Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC May Be Infected? [Closed]


  • This topic is locked This topic is locked

#1
Betrayed

Betrayed

    Member

  • Member
  • PipPipPip
  • 119 posts

My PC freezes for 2 seconds ever now and again and some other weird things have happened and would like to get it check out.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Betrayed (administrator) on BETRAYED on 02-07-2015 16:44:26
Running from E:\Users\Betrayed\Desktop
Loaded Profiles: Betrayed (Available Profiles: Betrayed)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Apple Inc.) E:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) E:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Bogdan Sharkov) E:\Program Files (x86)\Clownfish\Clownfish.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(The Pidgin developer community) E:\Program Files (x86)\Pidgin\pidgin.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(QFX Software Corporation) E:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) E:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() E:\Program Files\Sublime Text 3\sublime_text.exe
() E:\Program Files\Sublime Text 3\plugin_host.exe
(TeamSpeak Systems GmbH) E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-07-22] (MSI)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe [113264 2015-04-28] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [KeyScrambler] => E:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-06-10] (QFX Software Corporation)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Spotify Web Helper] => C:\Users\Betrayed\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Spotify] => C:\Users\Betrayed\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [uTorrent] => C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe [1743952 2015-05-28] (BitTorrent Inc.)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Clownfish] => E:\Program Files (x86)\Clownfish\Clownfish.exe [1341192 2015-05-20] (Bogdan Sharkov)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2015-04-10]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> E:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (No File)
Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk [2015-05-02]
ShortcutTarget: Pidgin.lnk -> E:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-04-10]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-25] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-25] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\Java\jre1.8_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-25] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\Java\jre1.8_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{9478278C-078A-470A-8F6E-61393289D336}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{A0C7C18C-EAF9-4DB6-B1A5-46CFE9CB6313}: [DhcpNameServer] 192.168.1.1 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> E:\Program Files (x86)\Java\jre1.8_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> E:\Program Files (x86)\Java\jre1.8_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2539508601-3164617073-3378887811-1001: @hola.org/vlc,version=1.8.328 -> C:\Users\Betrayed\AppData\Local\Hola\firefox\app\vlc [2015-06-16] ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-25]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Heartbeat) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aailiojlhjbichheofhdpcongebcgcgm [2015-05-25]
CHR Extension: (Adblock Plus) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-29]
CHR Extension: (Tampermonkey) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-16]
CHR Extension: (Avast SafePrice) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-30]
CHR Extension: (Avast Online Security) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-25]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
OPR Extension: (2048 AI - bitcoin) - C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-06-16]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-25] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-25] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-22] ()
R2 Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 GfExperienceService; E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
R3 iPod Service; E:\Program Files\iPod\bin\iPodService.exe [643880 2015-04-07] (Apple Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 MbaeSvc; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 OpenVPNService; E:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-20] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 TeamViewer; E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-25] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-25] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-25] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-25] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-25] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [459544 2013-08-22] (Intel Corporation)
R1 ESProtectionDriver; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-11] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-25] (Avast Software)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2014-05-29] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [304128 2014-05-29] (VIA Technologies, Inc.)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.sys [X]
S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-02 16:44 - 2015-07-02 16:44 - 00000000 ____D C:\FRST
2015-07-02 12:23 - 2015-07-02 12:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\143B7953.sys
2015-06-28 10:51 - 2015-06-28 10:51 - 00000000 ____D E:\Program Files (x86)\Launcher
2015-06-28 10:51 - 2015-06-28 10:51 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\WS Launcher
2015-06-27 11:25 - 2015-06-27 11:25 - 00000823 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-27 00:17 - 2015-06-27 00:17 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-06-27 00:17 - 2015-05-19 04:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-27 00:17 - 2015-05-19 04:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-25 00:15 - 2015-06-25 00:15 - 00000000 ____D E:\Program Files (x86)\A3Launcher
2015-06-25 00:15 - 2015-06-25 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher
2015-06-22 12:44 - 2015-07-02 16:43 - 00001380 _____ C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Options.ini
2015-06-22 12:42 - 2015-07-02 14:45 - 00000299 _____ C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Login.ini
2015-06-22 10:57 - 2015-07-02 15:51 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Arma 3
2015-06-22 10:57 - 2015-06-23 22:53 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Arma 3 Launcher
2015-06-22 10:57 - 2015-06-22 10:57 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Bohemia_Interactive
