6CE7}C:\users\betrayed\downloads\nanocore.exe" = protocol=17 | dir=in | app=c:\users\betrayed\downloads\nanocore.exe | 
"UDP Query User{F94BDDD4-6DFC-493B-8843-DB58B5B58AB9}C:\program files (x86)\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)
"{15B30201-4DC6-6B2E-B04B-788DFF115BA2}" = ccc-utility64
"{1D1DCF8A-6961-F848-0DA0-5401969C44CE}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9C7136A5-F0AA-B1D1-22C5-54C2C783E721}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio" = NVIDIA Miracast Virtual Audio 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Imminent Monitor" = Imminent Monitor
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 1.05.1.1016
"OpenVPN" = OpenVPN 2.3.4-I002 
"Sandboxie" = Sandboxie 4.14 (64-bit)
"Speccy" = Speccy
"Sublime Text 2_is1" = Sublime Text 2.0.2
"TAP-Windows" = TAP-Windows 9.9.2
"WinRAR archiver" = WinRAR 5.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0039AAA5-7D3F-A65C-5011-396E3CFD5E1A}" = CCC Help Russian
"{0B7F838A-467D-C30A-B4C7-FF9709555082}" = AMD Catalyst Control Center
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{217F11DC-3CD4-4540-BFC8-8D0AA2FCE26E}" = CCC Help Turkish
"{234C1E2D-FC8D-05B1-E78D-BE0BC32F06BF}" = CCC Help Finnish
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B12.1113.1
"{2B22C750-5C3B-4738-B621-BA786AC7A494}" = Adobe After Effects CC 2014
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CB95003-D6E4-EEE1-5BAA-458B7E27466B}" = CCC Help English
"{2EF241EF-6796-5B68-7A1F-214055809942}" = CCC Help Dutch
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.2.0.17
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3E1D055A-C8DB-9140-6D3B-572020076651}" = CCC Help Hungarian
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{45F898A5-2E21-EF9F-4FB5-DAC1A6038180}" = CCC Help Chinese Standard
"{48583D53-DDA0-19E2-479E-BFE8A7A107B7}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F04107-7CC7-6BDB-CDB6-C02D96B06DE5}" = CCC Help German
"{522E798F-8B1B-AD09-C54F-1F6EA33AAD63}" = Catalyst Control Center InstallProxy
"{56B128A9-85E4-D8F6-5A3D-4826A7FB1A14}" = Catalyst Control Center Localization All
"{608F1BF0-94CF-29D3-E3F9-48F2B53D603F}" = CCC Help French
"{60DB0ABB-2C9E-25C0-D1FC-A4704B94E530}" = CCC Help Czech
"{663DEEEF-EF34-4DCB-8687-73A7AA146E02}" = Adobe Media Encoder CC 2014
"{66F720D6-6DC3-7DE9-B09A-F44783897772}" = CCC Help Japanese
"{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7F599D6F-78DD-89AD-4350-64D60102A72C}" = CCC Help Polish
"{80AE23DF-71A4-4E3F-B931-F93AB5DF0BDD}" = Camtasia Studio 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8ACB472E-1CAD-4AA8-41B0-9A8D80A750C5}" = CCC Help Korean
"{8D2ED35A-C1C2-FDCA-1F5C-94799EAA7D35}" = CCC Help Swedish
"{91BBF9D8-46B3-561B-D6FC-76A91DF16593}" = CCC Help Spanish
"{981B38A6-E4D0-4D94-98C2-75AC645755F5}" = BlueStacks Notification Center
"{9905E4C1-14D8-4522-88FE-FD00B51A20DC}" = LogMeIn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1103FD0-0075-299D-D5BA-E0EBD1C81FFE}" = CCC Help Danish
"{A71E2A4D-37A4-6073-B9ED-EDB4AA1BFDD7}" = CCC Help Italian
"{A7E23371-36E3-CF6D-1544-307BB1AEC19A}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B634F919-3F94-6C43-F99A-484AA4DFBF2F}" = CCC Help Chinese Traditional
"{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}" = Elgato Game Capture HD
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C4ADB67B-C908-4D94-B85E-585D2F3F9118}" = TweetDeck
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014
"{ECF976CF-79E8-E963-771D-A893E16681B1}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D03CB7-3B18-44CB-AA4A-4F83FBAEBE8A}_is1" = DuckDns Updater version 1.0.2
"{F6DD0100-F48D-3CEC-A387-A09072AF5E9D}" = CCC Help Norwegian
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1" = FileSeek 3.3
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Avast" = Avast Free Antivirus
"Cain & Abel 4.9.56" = Cain & Abel 4.9.56
"Clownfish" = Clownfish for Skype
"Comodo Dragon" = Comodo Dragon
"DarkComet Remover_is1" = DarkComet Remover version 2.0
"FileZilla Client" = FileZilla Client 3.9.0.3
"Free YouTube Uploader_is1" = Free YouTube Uploader version 4.0.20.923
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.9.1
"HexChat_is1" = HexChat
"InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}" = ON_OFF Charge 2 B13.1028.1
"KeyScrambler" = KeyScrambler
"League of Legends 3.0.0" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 34.0.5 (x86 en-GB)" = Mozilla Firefox 34.0.5 (x86 en-GB)
"Mozilla Thunderbird 31.3.0 (x86 en-GB)" = Mozilla Thunderbird 31.3.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NST" = Norton Identity Safe
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 26.0.1656.60" = Opera Stable 26.0.1656.60
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.0-1
"Popcorn Time_is1" = Popcorn Time
"Rainmeter" = Rainmeter
"Steam" = Steam
"Steam App 221100" = DayZ
"Steam App 240" = Counter-Strike: Source
"Steam App 273110" = Counter-Strike Nexon: Zombies
"Steam App 4000" = Garry's Mod
"Steam App 44350" = GRID 2
"Steam App 550" = Left 4 Dead 2
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer" = TeamViewer 10
"VMware_Player" = VMware Player
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.12.2 (64-bit)
"xampp" = XAMPP
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AceStream" = Ace Stream Media 2.2.7-next
"AIM" = AIM for Windows
"Dropbox" = Dropbox
"JoinMe" = join.me
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/10/2014 13:13:40 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0xe68  Faulting application start time: 0x01cfe4ad88842592  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: c76fd465-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:13:53 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0x1d68  Faulting application start time: 0x01cfe4ad8fd019f8  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: cebf7269-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:14:05 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0x1fd4  Faulting application start time: 0x01cfe4ad971fc64d  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: d60cc564-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:14:17 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0x1218  Faulting application start time: 0x01cfe4ad9e6d6058  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: dd5b388d-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:14:29 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0xdac  Faulting application start time: 0x01cfe4ada5bb391b  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: e4a5d68d-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:14:42 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0x1c44  Faulting application start time: 0x01cfe4adad05e760  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: ebf40746-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:14:54 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0x1650  Faulting application start time: 0x01cfe4adb4548354  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: f342551e-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:15:06 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0x1710  Faulting application start time: 0x01cfe4adbba27f3a  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: fa8fe2a2-50a0-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:15:18 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0x1288  Faulting application start time: 0x01cfe4adc2f1a3af  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: 01df5bb1-50a1-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 10/10/2014 13:15:31 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0,
 time stamp: 0x530ff71d  Faulting module name: vmware-usbarbitrator64.exe, version:
 12.1.17.0, time stamp: 0x530ff71d  Exception code: 0xc0000005  Fault offset: 0x0000000000006092
Faulting
 process ID: 0xcd4  Faulting application start time: 0x01cfe4adca3f89f2  Faulting application
 path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting
 module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report
 ID: 092d3d8a-50a1-11e4-bed1-74d4355589de  Faulting package full name:   Faulting package-relative
 application ID: 
 
[ System Events ]
Error - 06/11/2014 15:01:05 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 648 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:01:18 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 649 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:01:30 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 650 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:01:42 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 651 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:01:55 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 652 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:02:07 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 653 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:02:19 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 654 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:02:31 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 655 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:02:44 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 656 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 06/11/2014 15:02:56 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
 It has done this 657 time(s). The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
 
< End of report >
 

 


  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello and Welcome to GeeksToGo Betrayed,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that. :alarm:  The fixes are specific to your problem and should only be used for the issue on your machine!  :alarm: 
 
I'm in the 'Malware Staff Team' and will provide you with some advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is an important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:alarm: Below are a few tips  :alarm:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

I will come back with further instructions some time later.
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hi,
there is some Malware. Please pay attention to every little detail. That's a very important point while I'm removing the Malware on your system.

Step 1: Illegal Files Warning

In your log(s) I see some things which are related to illegal Sofware. We do not support illegal Software. With the fix below we will remove the illegal software. If you opt not to remove I will have to withdraw my free assistance per this forums terms of use.

Following file(s) is/are illegal:
  • C:\Users\Betrayed\Desktop\SteamStealer.exe
Step 2: P2P Warning

IMPORTANT I see, you have one or more P2P (Peer to Peer) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 3: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
    O1 - Hosts: 54.225.95.126 baefoldjnepdncjikpmjiamfbjgicfol
    O4 - HKCU..\Run: [win32.exe] C:\Users\Betrayed\AppData\Roaming\sample.exe ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - prefs.js..browser.search.isUS: false
    FF - prefs.js..network.proxy.backup.ftp: "202.77.124.93"
    FF - prefs.js..network.proxy.backup.ftp_port: 3128
    FF - prefs.js..network.proxy.backup.socks: "202.77.124.93"
    FF - prefs.js..network.proxy.backup.socks_port: 3128
    FF - prefs.js..network.proxy.backup.ssl: "202.77.124.93"
    FF - prefs.js..network.proxy.backup.ssl_port: 3128
    FF - prefs.js..network.proxy.ftp: "23.99.85.64"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.http: "23.99.85.64"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "23.99.85.64"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.ssl: "23.99.85.64"
    FF - prefs.js..network.proxy.ssl_port: 8080
    FF - prefs.js..network.proxy.type: 1
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [LightShot] C:\Users\Betrayed\AppData\Local\Skillbrains\lightshot\Lightshot.exe File not found
    O4 - HKCU..\Run: [VPN] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect ve8urxhw.ovpn File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2015/01/03 13:46:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
    [2015/01/03 12:41:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-114786149-1812099484-2380863628-1001.job
    [2015/01/03 10:14:00 | 000,386,048 | ---- | M] () -- C:\Users\Betrayed\Desktop\SteamStealer.exe
    [2014/10/25 16:35:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\DVDVideoSoft
    @Alternate Data Stream - 220 bytes -> C:\Users\Betrayed\OneDrive:ms-properties
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 4: Question