2015-06-22 10:57 - 2015-06-22 10:57 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2015-06-21 23:41 - 2015-06-21 23:41 - 00000000 ____D E:\Program Files (x86)\Windows Grep
2015-06-21 23:41 - 2015-06-21 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Grep
2015-06-19 18:05 - 2015-06-25 00:26 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Maca134
2015-06-19 17:19 - 2015-06-19 17:19 - 00000778 _____ C:\Users\Public\Desktop\DayZLauncher.lnk
2015-06-19 17:19 - 2015-06-19 17:19 - 00000000 ____D E:\Program Files (x86)\DayZLauncher
2015-06-19 17:19 - 2015-06-19 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DayZLauncher
2015-06-19 17:18 - 2015-06-19 17:18 - 00000000 ____D C:\Users\Betrayed\AppData\Local\DayZCommander
2015-06-19 17:16 - 2015-06-19 17:16 - 00000000 ____D C:\Users\Betrayed\AppData\Local\ArmA 2
2015-06-19 17:16 - 2015-06-19 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-06-18 22:36 - 2015-06-19 17:16 - 00022596 _____ C:\Windows\DirectX.log
2015-06-18 22:36 - 2015-06-19 17:16 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-06-18 22:36 - 2015-06-18 22:36 - 00000000 ____D C:\Users\Betrayed\AppData\Local\ArmA 2 OA
2015-06-18 22:36 - 2015-06-18 22:36 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2015-06-18 20:56 - 2015-06-18 20:57 - 00000000 ____D C:\Users\Betrayed\AppData\Local\gtk-2.0
2015-06-17 10:21 - 2015-06-17 10:21 - 00000000 ____D E:\Program Files (x86)\KeyScrambler
2015-06-16 23:47 - 2015-06-24 17:47 - 00001456 _____ C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-16 22:58 - 2015-06-16 22:58 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Macromedia
2015-06-16 22:56 - 2015-07-02 16:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 22:56 - 2015-06-23 17:00 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-16 22:48 - 2015-06-17 14:10 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Hola
2015-06-16 22:48 - 2015-06-16 22:54 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Hola
2015-06-16 22:48 - 2015-06-16 22:48 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Mozilla
2015-06-16 22:48 - 2015-06-16 22:48 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Mozilla
2015-06-16 19:37 - 2015-06-16 19:37 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Gyazo
2015-06-16 19:36 - 2015-06-16 19:36 - 00003746 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-06-16 19:36 - 2015-06-16 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-06-16 18:17 - 2015-06-25 18:17 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1434475024
2015-06-16 18:17 - 2015-06-25 18:17 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-16 18:17 - 2015-06-16 18:17 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Opera Software
2015-06-16 18:17 - 2015-06-16 18:17 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Opera Software
2015-06-15 18:47 - 2015-06-15 18:47 - 00000000 ____D E:\Program Files (x86)\Clownfish
2015-06-15 18:47 - 2015-06-15 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
2015-06-14 14:54 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-14 14:54 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-14 14:54 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-14 14:54 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-14 14:54 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-14 14:54 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-14 14:54 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-14 14:54 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-14 14:54 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-14 14:54 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-14 14:54 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-14 14:54 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-14 14:54 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-14 14:54 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-14 14:54 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-14 14:54 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-14 14:54 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-14 14:54 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-14 14:54 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-14 14:54 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-14 14:54 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-14 14:54 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-14 14:54 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-14 14:54 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-14 14:54 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-14 14:54 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-14 14:54 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-14 14:54 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-14 14:54 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-14 14:54 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-14 14:54 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-14 14:54 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-14 14:54 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-14 14:54 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-14 14:54 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-14 14:54 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-14 14:54 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-14 14:54 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-14 14:54 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-14 14:54 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-14 14:54 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-14 14:54 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-14 14:54 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-14 11:05 - 2015-04-08 23:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-14 11:04 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-14 11:04 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-14 11:04 - 2015-05-22 14:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-14 11:04 - 2015-05-21 14:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-14 11:04 - 2015-05-21 14:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-14 11:04 - 2015-05-21 14:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-14 11:04 - 2015-05-21 14:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-14 11:04 - 2015-05-21 14:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-14 11:04 - 2015-05-21 14:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-14 11:04 - 2015-04-16 23:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-14 11:04 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-14 11:04 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-14 11:04 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-14 11:04 