Do you know these two files:
  • C:\Windows\SysNative\drivers\AppleCharger.sys
  • C:\Windows\SysNative\drivers\UsbCharger.sys

  • 0

#4
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

OTL Logs:

 

OTL logfile created on: 03/01/2015 19:28:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Betrayed\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
9.97 Gb Total Physical Memory | 7.82 Gb Available Physical Memory | 78.51% Memory free
11.53 Gb Paging File | 9.02 Gb Available in Paging File | 78.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 853.29 Gb Total Space | 634.64 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Betrayed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/03 15:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/16 11:28:54 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
PRC - [2014/12/15 11:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014/12/14 10:22:46 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/12/13 00:13:07 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
PRC - [2014/12/10 01:33:10 | 002,561,848 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
PRC - [2014/12/06 01:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/02 11:21:07 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/02 11:20:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/20 08:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
PRC - [2014/11/17 21:42:19 | 000,217,304 | ---- | M] (Razer, Inc.) -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
PRC - [2014/11/17 21:42:15 | 000,214,232 | ---- | M] (Razer, Inc.) -- C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
PRC - [2014/11/13 17:08:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/12 20:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/11/03 15:47:52 | 000,585,536 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2014/10/31 22:27:38 | 000,183,488 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2014/10/26 14:52:28 | 000,508,744 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2014/10/19 20:40:54 | 000,060,176 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2014/10/09 18:59:26 | 000,179,200 | ---- | M] (Company) -- C:\Program Files (x86)\Popcorn Time\Updater.exe
PRC - [2014/09/25 12:57:46 | 000,027,904 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe
PRC - [2014/09/20 08:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
PRC - [2014/09/16 14:45:52 | 003,095,328 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014/08/13 17:10:14 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/08/13 17:09:20 | 000,835,288 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2014/08/13 17:08:12 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/07/03 05:25:22 | 000,490,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/07/03 03:09:58 | 002,694,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/06/25 15:50:56 | 005,558,944 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2014/05/21 10:22:08 | 002,135,232 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014/02/27 21:12:22 | 000,893,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2014/02/19 05:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2013/08/22 04:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013/03/29 11:18:06 | 000,026,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/06 01:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 01:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/06 01:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/06 01:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/12/02 11:20:46 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/28 13:46:48 | 003,083,264 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
MOD - [2014/11/28 13:46:48 | 001,732,096 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
MOD - [2014/11/28 13:46:48 | 000,249,856 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
MOD - [2014/11/20 08:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
MOD - [2014/11/20 06:02:46 | 000,193,024 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
MOD - [2014/10/19 20:40:48 | 000,044,494 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2014/10/19 20:40:48 | 000,037,191 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2014/10/19 20:40:48 | 000,032,020 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2014/10/19 20:40:48 | 000,030,771 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2014/10/19 20:40:48 | 000,030,353 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2014/10/19 20:40:48 | 000,029,791 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2014/10/19 20:40:48 | 000,023,851 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2014/10/19 20:40:48 | 000,018,399 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2014/10/19 20:40:48 | 000,015,978 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2014/10/19 20:40:48 | 000,012,004 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2014/10/19 20:40:46 | 000,417,758 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2014/10/19 20:40:46 | 000,374,169 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2014/10/19 20:40:46 | 000,328,142 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2014/10/19 20:40:46 | 000,311,021 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2014/10/19 20:40:46 | 000,236,666 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2014/10/19 20:40:46 | 000,170,578 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2014/10/19 20:40:46 | 000,150,598 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2014/10/19 20:40:46 | 000,123,540 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2014/10/19 20:40:46 | 000,116,071 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2014/10/19 20:40:46 | 000,107,365 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2014/10/19 20:40:46 | 000,106,670 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2014/10/19 20:40:46 | 000,092,398 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2014/10/19 20:40:46 | 000,069,575 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2014/10/19 20:40:46 | 000,055,880 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2014/10/19 20:40:46 | 000,047,934 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2014/10/19 20:40:46 | 000,031,427 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2014/10/19 20:40:46 | 000,029,256 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2014/10/19 20:40:46 | 000,029,225 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2014/10/19 20:40:46 | 000,024,924 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2014/10/19 20:40:46 | 000,022,832 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2014/10/19 20:40:46 | 000,021,795 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2014/10/19 20:40:46 | 000,021,337 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2014/10/19 20:40:46 | 000,020,997 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2014/10/19 20:40:46 | 000,019,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2014/10/19 20:40:46 | 000,019,043 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2014/10/19 20:40:46 | 000,018,882 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2014/10/19 20:40:46 | 000,018,555 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2014/10/19 20:40:46 | 000,017,023 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2014/10/19 20:40:46 | 000,016,005 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2014/10/19 20:40:46 | 000,015,702 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2014/10/19 20:40:46 | 000,015,429 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2014/10/19 20:40:46 | 000,015,380 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2014/10/19 20:40:46 | 000,015,074 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2014/10/19 20:40:46 | 000,015,045 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2014/10/19 20:40:46 | 000,014,147 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2014/10/19 20:40:46 | 000,013,456 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2014/10/19 20:40:46 | 000,013,253 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2014/10/19 20:40:46 | 000,012,865 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2014/10/19 20:40:40 | 000,671,031 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2014/10/19 20:40:40 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2014/10/19 20:40:40 | 000,036,878 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libssp-0.dll
MOD - [2014/10/19 20:40:06 | 000,486,400 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2014/10/19 20:40:04 | 000,818,985 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
MOD - [2014/10/19 20:40:02 | 002,097,721 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2014/10/19 20:40:02 | 000,152,852 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2014/10/19 20:39:58 | 001,274,655 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2014/10/19 20:39:58 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsasl.dll
MOD - [2014/10/19 20:39:58 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
MOD - [2014/10/19 20:39:58 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
MOD - [2014/10/19 20:39:58 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
MOD - [2014/10/19 20:39:58 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
MOD - [2014/10/19 20:39:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
MOD - [2014/10/17 18:57:20 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll
MOD - [2014/10/17 18:57:19 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/17 18:55:20 | 000,155,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\JSON\83ae5749259d10193dc2370f7f07efd6\JSON.ni.dll
MOD - [2014/10/17 18:55:10 | 011,926,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\6074b87793a7906a01317ea8832e7330\System.Web.ni.dll
MOD - [2014/10/17 18:54:47 | 001,433,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HD-Agent\dc62f3768fcd1b75b184d39344737486\HD-Agent.ni.exe
MOD - [2014/10/17 18:54:47 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\0f06c6152e5384e75e9517c79ed500d4\System.Configuration.ni.dll
MOD - [2014/10/17 15:28:20 | 005,467,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll
MOD - [2014/10/17 15:28:15 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4897677eda02404f00d5c54c24114c7b\System.Windows.Forms.ni.dll
MOD - [2014/10/17 15:28:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\828956d62d94914af63efc7fb36d1120\System.Drawing.ni.dll
MOD - [2014/10/17 15:27:24 | 007,995,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll
MOD - [2014/10/17 15:27:16 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\9b0c1539963f393f6641949a67757b8f\System.Xml.Linq.ni.dll
MOD - [2014/10/17 15:27:15 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2014/10/17 15:27:09 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2014/10/17 15:27:07 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll
MOD - [2014/10/17 15:26:56 | 000,219,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\2938a07c482f15730b58d0fddbf869d1\System.ServiceProcess.ni.dll
MOD - [2014/10/17 15:26:32 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
MOD - [2014/10/17 15:26:28 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\8843bc51abc35b8247ffb506ef61d954\System.Management.ni.dll
MOD - [2014/10/17 15:26:26 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2014/10/17 15:26:18 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\00fc7d14bbb38db00e4103912c041adf\System.Configuration.ni.dll
MOD - [2014/10/17 15:26:17 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll
MOD - [2014/10/17 15:26:16 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll
MOD - [2014/10/17 15:25:18 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll
MOD - [2014/10/17 15:25:00 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll
MOD - [2014/10/17 15:24:53 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll
MOD - [2014/10/17 15:24:41 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/09/25 12:57:46 | 000,027,904 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe
MOD - [2014/08/14 09:50:50 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll
MOD - [2014/08/13 14:09:24 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/07/21 16:10:36 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll
MOD - [2014/07/18 16:01:29 | 000,216,992 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2014/07/18 16:01:29 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2014/07/18 16:01:29 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2014/07/18 16:01:28 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2014/07/18 16:01:28 | 000,553,382 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2014/07/18 16:01:28 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2014/07/18 16:01:28 | 000,177,586 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2014/07/03 05:45:40 | 032,733,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
MOD - [2014/06/25 15:50:56 | 005,558,944 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/05/24 16:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 16:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2014/03/18 15:27:55 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2014/01/23 11:37:18 | 000,036,352 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
MOD - [2014/01/04 00:20:46 | 034,755,072 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
MOD - [2014/01/04 00:20:46 | 000,970,240 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
MOD - [2013/12/21 13:20:42 | 000,040,448 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
MOD - [2013/12/21 13:20:32 | 000,053,248 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
MOD - [2013/12/21 13:02:24 | 000,061,952 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
MOD - [2013/11/27 15:50:12 | 000,018,944 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
MOD - [2013/03/29 11:18:06 | 000,026,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe
MOD - [2013/01/29 16:20:40 | 000,082,944 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
MOD - [2013/01/29 16:20:40 | 000,066,048 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
MOD - [2012/09/09 13:17:08 | 000,472,576 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
MOD - [2012/02/07 16:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
MOD - [2012/02/07 16:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
MOD - [2012/02/07 16:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
MOD - [2012/02/07 16:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
MOD - [2012/02/07 16:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
MOD - [2011/07/15 19:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
MOD - [2011/07/15 19:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
MOD - [2011/07/15 19:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
MOD - [2011/07/15 19:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
MOD - [2011/07/15 19:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll
MOD - [2011/07/15 19:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll
MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll
MOD - [2011/07/15 19:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll
MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll
MOD - [2011/07/15 19:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll
MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll
MOD - [2011/07/15 19:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll
MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll
MOD - [2011/07/15 19:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll
MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
MOD - [2011/06/12 13:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
MOD - [2011/06/12 13:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
MOD - [2011/06/12 13:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
MOD - [2011/06/12 13:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
MOD - [2011/06/12 13:06:22 | 000,106,496 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\select.pyd
MOD - [2011/06/12 13:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\select.pyd
MOD - [2011/06/12 13:06:20 | 000,688,128 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
MOD - [2011/02/13 15:02:12 | 000,031,232 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
MOD - [2011/01/18 21:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
MOD - [2010/10/10 22:23:52 | 000,723,968 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/13 00:13:04 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/12/13 00:13:03 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/12/02 11:20:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/12/02 11:20:43 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/10/31 04:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/14 19:33:28 | 000,174,600 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2014/10/07 01:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/22 03:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 03:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 00:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 00:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 07:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/07/17 20:31:53 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/07/17 20:31:53 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/07/17 20:27:11 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/06/05 12:15:06 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2014/03/18 15:27:40 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 15:27:40 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 15:27:35 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 15:27:33 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 15:27:32 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 15:27:30 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/30 18:46:48 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2015/01/02 11:16:34 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/15 11:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/12/14 10:14:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/12/10 01:34:58 | 000,555,320 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014/11/25 17:01:39 | 000,226,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/11/25 17:01:28 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/11/18 20:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/11/12 20:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/10/31 22:27:38 | 000,183,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2014/10/09 18:59:26 | 000,179,200 | ---- | M] (Company) [Auto | Running] -- C:\Program Files (x86)\Popcorn Time\Updater.exe -- (Update service)
SRV - [2014/09/20 08:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe -- (NCO)
SRV - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/08/13 17:10:14 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/08/13 17:08:12 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/08/13 17:07:40 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/07/17 20:27:11 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2014/05/21 10:22:08 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/02/27 17:40:46 | 000,906,432 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2014/02/07 15:29:38 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/03/01 01:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/13 00:13:03 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/12/03 16:12:37 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/02 11:21:08 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/02 11:20:47 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/12/02 11:20:47 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/02 11:20:47 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/12/02 11:20:47 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/02 11:20:47 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/02 11:20:47 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/02 11:20:47 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/02 11:20:43 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/11/25 17:01:29 | 000,107,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/11/22 10:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/11/17 21:37:21 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2014/11/13 00:20:36 | 000,039,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvadarm.sys -- (NVVADARM)
DRV:64bit: - [2014/10/31 22:27:07 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2014/10/14 19:33:28 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2014/10/13 02:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/13 02:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/13 02:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/10 01:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/22 03:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 03:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 02:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/09/17 04:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/05 03:27:52 | 000,160,424 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2014/09/05 03:27:52 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 15:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 15:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 11:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/07/17 20:33:11 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/07/17 20:31:53 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/07/17 20:31:53 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/07/17 20:31:53 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/06/12 17:23:04 | 000,064,728 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2014/06/12 17:22:50 | 000,031,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2014/06/12 17:22:02 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2014/06/12 17:22:02 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2014/06/12 17:21:58 | 000,033,496 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2014/03/18 15:27:34 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 15:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 15:27:20 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 15:27:19 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 15:27:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 15:27:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 15:27:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 15:27:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 15:10:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/02/27 17:40:32 | 000,054,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2014/02/07 15:29:38 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2014/02/07 15:29:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/10/28 09:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013/10/24 16:29:06 | 000,022,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\UsbCharger.sys -- (UsbCharger)
DRV:64bit: - [2013/10/08 17:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2013/10/08 17:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2013/09/27 19:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE07080.017\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/21 09:35:14 | 000,816,344 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/05/31 14:53:12 | 000,222,200 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2013/03/08 08:47:50 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2013/03/01 01:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/11/20 12:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/08/30 13:22:06 | 000,050,288 | ---- | M] (UB658) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ElgatoGC658.sys -- (ElgatoGC658Y)
DRV - [2014/12/10 18:22:42 | 000,063,064 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys -- (ESProtectionDriver)
DRV - [2014/08/13 17:08:00 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2014/02/07 15:29:38 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 18 85 69 34 C1 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.10
FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.28
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:4.0.2
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.17
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.2.7-next: C:\Users\Betrayed\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Betrayed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn\ [2015/01/03 09:05:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/02 11:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 10:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/08/08 19:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Extensions
[2015/01/03 13:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions
[2015/01/03 00:13:00 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2015/01/01 15:03:19 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/03 13:23:38 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:04:33 | 000,947,620 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:05:56 | 000,002,829 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:07:15 | 000,329,995 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:05:06 | 000,082,295 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:01:44 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\[email protected]
[2015/01/01 15:06:18 | 000,065,568 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2015/01/01 15:06:18 | 000,061,649 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2015/01/01 15:00:42 | 000,544,302 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/11/09 17:16:44 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2015/01/01 15:00:10 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/01 15:06:18 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2015/01/02 11:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/02 11:16:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/02 11:20:48 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9.131_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.16_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\
CHR - Extension: No name found = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: First user = C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\
 