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-14 11:04 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-14 11:04 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-14 11:04 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-14 11:04 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-14 11:04 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-14 11:04 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-14 11:04 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-14 11:04 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-14 11:04 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-14 11:04 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-14 11:04 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-14 11:04 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-14 11:04 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-14 11:04 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-14 11:04 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-14 11:04 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-14 11:04 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-14 11:04 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-14 11:04 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-14 11:04 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-14 11:04 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-14 11:04 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-14 11:04 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-03 19:01 - 2015-06-03 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-03 10:49 - 2015-06-03 10:49 - 00000000 ____D C:\Users\Betrayed\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-02 16:43 - 2015-04-10 11:56 - 00000000 ____D E:\Program Files (x86)\Steam
2015-07-02 16:38 - 2015-04-10 23:15 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Skype
2015-07-02 16:35 - 2015-04-21 17:12 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\.purple
2015-07-02 16:31 - 2015-04-25 12:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-02 16:18 - 2015-04-10 23:24 - 00000400 _____ C:\Windows\Tasks\update-sys.job
2015-07-02 16:03 - 2015-04-10 04:47 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-02 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-02 15:29 - 2015-04-12 16:52 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\TS3Client
2015-07-02 14:57 - 2015-05-09 10:50 - 02053896 _____ C:\Windows\WindowsUpdate.log
2015-07-02 14:11 - 2015-04-10 23:24 - 00000400 _____ C:\Windows\Tasks\update-S-1-5-21-2539508601-3164617073-3378887811-1001.job
2015-07-02 12:23 - 2015-04-10 23:53 - 00016979 _____ C:\Windows\SysWOW64\Gms.log
2015-07-02 12:23 - 2015-04-10 13:44 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Adobe
2015-07-02 12:23 - 2015-04-10 04:47 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 22:58 - 2015-04-14 16:58 - 00000080 _____ C:\Users\Betrayed\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-01 22:54 - 2015-04-11 12:27 - 00000000 ____D E:\Program Files\Rockstar Games
2015-07-01 10:58 - 2014-03-18 16:26 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 10:52 - 2015-05-14 07:39 - 00002624 _____ C:\Windows\PFRO.log
2015-07-01 10:52 - 2015-05-09 13:32 - 00010626 _____ C:\Windows\setupact.log
2015-07-01 10:52 - 2015-04-10 21:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-01 10:52 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 18:25 - 2015-04-14 17:52 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Popcorn-Time
2015-06-28 13:14 - 2015-04-10 04:45 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2539508601-3164617073-3378887811-1001
2015-06-27 17:04 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-27 11:25 - 2015-04-25 12:10 - 00000000 ____D E:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-27 11:25 - 2015-04-25 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-27 00:18 - 2015-05-03 11:25 - 00001240 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-27 00:18 - 2015-04-10 21:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-27 00:12 - 2015-04-25 12:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-25 11:26 - 2015-04-10 17:20 - 00000000 ____D C:\Users\Betrayed\AppData\Local\CrashDumps
2015-06-24 15:57 - 2015-04-10 12:13 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\MultiBit
2015-06-24 12:36 - 2015-04-10 21:56 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-24 12:36 - 2015-04-10 21:56 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-24 12:36 - 2015-04-10 21:56 - 01320120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-24 12:36 - 2015-04-10 21:56 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-24 11:41 - 2015-04-25 13:46 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-24 10:54 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-22 12:37 - 2015-04-10 13:51 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-20 04:02 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 04:02 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 12:54 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-06-18 08:42 - 2015-04-25 12:10 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-04-25 12:10 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-04-25 12:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 10:21 - 2015-04-11 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-06-16 23:19 - 2015-04-16 17:05 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\vlc
2015-06-16 23:12 - 2015-04-12 16:14 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\uTorrent
2015-06-16 16:52 - 2015-04-10 14:29 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Spotify
2015-06-16 16:50 - 2015-04-10 14:26 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Spotify
2015-06-15 23:23 - 2013-08-22 15:44 - 05092312 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-15 23:22 - 2015-04-11 00:40 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-15 23:22 - 2015-04-11 00:39 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-15 23:22 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-15 23:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-06-15 23:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-06-15 23:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-15 23:22 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-15 23:19 - 2015-04-10 23:54 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-15 23:19 - 2015-04-10 23:54 - 00000000 ____D C:\Windows\system32\MRT
2015-06-15 23:04 - 2015-04-10 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-14 09:56 - 2015-04-25 12:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-03 19:01 - 2015-04-10 23:15 - 00000000 ____D C:\ProgramData\Skype
2015-06-03 14:43 - 2015-04-11 14:33 - 00224208 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys
 