O1 HOSTS File: ([2015/01/03 19:16:49 | 000,001,626 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AceStream] C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAAFDFD2-5B3F-49F9-9B7F-8EFA6C07E48F}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C1A0FF-625E-4755-9A0E-5A504D75229B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C1A0FF-625E-4755-9A0E-5A504D75229B}: NameServer = 8.8.8.8,8.8.4.4
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:17ae4132e /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/03 19:15:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/01/03 15:39:20 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\PhrozenSoft
[2015/01/03 15:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
[2015/01/03 15:25:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe
[2015/01/03 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\New folder
[2015/01/03 10:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAT Service
[2015/01/03 10:14:08 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\D0AAD974-68DA-45A6-9616-F7B59434E6A4
[2015/01/02 11:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/01 15:23:02 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\School
[2015/01/01 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\Card
[2015/01/01 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\Desktop\Stuff
[2014/12/28 10:38:14 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Imminent Monitor
[2014/12/28 10:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imminent Monitor
[2014/12/27 17:01:23 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Thunderbird
[2014/12/27 17:01:23 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Local\Thunderbird
[2014/12/27 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/12/18 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
[2014/12/13 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2014/12/08 16:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2014/12/07 23:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2014/12/07 23:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[1 C:\Users\Betrayed\AppData\Local\*.tmp files -> C:\Users\Betrayed\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/03 19:23:30 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/03 19:21:52 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/03 19:21:28 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/01/03 19:21:24 | 4266,278,911 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/03 19:13:30 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/03 19:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/03 15:39:20 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk
[2015/01/03 15:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betrayed\Desktop\OTL.exe
[2015/01/03 15:17:48 | 000,000,158 | ---- | M] () -- C:\Users\Betrayed\Desktop\New WinRAR archive.rar
[2015/01/03 13:27:03 | 000,001,438 | ---- | M] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk
[2015/01/03 10:16:02 | 000,001,710 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2015/01/02 15:47:51 | 006,121,806 | ---- | M] () -- C:\Users\Betrayed\Desktop\Viphf December 2014.sql.zip
[2015/01/02 10:52:02 | 002,460,608 | ---- | M] () -- C:\Users\Betrayed\Desktop\sjdb.zip
[2015/01/01 15:14:59 | 000,000,952 | ---- | M] () -- C:\Users\Betrayed\Desktop\Start Tor Browser.lnk
[2014/12/31 20:09:55 | 000,073,780 | ---- | M] () -- C:\Users\Betrayed\Desktop\VAxM3ZR.jpg
[2014/12/27 20:25:54 | 000,001,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DuckDnsUpdater.lnk
[2014/12/27 20:25:54 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\DuckDns Updater.lnk
[2014/12/27 10:56:41 | 005,041,448 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/12/18 20:37:25 | 000,000,425 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\UserProducts.xml
[2014/12/18 17:29:19 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/16 20:54:11 | 000,001,456 | ---- | M] () -- C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/12/13 20:42:16 | 000,001,791 | ---- | M] () -- C:\Users\Betrayed\Desktop\Cain.lnk
[2014/12/07 23:22:51 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/12/06 20:42:45 | 001,153,180 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/12/06 20:42:45 | 000,949,038 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/12/06 20:42:45 | 000,210,174 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[1 C:\Users\Betrayed\AppData\Local\*.tmp files -> C:\Users\Betrayed\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/03 15:39:20 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk
[2015/01/03 15:17:03 | 000,000,158 | ---- | C] () -- C:\Users\Betrayed\Desktop\New WinRAR archive.rar
[2015/01/03 13:25:50 | 000,001,438 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk
[2015/01/03 13:25:50 | 000,000,924 | ---- | C] () -- C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk
[2015/01/02 15:46:17 | 006,121,806 | ---- | C] () -- C:\Users\Betrayed\Desktop\Viphf December 2014.sql.zip
[2015/01/02 10:51:48 | 002,460,608 | ---- | C] () -- C:\Users\Betrayed\Desktop\sjdb.zip
[2014/12/31 20:09:51 | 000,073,780 | ---- | C] () -- C:\Users\Betrayed\Desktop\VAxM3ZR.jpg
[2014/12/27 20:22:32 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\DuckDns Updater.lnk
[2014/12/27 17:01:02 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2014/12/26 21:36:16 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2014/12/13 20:42:16 | 000,001,791 | ---- | C] () -- C:\Users\Betrayed\Desktop\Cain.lnk
[2014/12/07 23:22:51 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/12/02 15:28:56 | 000,000,046 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/12/01 23:37:35 | 000,000,218 | ---- | C] () -- C:\Users\Betrayed\.recently-used.xbel
[2014/11/15 23:58:16 | 000,000,671 | ---- | C] () -- C:\Users\Betrayed\_viminfo
[2014/10/27 17:40:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/05 11:22:33 | 000,001,710 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2014/10/03 15:54:02 | 000,000,000 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\{E45C296A-8CC8-4B2F-BFED-7780D7D38690}
[2014/09/09 15:45:10 | 000,218,200 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2014/07/19 18:08:28 | 000,001,456 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/07/19 16:31:51 | 000,827,226 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/07/18 15:43:59 | 000,000,017 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\resmon.resmoncfg
[2014/07/17 15:12:29 | 000,000,425 | ---- | C] () -- C:\Users\Betrayed\AppData\Local\UserProducts.xml
[2014/07/17 14:26:51 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2014/07/17 14:26:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2014/03/18 15:27:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 15:27:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/03/01 01:47:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll
 
========== ZeroAccess Check ==========
 
[2014/08/31 20:41:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 00:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 22:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/11 17:28:56 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.ACEStream
[2014/07/24 12:38:18 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.firefox
[2014/11/08 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.minecraft
[2015/01/03 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\.purple
[2014/08/03 11:48:17 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\ACEStream
[2014/11/16 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Atom
[2014/12/02 11:21:43 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\AVAST Software
[2014/08/25 21:08:26 | 000,000,000 | -HSD | M] -- C:\Users\Betrayed\AppData\Roaming\Common
[2015/01/03 10:14:09 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\D0AAD974-68DA-45A6-9616-F7B59434E6A4
[2014/12/02 11:38:45 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Dropbox
[2014/08/08 18:13:32 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Elgato
[2014/12/02 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\FileZilla
[2014/09/10 18:42:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Geek Uninstaller
[2014/08/06 23:43:58 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Gyazo
[2014/10/26 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\HandBrake
[2014/11/09 09:41:26 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\HexChat
[2014/10/27 17:43:13 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\ICQ-Profile
[2014/11/29 21:25:33 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\iMazing
[2014/12/28 12:58:19 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Imminent Monitor
[2014/07/24 16:20:23 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\LolClient
[2014/12/30 10:17:05 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\MultiBit
[2014/10/26 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Notepad++
[2014/07/19 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\OmniCoin
[2014/10/11 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Opera Software
[2015/01/03 15:39:20 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\PhrozenSoft
[2014/08/29 21:11:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\PopcornTime
[2014/10/23 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Psi
[2014/11/28 16:33:28 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\QFX Software
[2014/07/17 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Rainmeter
[2014/07/23 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Riot Games
[2015/01/03 19:05:45 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Spotify
[2014/10/04 18:47:47 | 000,000,000 | -HSD | M] -- C:\Users\Betrayed\AppData\Roaming\SubFolder
[2014/11/15 23:59:08 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Sublime Text 2
[2014/12/29 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TeamViewer
[2014/07/24 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TechSmith
[2014/12/27 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Thunderbird
[2014/11/08 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\TS3Client
[2014/12/14 23:12:50 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\uTorrent
[2014/10/28 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\VIP72 Socks Client
[2014/12/01 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\Wireshark
[2014/08/31 16:31:02 | 000,000,000 | ---D | M] -- C:\Users\Betrayed\AppData\Roaming\XBMC
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Betrayed\OneDrive:ms-properties
 
< End of report >

 


  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Would you please follow my instructions?
  • 0

#6
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Sorry, no I do not know them two files.


  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Please upload this file to virustotal.com: C:\Windows\System32\drivers\AppleCharger.sys
  • 0

#8
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

https://www.virustot...sis/1420326899/


  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#10
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Adwcleaner Logs:
 
# AdwCleaner v4.106 - Report created 04/01/2015 at 11:33:23
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Betrayed - PC
# Running from : C:\Users\Betrayed\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\NAT Service
Folder Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Folder Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Deleted : C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\Extensions\pnknnijoleibcpmkdcooclmnjmmdhgbg
Folder Deleted : C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\user.js
File Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage
File Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal
File Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
File Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
File Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage
File Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal
File Deleted : C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : update-sys
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-GB)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Comodo Dragon v33.1.0.0
 
 
-\\ Opera v26.0.1656.60
 
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : pdjjjmnacfjnmgckbhldbekckfldeolk
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : pnknnijoleibcpmkdcooclmnjmmdhgbg
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : pbffpbffjfiigoledmkcibcbadpbenec
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
[C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aonedlchkbicmhepimiahfalheedjgbh
 
*************************
 
AdwCleaner[R0].txt - [5933 octets] - [04/01/2015 11:28:47]
AdwCleaner[S0].txt - [5942 octets] - [04/01/2015 11:33:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6002 octets] ##########
 
 
 
 
 
 
Mbam Logs:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/01/2015
Scan Time: 11:42:48
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.04.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Betrayed
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345134
Time Elapsed: 17 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 71
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img\skin, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\skin, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\de, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\en, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es_419, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\fr, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\it, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ja, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pl, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_BR, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_PT, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ru, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\tr, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\vi, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_CN, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_TW, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_metadata, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
 