==================== Files in the root of some directories =======
 
2015-03-11 12:18 - 2015-03-11 12:18 - 5519128 _____ (Piriform Ltd) E:\Program Files\Speccy.exe
2015-03-11 12:18 - 2015-03-11 12:18 - 7088408 _____ (Piriform Ltd) E:\Program Files\Speccy64.exe
2015-03-11 12:20 - 2015-03-11 12:20 - 0132336 _____ (Piriform Ltd) E:\Program Files\uninst.exe
2015-06-22 12:42 - 2015-07-02 14:45 - 0000299 _____ () C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Login.ini
2015-06-22 12:44 - 2015-07-02 16:43 - 0001380 _____ () C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Options.ini
2015-06-16 23:47 - 2015-06-24 17:47 - 0001456 _____ () C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-04-10 23:24 - 2015-04-10 23:24 - 0000003 _____ () C:\Users\Betrayed\AppData\Local\updater.log
2015-04-10 23:24 - 2015-04-23 14:22 - 0000424 _____ () C:\Users\Betrayed\AppData\Local\UserProducts.xml
2015-04-10 04:46 - 2015-04-10 04:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Betrayed\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.328.exe
C:\Users\Betrayed\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Betrayed\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Betrayed\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-29 11:27
 
==================== End of log ============================
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Betrayed at 2015-07-02 16:44:46
Running from E:\Users\Betrayed\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2539508601-3164617073-3378887811-500 - Administrator - Disabled)
Guest (S-1-5-21-2539508601-3164617073-3378887811-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2539508601-3164617073-3378887811-1003 - Limited - Enabled)
Betrayed (S-1-5-21-2539508601-3164617073-3378887811-1001 - Administrator - Enabled) => C:\Users\Betrayed
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
A3Launcher version 0.0.0.11 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.0.11 - Maca134)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.0.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CAM (HKLM-x32\...\{8E86129E-48D3-4814-8D2D-66221881F370}) (Version: 2.0.16 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chains (HKLM-x32\...\Steam App 11360) (Version:  - 2DEngine.com)
Chronicles of a Dark Lord: Episode II War of The Abyss (HKLM-x32\...\Steam App 341780) (Version:  - Kisareth Studios)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DayZLauncher version 0.0.0.15 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1) (Version: 0.0.0.15 - Maca134)
Dropbox (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
FileSeek 4.3 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 4.3.0.0 - Binary Fortress Software)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (x32 Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gyazo 2.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.7.0.0 - QFX Software Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Memories of a Vagabond (HKLM-x32\...\Steam App 307070) (Version:  - DarkElite)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)
MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenVPN 2.3.6-I603  (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Popcorn Time (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Popcorn Time) (Version:  - Popcorn Official)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2402 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.2.19 