Files: 141
PUP.Passwordtool.Cain, C:\Program Files (x86)\Cain\Cain.exe, No Action By User, [ba47bcadf884221476bfc9cffe075ca4], 
Backdoor.NanoCore, C:\Users\Betrayed\AppData\Local\Temp\Rar$EXa0.746\Cubex-Software.exe, No Action By User, [0cf50d5c017b21152b50c43bb74aab55], 
Backdoor.NanoCore, C:\Users\Betrayed\AppData\Local\Temp\Rar$EXa0.939\Cubex-Software.exe, No Action By User, [778a4d1c99e382b4f685d02f02ffa957], 
Backdoor.NanoCore, C:\Users\Betrayed\Desktop\Stuff\NanoCore.zip, No Action By User, [e41d5019ceaeb284b6c553ac8180fb05], 
Backdoor.NanoCore, C:\Users\Betrayed\Desktop\Stuff\Stubs\Cubex-Software.exe, No Action By User, [9a677beef389ea4c17644db26e93f30d], 
HackTool.Cain, C:\Program Files (x86)\Cain\Abel.exe, Quarantined, [4fb21653007c1026fdb9addb9f61738d], 
HackTool.Cain, C:\Program Files (x86)\Cain\Abel64.exe, Quarantined, [08f990d9b1cb89adbcfa12767a8620e0], 
PSWTool.Cain, C:\Users\Betrayed\Downloads\cain20 (1).exe, Quarantined, [4fb2abbee597d561621566e74db5ed13], 
PUP.Optional.MindSpark.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage, Quarantined, [b54c680113693afcb1ffeba6818253ad], 
PUP.Optional.MindSpark.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage-journal, Quarantined, [11f018514735191d664a306118ebd62a], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Delete-on-Reboot, [34cd71f87309cb6b8706c11abc480af6], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, Delete-on-Reboot, [7889551499e375c1a5e816c519ebbc44], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\background.html, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\index.html, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\jump.html, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\manifest.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\bookmarks.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\img\searchButton.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\classification.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin\del.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin\main.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin\selected.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\cloud.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\cloudApp.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\cloudWebsite.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\createWebsite.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\buttonBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\categoryBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\icons.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\searchBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\searchButton.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\searchLeft.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\selected.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\tabsBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img\skin\headerBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\extensions.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\gameCenter.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\star.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\star_bg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\time.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide\guide.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\lastVisited.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice\notice.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\played.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\search.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\google-new-logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\searchicon.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\searchicon2.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\setup.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\skin\dialBoxStyle.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\skin\icons.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oBookmarks.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oDownloads.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oExtensions.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oHistory.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oNewtab.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\cloudWallpaper.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\skins.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\categoryBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\delete.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\download.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\icons.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\loading.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\weather.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\css\style.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\logo.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\line.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\locationIcon.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\searchButton.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\weather.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\css\all.css, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\game.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_128.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_16.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_48.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\NEW.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\shopping.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\weather.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\webstore.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\default.jpg, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\iconsprite.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\idialog_s.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\ios5_button.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\left.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\loading.gif, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\loading2.gif, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\qBoxBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_bg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_bg0.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_left.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_left0.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_right.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_right0.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\right.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\selected.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\titleBg.png, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\all.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\background.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\ga.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\jq.mobi.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\jump.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\pop.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\redirect.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\xagainit.js, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\de\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\en\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es_419\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\fr\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\it\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ja\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pl\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_BR\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_PT\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ru\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\tr\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\vi\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_CN\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_TW\messages.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
PUP.Optional.QuickStart.A, C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_metadata\verified_contents.json, Quarantined, [10f19ecb3547a19564a0ad8618eb10f0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
JRT Log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Betrayed on 04/01/2015 at 12:10:51.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Betrayed\AppData\Roaming\mozilla\firefox\profiles\25u2pab7.default\minidumps [4 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/01/2015 at 12:56:04.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Betrayed (administrator) on PC on 04-01-2015 12:59:46
Running from C:\Users\Betrayed\Desktop
Loaded Profile: Betrayed (Available profiles: Betrayed)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Launcher)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer, Inc.) C:\Users\Betrayed\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
() C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Spotify Ltd) C:\Users\Betrayed\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-02-07] (LogMeIn, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-02] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [Spotify Web Helper] => C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [AceStream] => C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1315584 2014-07-28] (Bogdan Sharkov)
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Policies\Explorer: [NofolderOptions] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DuckDnsUpdater.lnk
ShortcutTarget: DuckDnsUpdater.lnk -> C:\Program Files (x86)\DuckDNSUpdater\DuckDnsUpdater.exe ()
Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk
ShortcutTarget: OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin.exe.lnk
ShortcutTarget: pidgin.exe.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52559;https=127.0.0.1:52559
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D3C1A0FF-625E-4755-9A0E-5A504D75229B}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", ""
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", ""
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", ""
FF NetworkProxy: "ftp", ""
FF NetworkProxy: "ftp_port", ""
FF NetworkProxy: "http", ""
FF NetworkProxy: "http_port", ""
FF NetworkProxy: "share_proxy_settings", ""
FF NetworkProxy: "socks", ""
FF NetworkProxy: "socks_port", ""
FF NetworkProxy: "socks_remote_dns", ""
FF NetworkProxy: "ssl", ""
FF NetworkProxy: "ssl_port", ""
FF NetworkProxy: "type", ""
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-114786149-1812099484-2380863628-1001: @acestream.net/acestreamplugin,version=2.2.7-next -> C:\Users\Betrayed\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-114786149-1812099484-2380863628-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Betrayed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: HTTPS-Everywhere - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\[email protected] [2015-01-01]
FF Extension: Hola Better Internet - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\[email protected] [2015-01-03]
FF Extension: iMacros for Firefox - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-01-03]
FF Extension: Disconnect - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\[email protected] [2015-01-01]
FF Extension: Blender - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\[email protected] [2015-01-01]
FF Extension: Gmelius - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\[email protected] [2015-01-01]
FF Extension: Self-Destructing Cookies - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\[email protected] [2015-01-01]
FF Extension: RequestPolicy - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\[email protected] [2015-01-01]
FF Extension: RefControl - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2015-01-01]
FF Extension: Cookie Monster - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2015-01-01]
FF Extension: NoScript - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-01]
FF Extension: Tamper Data - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-11-09]
FF Extension: Adblock Plus - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF Extension: BetterPrivacy - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\25u2pab7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-02]
FF HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Tampermonkey) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
CHR Extension: (AS Magic Player) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Quick start) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2015-01-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-02] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-25] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-25] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-02-07] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-02] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-08-30] (UB658)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-02-07] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-11-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-02] (Avast Software)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 CmdAgent; No ImagePath
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-04 12:59 - 2015-01-04 13:00 - 00028328 _____ () C:\Users\Betrayed\Desktop\FRST.txt
2015-01-04 12:59 - 2015-01-04 12:59 - 02123776 _____ (Farbar) C:\Users\Betrayed\Desktop\FRST64.exe
2015-01-04 12:56 - 2015-01-04 12:56 - 00000878 _____ () C:\Users\Betrayed\Desktop\JRT.txt
2015-01-04 12:28 - 2015-01-04 12:59 - 00053120 _____ () C:\Users\Betrayed\Desktop\Checkup.txt
2015-01-04 12:10 - 2015-01-04 12:10 - 01707939 _____ (Thisisu) C:\Users\Betrayed\Desktop\JRT.exe
2015-01-04 12:10 - 2015-01-04 12:10 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-04 12:05 - 2015-01-04 12:06 - 00000197 _____ () C:\WINDOWS\system32\2015-01-04-12-05-00.047-AvastVBoxSVC.exe-3940.log
2015-01-04 11:37 - 2015-01-04 11:38 - 00000197 _____ () C:\WINDOWS\system32\2015-01-04-11-37-24.067-AvastVBoxSVC.exe-4764.log
2015-01-04 11:29 - 2015-01-04 11:29 - 00495616 _____ (Simon Tatham) C:\Users\Betrayed\Desktop\putty.exe
2015-01-04 11:27 - 2015-01-04 11:33 - 00000000 ____D () C:\AdwCleaner
2015-01-04 11:27 - 2015-01-04 11:27 - 02173952 _____ () C:\Users\Betrayed\Downloads\Unconfirmed 715095.crdownload
2015-01-04 11:26 - 2015-01-04 11:27 - 02173952 _____ () C:\Users\Betrayed\Downloads\Unconfirmed 158115.crdownload
2015-01-04 11:26 - 2015-01-04 11:27 - 02173952 _____ () C:\Users\Betrayed\Desktop\AdwCleaner.exe
2015-01-04 11:18 - 2015-01-04 11:18 - 00000197 _____ () C:\WINDOWS\system32\2015-01-04-11-18-02.028-AvastVBoxSVC.exe-4864.log
2015-01-03 20:05 - 2015-01-03 20:05 - 00010756 _____ () C:\Users\Betrayed\Desktop\o7OzUGp9_400x400.jpeg
2015-01-03 19:24 - 2015-01-03 19:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-03-19-24-25.047-AvastVBoxSVC.exe-280.log
2015-01-03 19:15 - 2015-01-03 19:15 - 00000000 ____D () C:\_OTL
2015-01-03 15:43 - 2015-01-03 15:43 - 00097318 _____ () C:\Users\Betrayed\Desktop\Extras.Txt
2015-01-03 15:42 - 2015-01-03 19:39 - 00195466 _____ () C:\Users\Betrayed\Desktop\OTL.Txt
2015-01-03 15:40 - 2015-01-03 15:40 - 01187274 _____ () C:\Users\Betrayed\Downloads\PhrozenPwdRecoveryV1-1.zip
2015-01-03 15:39 - 2015-01-03 15:39 - 00001116 _____ () C:\Users\Public\Desktop\DarkComet Remover.lnk
2015-01-03 15:39 - 2015-01-03 15:39 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\PhrozenSoft
2015-01-03 15:39 - 2015-01-03 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
2015-01-03 15:38 - 2015-01-03 15:38 - 01767759 _____ () C:\Users\Betrayed\Downloads\DarkCometRemover2.zip
2015-01-03 15:25 - 2015-01-03 15:25 - 00602112 _____ (OldTimer Tools) C:\Users\Betrayed\Desktop\OTL.exe
2015-01-03 15:17 - 2015-01-03 15:17 - 00000158 _____ () C:\Users\Betrayed\Desktop\New WinRAR archive.rar
2015-01-03 15:17 - 2015-01-03 15:17 - 00000000 ____D () C:\Users\Betrayed\Desktop\New folder
2015-01-03 10:14 - 2015-01-03 10:14 - 00002684 _____ () C:\WINDOWS\System32\Tasks\NAT Service
2015-01-03 10:14 - 2015-01-03 10:14 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\D0AAD974-68DA-45A6-9616-F7B59434E6A4
2015-01-03 09:07 - 2015-01-03 09:09 - 00000197 _____ () C:\WINDOWS\system32\2015-01-03-09-07-42.017-AvastVBoxSVC.exe-4932.log
2015-01-02 19:03 - 2015-01-02 19:04 - 00000197 _____ () C:\WINDOWS\system32\2015-01-02-19-03-55.058-AvastVBoxSVC.exe-4768.log
2015-01-02 15:46 - 2015-01-02 15:47 - 06121806 _____ () C:\Users\Betrayed\Desktop\Viphf December 2014.sql.zip
2015-01-02 11:16 - 2015-01-02 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 10:51 - 2015-01-02 10:52 - 02460608 _____ () C:\Users\Betrayed\Desktop\sjdb.zip
2015-01-02 09:46 - 2015-01-02 09:48 - 00000197 _____ () C:\WINDOWS\system32\2015-01-02-09-46-51.093-AvastVBoxSVC.exe-4880.log
2015-01-01 17:14 - 2015-01-01 17:19 - 00007702 _____ () C:\Users\Betrayed\Desktop\ISP Methods.txt
2015-01-01 15:23 - 2015-01-01 15:23 - 00000000 ____D () C:\Users\Betrayed\Desktop\School
2015-01-01 15:16 - 2015-01-01 15:16 - 00000000 ____D () C:\Users\Betrayed\Desktop\Card
2015-01-01 15:14 - 2015-01-03 09:53 - 00000000 ____D () C:\Users\Betrayed\Desktop\Stuff
2015-01-01 10:59 - 2015-01-01 11:00 - 00000197 _____ () C:\WINDOWS\system32\2015-01-01-10-59-12.092-AvastVBoxSVC.exe-5012.log
2014-12-31 10:28 - 2014-12-31 10:28 - 00000197 _____ () C:\WINDOWS\system32\2014-12-31-10-28-11.016-AvastVBoxSVC.exe-4012.log
2014-12-30 15:11 - 2014-12-30 15:11 - 00010240 _____ () C:\Users\Betrayed\Downloads\HWID Generator.exe
2014-12-30 10:10 - 2014-12-30 10:10 - 00000197 _____ () C:\WINDOWS\system32\2014-12-30-10-10-36.039-AvastVBoxSVC.exe-4888.log
2014-12-29 14:35 - 2014-12-29 14:35 - 00066338 _____ () C:\Users\Betrayed\Downloads\NanoStore (1).ncp
2014-12-29 14:34 - 2014-12-29 14:34 - 00256138 _____ () C:\Users\Betrayed\Downloads\MultiCore14.rar
2014-12-29 14:34 - 2014-12-29 14:34 - 00183523 _____ () C:\Users\Betrayed\Downloads\NanoProtectPlugin.ncp
2014-12-29 14:34 - 2014-12-29 14:34 - 00068392 _____ () C:\Users\Betrayed\Downloads\NanoStats.ncp
2014-12-29 14:32 - 2014-12-29 14:32 - 00090402 _____ () C:\Users\Betrayed\Downloads\NanoStore.ncp
2014-12-29 13:56 - 2014-12-29 13:58 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-13-56-48.075-AvastVBoxSVC.exe-4696.log
2014-12-29 08:43 - 2014-12-29 08:44 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-08-43-20.011-AvastVBoxSVC.exe-4960.log
2014-12-28 18:30 - 2014-12-28 18:31 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-18-30-53.033-AvastVBoxSVC.exe-4588.log
2014-12-28 15:33 - 2014-12-30 21:33 - 00000038 _____ () C:\Users\Betrayed\Desktop\nVPN.txt
2014-12-28 10:38 - 2014-12-28 12:58 - 00001159 _____ () C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Imminent Monitor.lnk
2014-12-28 10:38 - 2014-12-28 12:58 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\Imminent Monitor
2014-12-28 10:38 - 2014-12-28 10:38 - 00000000 ____D () C:\Program Files (x86)\Imminent Monitor
2014-12-28 10:36 - 2014-12-28 10:36 - 00143730 _____ () C:\Users\Betrayed\Downloads\setup.zip
2014-12-28 10:17 - 2014-12-28 10:18 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-10-17-49.021-AvastVBoxSVC.exe-4960.log
2014-12-27 20:25 - 2014-12-27 20:25 - 00606028 _____ () C:\Users\Betrayed\Downloads\DuckDnsUpdater-Installer (2).zip
2014-12-27 20:22 - 2014-12-27 20:25 - 00001091 _____ () C:\Users\Public\Desktop\DuckDns Updater.lnk
2014-12-27 20:22 - 2014-12-27 20:22 - 00606028 _____ () C:\Users\Betrayed\Downloads\DuckDnsUpdater-Installer (1).zip
2014-12-27 20:15 - 2014-12-28 19:19 - 00000056 _____ () C:\Users\Betrayed\Downloads\settings.bin
2014-12-27 19:44 - 2014-12-28 19:19 - 00012400 _____ () C:\Users\Betrayed\Downloads\server.log
2014-12-27 19:44 - 2014-12-28 19:19 - 00000000 ____D () C:\Users\Betrayed\Downloads\Databases
2014-12-27 19:44 - 2014-12-28 19:01 - 00000128 _____ () C:\Users\Betrayed\Downloads\plugins.bin
2014-12-27 19:44 - 2014-12-27 20:33 - 00001562 _____ () C:\Users\Betrayed\Downloads\builder.log
2014-12-27 19:44 - 2014-12-27 19:44 - 00000061 _____ () C:\Users\Betrayed\Downloads\public.bin
2014-12-27 19:43 - 2014-12-27 19:44 - 00000000 ____D () C:\Users\Betrayed\Downloads\Plugins
2014-12-27 19:40 - 2014-12-27 19:43 - 00000000 ____D () C:\Users\Betrayed\Downloads\Resources
2014-12-27 19:40 - 2014-12-27 19:40 - 00262144 _____ (http://system.data.sqlite.org/) C:\Users\Betrayed\Downloads\System.Data.SQLite.dll
2014-12-27 19:40 - 2014-12-27 19:40 - 00134656 _____ () C:\Users\Betrayed\Downloads\client.bin
2014-12-27 19:40 - 2014-12-27 19:40 - 00077312 _____ () C:\Users\Betrayed\Downloads\PluginCompiler.exe
2014-12-27 19:40 - 2014-12-27 19:40 - 00039818 _____ () C:\Users\Betrayed\Downloads\ServerPlugin.xml
2014-12-27 19:40 - 2014-12-27 19:40 - 00029184 _____ () C:\Users\Betrayed\Downloads\ServerPlugin.dll
2014-12-27 19:40 - 2014-12-27 19:40 - 00019968 _____ () C:\Users\Betrayed\Downloads\ClientPlugin.dll
2014-12-27 19:40 - 2014-12-27 19:40 - 00010109 _____ () C:\Users\Betrayed\Downloads\ClientPlugin.xml
2014-12-27 19:40 - 2014-12-27 19:40 - 00000000 ____D () C:\Users\Betrayed\Downloads\x86
2014-12-27 19:40 - 2014-12-27 19:40 - 00000000 ____D () C:\Users\Betrayed\Downloads\x64
2014-12-27 19:39 - 2014-12-28 20:09 - 00000196 _____ () C:\Users\Betrayed\Downloads\E8250000.log
2014-12-27 18:08 - 2014-12-27 18:08 - 00000047 _____ () C:\Users\Betrayed\Desktop\Email.txt
2014-12-27 17:01 - 2014-12-27 17:01 - 00002110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-12-27 17:01 - 2014-12-27 17:01 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\Thunderbird
2014-12-27 17:01 - 2014-12-27 17:01 - 00000000 ____D () C:\Users\Betrayed\AppData\Local\Thunderbird
2014-12-27 17:00 - 2014-12-27 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-27 15:48 - 2014-12-27 15:49 - 26299560 _____ (Mozilla) C:\Users\Betrayed\Downloads\Thunderbird Setup 31.3.0.exe
2014-12-27 13:11 - 2014-12-27 19:40 - 00674304 _____ () C:\Users\Betrayed\Downloads\NanoCore.exe
2014-12-27 10:57 - 2014-12-27 10:58 - 00000197 _____ () C:\WINDOWS\system32\2014-12-27-10-57-43.065-AvastVBoxSVC.exe-3992.log
2014-12-26 21:36 - 2014-12-26 21:36 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-26 12:10 - 2014-12-26 12:12 - 00000197 _____ () C:\WINDOWS\system32\2014-12-26-12-10-34.057-AvastVBoxSVC.exe-4964.log
2014-12-25 23:45 - 2014-12-25 23:46 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-23-45-48.093-AvastVBoxSVC.exe-4832.log
2014-12-25 12:36 - 2014-12-25 12:36 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 12:36 - 2014-12-25 12:36 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-12-36-02.030-AvastVBoxSVC.exe-4716.log
2014-12-24 09:24 - 2014-12-24 09:24 - 00000197 _____ () C:\WINDOWS\system32\2014-12-24-09-24-28.051-AvastVBoxSVC.exe-3948.log
2014-12-23 19:53 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-23 19:53 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-23 11:09 - 2014-12-23 11:12 - 00000197 _____ () C:\WINDOWS\system32\2014-12-23-11-09-28.050-AvastVBoxSVC.exe-5080.log
2014-12-22 10:45 - 2014-12-22 10:45 - 00000247 _____ () C:\WINDOWS\system32\2014-12-22-10-45-42.007-aswFe.exe-2892.log
2014-12-22 10:41 - 2014-12-22 10:45 - 00000247 _____ () C:\WINDOWS\system32\2014-12-22-10-41-04.032-aswFe.exe-2824.log
2014-12-22 10:41 - 2014-12-22 10:41 - 00000197 _____ () C:\WINDOWS\system32\2014-12-22-10-41-02.058-AvastVBoxSVC.exe-5324.log
2014-12-21 10:40 - 2014-12-21 10:40 - 00000197 _____ () C:\WINDOWS\system32\2014-12-21-10-40-02.006-AvastVBoxSVC.exe-4812.log
2014-12-20 09:58 - 2014-12-20 10:00 - 00000197 _____ () C:\WINDOWS\system32\2014-12-20-09-58-09.001-AvastVBoxSVC.exe-3856.log
2014-12-19 19:55 - 2014-12-19 19:55 - 00000247 _____ () C:\WINDOWS\system32\2014-12-19-19-55-06.097-aswFe.exe-5940.log
2014-12-19 19:51 - 2014-12-19 19:55 - 00000247 _____ () C:\WINDOWS\system32\2014-12-19-19-51-03.094-aswFe.exe-7036.log
2014-12-19 19:51 - 2014-12-19 19:51 - 00000197 _____ () C:\WINDOWS\system32\2014-12-19-19-51-01.048-AvastVBoxSVC.exe-2548.log
2014-12-19 14:05 - 2014-12-19 14:30 - 00001486 _____ () C:\Users\Betrayed\Desktop\Betrayed dox.txt
2014-12-19 09:25 - 2014-12-19 09:26 - 00000197 _____ () C:\WINDOWS\system32\2014-12-19-09-25-32.027-AvastVBoxSVC.exe-3904.log
2014-12-18 20:37 - 2014-12-18 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-12-18 17:28 - 2014-12-18 17:29 - 05317104 _____ (Piriform Ltd) C:\Users\Betrayed\Downloads\ccsetup501.exe
2014-12-18 16:44 - 2014-12-18 16:44 - 00000197 _____ () C:\WINDOWS\system32\2014-12-18-16-44-09.017-AvastVBoxSVC.exe-4928.log
2014-12-17 16:28 - 2014-12-17 16:29 - 00000197 _____ () C:\WINDOWS\system32\2014-12-17-16-28-04.093-AvastVBoxSVC.exe-3028.log
2014-12-16 18:05 - 2014-12-16 18:05 - 00014868 _____ () C:\Users\Betrayed\Downloads\bright_line_7.zip
2014-12-16 18:02 - 2014-12-16 18:02 - 00107778 _____ () C:\Users\Betrayed\Downloads\breamcatcher.zip
2014-12-16 17:58 - 2014-12-16 17:59 - 16054311 _____ () C:\Users\Betrayed\Downloads\threadpro___thread_design_template_free_by_dotgg-d89v3hc.psd
2014-12-16 16:43 - 2014-12-16 16:45 - 00000197 _____ () C:\WINDOWS\system32\2014-12-16-16-43-55.036-AvastVBoxSVC.exe-4844.log
2014-12-15 19:02 - 2014-12-15 19:02 - 00008615 _____ () C:\Users\Betrayed\Downloads\vpngate_vpn511978629.opengw.net_udp_1293.ovpn
2014-12-15 17:23 - 2014-12-15 17:23 - 00000197 _____ () C:\WINDOWS\system32\2014-12-15-17-23-52.012-AvastVBoxSVC.exe-4824.log
2014-12-14 20:49 - 2014-12-14 20:50 - 00000000 ____D () C:\Users\Betrayed\Downloads\Sex.Tape.2014.1080p.BluRay.x264.DTS-HD.MA.5.1-RARBG
2014-12-14 10:03 - 2014-12-14 10:03 - 00000197 _____ () C:\WINDOWS\system32\2014-12-14-10-03-11.020-AvastVBoxSVC.exe-4896.log
2014-12-13 20:42 - 2014-12-13 20:42 - 00001791 _____ () C:\Users\Betrayed\Desktop\Cain.lnk
2014-12-13 20:42 - 2014-12-13 20:42 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2014-12-13 20:41 - 2014-12-13 20:42 - 08244106 _____ () C:\Users\Betrayed\Downloads\ca_setup (1).exe
2014-12-13 10:23 - 2014-12-13 10:23 - 00000197 _____ () C:\WINDOWS\system32\2014-12-13-10-23-40.062-AvastVBoxSVC.exe-4748.log
2014-12-12 16:29 - 2014-12-12 16:29 - 00000197 _____ () C:\WINDOWS\system32\2014-12-12-16-29-13.011-AvastVBoxSVC.exe-3828.log
2014-12-11 16:40 - 2014-12-11 16:40 - 00019061 _____ () C:\Users\Betrayed\Downloads\[kickass.so]arrow.s03e09.hdtv.x264.lol.ettv.torrent
2014-12-11 16:34 - 2014-12-11 16:34 - 00000000 ____D () C:\Users\Betrayed\Downloads\Arrow.S03E09.HDTV.x264-LOL[ettv]
2014-12-11 16:25 - 2014-12-11 16:27 - 00000197 _____ () C:\WINDOWS\system32\2014-12-11-16-25-54.053-AvastVBoxSVC.exe-4892.log
2014-12-11 07:48 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-11 07:48 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 07:45 - 2014-12-11 07:46 - 00000197 _____ () C:\WINDOWS\system32\2014-12-11-07-45-53.098-AvastVBoxSVC.exe-3856.log
2014-12-10 19:24 - 2014-12-10 19:27 - 00000000 ____D () C:\Users\Betrayed\Downloads\The.Flash.2014.S01E09.The.Man.in.the.Yellow.Suit.WEB-DL.x264.AAC
2014-12-10 19:23 - 2014-12-10 19:24 - 00021593 _____ () C:\Users\Betrayed\Downloads\[kickass.so]the.flash.2014.s01e09.the.man.in.the.yellow.suit.web.dl.x264.aac.torrent
2014-12-10 17:03 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 17:03 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 17:03 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 17:03 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 16:49 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 16:49 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 16:49 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 16:49 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 16:49 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 16:49 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 16:49 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 16:49 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 16:49 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 16:49 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 16:49 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 16:49 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 16:49 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 16:49 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 16:49 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 16:49 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 16:49 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 16:49 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 16:49 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 16:49 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 16:49 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 16:49 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 16:49 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 16:49 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 16:49 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 16:49 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 16:49 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 16:49 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 16:49 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 16:49 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 16:49 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 16:49 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 16:49 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 16:49 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 16:49 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 16:49 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 16:49 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 16:49 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 16:49 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 16:49 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 16:49 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 16:49 - 2014-10-31 23:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 16:49 - 2014-10-31 23:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 16:49 - 2014-10-13 02:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 16:49 - 2014-10-13 02:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 16:49 - 2014-10-13 02:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 16:49 - 2014-10-13 02:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-10 16:40 - 2014-12-10 16:43 - 00000197 _____ () C:\WINDOWS\system32\2014-12-10-16-40-12.057-AvastVBoxSVC.exe-4116.log
2014-12-09 17:00 - 2014-12-09 17:00 - 00000197 _____ () C:\WINDOWS\system32\2014-12-09-17-00-36.072-AvastVBoxSVC.exe-1224.log
2014-12-08 20:14 - 2014-12-08 20:14 - 06731033 _____ () C:\Users\Betrayed\Downloads\pidgin-otr-4.0.1.exe
2014-12-08 16:32 - 2014-12-08 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-12-07 23:22 - 2014-12-07 23:22 - 04362512 _____ (Piriform Ltd) C:\Users\Betrayed\Downloads\dfsetup218.exe
2014-12-07 23:22 - 2014-12-07 23:22 - 00001736 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-12-07 23:22 - 2014-12-07 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-12-07 23:22 - 2014-12-07 23:22 - 00000000 ____D () C:\Program Files\Defraggler
2014-12-07 10:31 - 2014-12-07 10:31 - 00000197 _____ () C:\WINDOWS\system32\2014-12-07-10-31-16.083-AvastVBoxSVC.exe-5016.log
2014-12-06 11:25 - 2014-12-06 11:26 - 00000197 _____ () C:\WINDOWS\system32\2014-12-06-11-25-24.072-AvastVBoxSVC.exe-4592.log
2014-12-06 08:41 - 2014-12-06 08:42 - 00000197 _____ () C:\WINDOWS\system32\2014-12-06-08-41-02.025-AvastVBoxSVC.exe-5028.log
2014-12-05 22:37 - 2014-12-05 23:05 - 00000000 ____D () C:\Users\Betrayed\Downloads\Left Behind 2014 720p BluRay x264 AAC - Ozlem
2014-12-05 22:35 - 2014-12-05 22:35 - 00000000 ____D () C:\Users\Betrayed\Downloads\The.Giver.2014.1080p.BluRay.x264-SPARKS[rarbg]
2014-12-05 22:05 - 2014-12-05 22:33 - 00000000 ____D () C:\Users\Betrayed\Downloads\Teenage Mutant Ninja Turtles (2014)
2014-12-05 21:02 - 2014-12-05 22:00 - 00000000 ____D () C:\Users\Betrayed\Downloads\Guardians of the Galaxy (2014) [1080p]
2014-12-05 19:40 - 2014-12-05 21:45 - 00000000 ____D () C:\Users\Betrayed\Downloads\Blended.2014.HDRip.XviD-SaM[ETRG]
2014-12-05 16:57 - 2014-12-05 16:57 - 00000197 _____ () C:\WINDOWS\system32\2014-12-05-16-57-31.002-AvastVBoxSVC.exe-4284.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-04 13:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-04 12:59 - 2014-10-18 10:32 - 00000000 ____D () C:\FRST
2015-01-04 12:56 - 2014-09-10 18:47 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\Skype
2015-01-04 12:56 - 2014-07-18 16:06 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\.purple
2015-01-04 12:50 - 2014-11-27 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-04 12:35 - 2014-12-02 11:21 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-04 12:29 - 2014-12-02 11:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 12:25 - 2014-07-17 14:24 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-114786149-1812099484-2380863628-1001
2015-01-04 12:14 - 2014-07-17 19:40 - 01916913 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-04 12:13 - 2014-10-24 16:03 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 12:11 - 2014-07-18 09:38 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\Spotify
2015-01-04 12:02 - 2014-10-05 10:27 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-04 12:02 - 2014-10-05 10:27 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-04 12:02 - 2014-07-19 16:31 - 00000000 ____D () C:\ProgramData\VMware
2015-01-04 12:02 - 2014-07-17 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-04 12:02 - 2014-07-17 14:38 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 12:02 - 2013-08-22 15:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-04 12:02 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-04 12:01 - 2014-11-04 20:48 - 00000000 ____D () C:\Program Files (x86)\Cain
2015-01-04 11:22 - 2014-07-31 10:08 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8633A6A2-D802-4499-A886-860575670414}
2015-01-04 11:21 - 2014-07-17 14:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 00:56 - 2014-07-25 14:43 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-04 00:56 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-04 00:02 - 2014-10-11 12:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-03 19:23 - 2014-07-17 19:19 - 00000000 ____D () C:\Users\Betrayed\AppData\Local\Adobe
2015-01-03 10:16 - 2014-10-05 11:22 - 00001710 _____ () C:\WINDOWS\Sandboxie.ini
2015-01-03 09:04 - 2014-08-08 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-02 15:55 - 2014-08-25 21:52 - 00000000 ____D () C:\Users\Betrayed\Desktop\DBs
2015-01-02 10:33 - 2014-07-17 19:46 - 00000000 ____D () C:\Users\Betrayed
2015-01-01 19:39 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-01 16:09 - 2014-10-18 16:45 - 00000000 ____D () C:\Users\Betrayed\AppData\Local\Popcorn-Time
2015-01-01 15:22 - 2014-07-17 15:23 - 00000000 ____D () C:\Users\Betrayed\Desktop\All Folders
2015-01-01 15:14 - 2014-10-18 09:21 - 00000952 _____ () C:\Users\Betrayed\Desktop\Start Tor Browser.lnk
2015-01-01 15:00 - 2014-12-02 17:40 - 00000000 ____D () C:\Users\Betrayed\AppData\Local\Popcorn Time
2015-01-01 12:28 - 2014-07-17 17:39 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-01 11:01 - 2014-07-25 21:39 - 00000000 ____D () C:\Users\Betrayed\AppData\Local\CrashDumps
2014-12-30 10:17 - 2014-07-19 10:56 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\MultiBit
2014-12-29 13:59 - 2014-08-01 19:50 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\TeamViewer
2014-12-28 10:38 - 2014-08-06 23:49 - 00000000 ____D () C:\ProgramData\Nimoru
2014-12-27 20:25 - 2014-10-04 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DuckDns Updater
2014-12-27 20:25 - 2014-10-04 17:58 - 00000000 ____D () C:\Program Files (x86)\DuckDNSUpdater
2014-12-27 10:56 - 2013-08-22 14:44 - 05041448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-23 11:13 - 2014-10-11 12:55 - 00003816 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1413032102
2014-12-23 11:13 - 2014-10-11 12:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-22 18:16 - 2014-10-11 12:55 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-18 21:41 - 2014-07-18 09:43 - 00000000 ____D () C:\Users\Betrayed\AppData\Local\Spotify
2014-12-18 20:37 - 2014-07-17 15:12 - 00003254 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-114786149-1812099484-2380863628-1001
2014-12-18 20:37 - 2014-07-17 15:12 - 00000425 _____ () C:\Users\Betrayed\AppData\Local\UserProducts.xml
2014-12-18 18:11 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 17:29 - 2014-10-28 19:02 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-18 17:29 - 2014-10-28 19:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-16 20:54 - 2014-07-19 18:08 - 00001456 _____ () C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-16 16:49 - 2014-11-27 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-16 16:49 - 2014-11-27 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-12-14 23:12 - 2014-08-03 21:21 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\uTorrent
2014-12-14 10:14 - 2014-10-11 12:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-13 20:42 - 2014-11-04 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-12-13 20:42 - 2014-11-04 20:48 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-12-13 00:12 - 2014-07-17 15:30 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-13 00:12 - 2014-07-17 15:30 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-13 00:12 - 2014-07-17 14:49 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-13 00:12 - 2014-07-17 14:49 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-12 18:35 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 22:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-12-11 22:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-12-11 22:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-11 17:28 - 2014-08-03 11:46 - 00000000 ____D () C:\Users\Betrayed\AppData\Roaming\.ACEStream
2014-12-11 16:40 - 2014-08-03 11:47 - 00000000 ___HD () C:\_acestream_cache_
2014-12-11 16:40 - 2014-07-17 15:12 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-12-10 22:15 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 22:15 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 19:38 - 2014-07-17 16:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 19:34 - 2014-07-17 16:31 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 17:04 - 2014-08-23 17:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-06 20:42 - 2014-03-18 15:26 - 01153180 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\Betrayed\AppData\Local\Temp\Quarantine.exe
C:\Users\Betrayed\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-27 11:58
 
==================== End Of Log ============================
 
 
 
 
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Betrayed at 2015-01-04 13:00:42
Running from C:\Users\Betrayed\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
µTorrent (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ace Stream Media 2.2.7-next (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\AceStream) (Version: 2.2.7-next - Ace Stream Media)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.0.413 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIM for Windows (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\AIM) (Version:  - AOL Inc.)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cain & Abel 4.9.56 (HKLM-x32\...\Cain & Abel 4.9.56) (Version:  - )
Camtasia Studio 8 (HKLM-x32\...\{80AE23DF-71A4-4E3F-B931-F93AB5DF0BDD}) (Version: 8.4.2.1768 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DarkComet Remover version 2.0 (HKLM-x32\...\DarkComet Remover_is1) (Version: 2.0 - Phrozen ® Software 2013.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dropbox (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DuckDns Updater version 1.0.2 (HKLM-x32\...\{F4D03CB7-3B18-44CB-AA4A-4F83FBAEBE8A}_is1) (Version: 1.0.2 - ETX Software Inc.)
Elgato Game Capture HD (HKLM-x32\...\{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}) (Version: 1.42.24.539 - Elgato Systems GmbH)
FileSeek 3.3 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 3.3.0.0 - Binary Fortress Software)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Free YouTube Uploader version 4.0.20.923 (HKLM-x32\...\Free YouTube Uploader_is1) (Version: 4.0.20.923 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
Gyazo 2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HexChat (HKLM-x32\...\HexChat_is1) (Version: 2.10.0 - HexChat)
Imminent Monitor (HKLM\...\Imminent Monitor) (Version:  - Imminent Methods)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
join.me (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\JoinMe) (Version: 1.17.1.162 - LogMeIn, Inc.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn (HKLM-x32\...\{9905E4C1-14D8-4522-88FE-FD00B51A20DC}) (Version: 4.1.4408 - LogMeIn, Inc.)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-GB)) (Version: 31.3.0 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenVPN 2.3.4-I002  (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.10 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2 beta r2302 - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spotify (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
Unity Web Player (HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update Manager B12.1113.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.2 - The Wireshark developer community, http://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-114786149-1812099484-2380863628-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
18-12-2014 18:10:16 Windows Update
26-12-2014 13:08:58 Scheduled Checkpoint
03-01-2015 19:16:03 OTL Restore Point - 03/01/2015 19:16:01
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2015-01-03 19:16 - 00001626 __RAH C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {059DC3F6-3893-4493-B73F-87CD6C4659AA} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {096BC942-1389-4FF5-8175-35D1F0E34970} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-14] (Adobe Systems Incorporated)
Task: {36198D5A-FE92-44E7-98C3-23A8089BB4C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {42AD2A58-CBC7-497A-A03C-739EE2A0A7E5} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {75D9342F-4E2E-4F7D-B56B-925B3361BC9F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {809F89CA-97CB-42DF-99B9-EFCC8EB2246F} - System32\Tasks\Opera scheduled Autoupdate 1413032102 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {A2C7314E-D060-4334-981F-C34F5BF7AF7B} - System32\Tasks\NAT Service => C:\Users\Betrayed\Desktop\SteamStealer.exe
Task: {BBDBA292-2E86-42CC-BA22-49954CB93B90} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BC7C26BB-0BDB-4566-800E-4DB0F15BD0BD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
Task: {BD2F41AA-7851-411C-B979-3D67083B6162} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {BD3B5DF7-B9C3-4C4B-9484-204CA95D98FF} - System32\Tasks\{BFF3D7BB-6D2B-4C2E-A11B-E3EC93901545} => pcalua.exe -a C:\Users\Betrayed\AppData\Local\ProtectedBrowsing\uninstall.exe
Task: {C2C80E25-BDDC-4064-ABE6-679B3DAD2638} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {C4B21D28-08F3-49FE-969C-A0E4D5916ECA} - System32\Tasks\update-S-1-5-21-114786149-1812099484-2380863628-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {DA53FCD0-38F9-4E68-818D-9BD3C88DB26C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-17 19:41 - 2014-11-12 21:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-30 18:47 - 2013-08-30 18:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 13:41 - 2012-10-22 13:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 13:42 - 2012-10-22 13:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-21 10:22 - 2014-05-21 10:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2014-10-31 22:27 - 2014-10-31 22:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-12-02 11:20 - 2014-12-02 11:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-02 11:20 - 2014-12-02 11:20 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-07-09 10:29 - 2014-09-25 12:57 - 00027904 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-07-14 13:28 - 2014-07-14 13:28 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-07-14 13:28 - 2014-07-14 13:28 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-07-14 13:27 - 2014-07-14 13:27 - 00010240 _____ () C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
2014-11-20 08:23 - 2014-11-20 08:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-06-25 15:50 - 2014-06-25 15:50 - 05558944 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-03-29 11:18 - 2013-03-29 11:18 - 00026744 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\ace_update.exe
2014-07-18 09:43 - 2014-12-14 10:22 - 00374840 _____ () C:\Users\Betrayed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-06-25 15:51 - 2014-06-25 15:51 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 19:29 - 2014-05-01 19:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 09:49 - 2014-05-12 09:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-01-04 11:17 - 2015-01-04 11:17 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010400\algo.dll
2014-12-02 11:20 - 2014-12-02 11:20 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-07-09 10:29 - 2014-11-28 13:46 - 00249856 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 13:09 - 2011-06-12 13:09 - 00038400 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 13:09 - 2011-06-12 13:09 - 00720896 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 15:50 - 2013-11-27 15:50 - 00018944 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00287232 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2014-07-02 10:27 - 2014-11-28 13:46 - 01732096 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2014-01-23 11:37 - 2014-01-23 11:37 - 00036352 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 13:20 - 2013-12-21 13:20 - 00053248 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00106496 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 13:20 - 2013-12-21 13:20 - 00040448 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00011776 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-18 21:56 - 2011-01-18 21:56 - 00334336 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00152576 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 15:02 - 2011-02-13 15:02 - 00031232 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-07-09 10:40 - 2014-11-28 13:46 - 03083264 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 16:37 - 2012-02-07 16:37 - 00098816 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 16:35 - 2012-02-07 16:35 - 00110080 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 16:38 - 2012-02-07 16:38 - 00358912 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 16:36 - 2012-02-07 16:36 - 00111616 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 16:36 - 2012-02-07 16:36 - 00024064 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-10 22:23 - 2010-10-10 22:23 - 00723968 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 16:20 - 2013-01-29 16:20 - 00082944 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 19:37 - 2011-07-15 19:37 - 00981504 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00746496 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00670720 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00966144 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00674816 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00688128 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 13:02 - 2013-12-21 13:02 - 00061952 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 16:20 - 2013-01-29 16:20 - 00066048 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2014-10-19 20:40 - 2014-10-19 20:40 - 00036878 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2014-07-18 16:01 - 2014-07-18 16:01 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2014-07-18 16:01 - 2014-07-18 16:01 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2014-07-18 16:01 - 2014-07-18 16:01 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2014-07-18 16:01 - 2014-07-18 16:01 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2014-07-18 16:01 - 2014-07-18 16:01 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2014-10-19 20:39 - 2014-10-19 20:39 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2014-07-18 16:01 - 2014-07-18 16:01 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00311021 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00092398 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00328142 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00107365 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2014-10-19 20:39 - 2014-10-19 20:39 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00374169 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00150598 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00116071 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00170578 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00055880 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00417758 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00236666 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00047934 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 13:17 - 2012-09-09 13:17 - 00472576 _____ () C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00031427 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00023851 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2014-10-19 20:39 - 2014-10-19 20:39 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2014-10-19 20:39 - 2014-10-19 20:39 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2014-10-19 20:39 - 2014-10-19 20:39 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2014-10-19 20:39 - 2014-10-19 20:39 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2014-10-19 20:39 - 2014-10-19 20:39 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2014-10-19 20:40 - 2014-10-19 20:40 - 00486400 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2014-07-18 16:01 - 2014-07-18 16:01 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-12-02 11:20 - 2014-12-02 11:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-29 14:02 - 2014-01-04 00:20 - 34755072 _____ () C:\Users\Betrayed\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-20 06:02 - 2014-11-20 06:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-29 14:02 - 2014-01-04 00:20 - 00970240 _____ () C:\Users\Betrayed\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2011-06-12 13:09 - 2011-06-12 13:09 - 00038400 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 13:09 - 2011-06-12 13:09 - 00720896 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 19:37 - 2011-07-15 19:37 - 00981504 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00746496 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00670720 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00966144 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 19:38 - 2011-07-15 19:38 - 00674816 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00287232 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 21:56 - 2011-01-18 21:56 - 00334336 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00011776 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 13:06 - 2011-06-12 13:06 - 00152576 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 16:37 - 2012-02-07 16:37 - 00098816 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 16:35 - 2012-02-07 16:35 - 00110080 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 16:38 - 2012-02-07 16:38 - 00358912 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 16:36 - 2012-02-07 16:36 - 00111616 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 16:36 - 2012-02-07 16:36 - 00024064 _____ () C:\Users\Betrayed\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2014-07-18 09:43 - 2014-12-14 10:22 - 36966968 _____ () C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-18 09:43 - 2014-12-14 10:22 - 00867896 _____ () C:\Users\Betrayed\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-07-18 09:43 - 2014-12-14 10:22 - 00886840 _____ () C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-07-18 09:43 - 2014-12-14 10:22 - 00108600 _____ () C:\Users\Betrayed\AppData\Roaming\Spotify\Data\libegl.dll
2014-08-13 14:09 - 2014-08-13 14:09 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-12-10 17:14 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 17:14 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 17:14 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 17:14 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-10 17:14 - 2014-12-06 01:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\msln.exe:78b0f75adc1efefdf71fe9909f9ab28f
AlternateDataStreams: C:\Users\Betrayed\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Betrayed\Downloads\Special Dorks.txt:$CmdZnID
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "DuckDnsUpdater.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\StartupApproved\Run: => "Clownfish"
HKU\S-1-5-21-114786149-1812099484-2380863628-1001\...\StartupApproved\Run: => "explorer"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-114786149-1812099484-2380863628-500 - Administrator - Disabled)
Betrayed (S-1-5-21-114786149-1812099484-2380863628-1001 - Administrator - Enabled) => C:\Users\Betrayed
Guest (S-1-5-21-114786149-1812099484-2380863628-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (01/04/2015 01:01:13 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/04/2015 01:00:43 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/04/2015 01:00:13 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/04/2015 00:59:43 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-22 16:44:47.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-22 16:38:03.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-05 10:58:20.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-05 10:58:20.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-05 10:58:19.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-05 10:58:19.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-05 10:58:19.832
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-05 10:58:19.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-05 10:58:19.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-05 10:58:18.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ X4 750K Quad Core Processor 
Percentage of memory in use: 29%
Total physical RAM: 10205.8 MB
Available physical RAM: 7223.45 MB
Total Pagefile: 11805.8 MB
Available Pagefile: 8134.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:853.29 GB) (Free:637.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 669090FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=78.1 GB) - (Type=05)
 
==================== End Of Log ============================

  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Why are you using RAT Hacking Tools?
  • 0

#12
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

I was using them for my home PC's.


  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Please remove these files.

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#14
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

CKScanner Logs:

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\frst\quarantine\c\users\betrayed\downloads\kazy crypter - cracked by meth.zip.xbad
c:\frst\quarantine\c\users\betrayed\downloads\razorcrypt_v2_-1.6.1_cracked.rar.xbad
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\de_de\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\de_de\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\de_de\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\es_es\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\es_es\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\es_es\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\fr_fr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\fr_fr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\fr_fr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\it_it\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\it_it\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\it_it\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ja_jp\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ja_jp\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ja_jp\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ko_kr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ko_kr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ko_kr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\pt_br\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\pt_br\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\pt_br\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ru_ru\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ru_ru\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\ru_ru\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2014\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\users\betrayed\desktop\all folders\hashcat-0.47\cracked.txt
c:\users\betrayed\desktop\all folders\sentry mba configs\52k combolist crackingpass.txt
c:\users\betrayed\desktop\all folders\tools\minecraft accounts\cracker.jar
c:\users\betrayed\desktop\all folders\tools\twitter cracker\10k most common.txt
c:\users\betrayed\desktop\all folders\tools\twitter cracker\proxy list.txt
c:\users\betrayed\desktop\all folders\tools\twitter cracker\read!.txt
c:\users\betrayed\desktop\all folders\tools\twitter cracker\twitter_cracker.exe
c:\users\betrayed\desktop\all folders\unsetteledbeats\videos\the nutcracker - arion.mp4
c:\users\betrayed\desktop\dbs\6004crackedpasses.txt
c:\users\betrayed\desktop\dbs\cracked notepadfriendly.txt
c:\users\betrayed\desktop\dbs\cracked.txt
c:\users\betrayed\desktop\dbs\rsboardscracked.txt
scanner sequence 3.ZZ.11.CCNAFZ
 ----- EOF ----- 

 


  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Why do you use cracked Software?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP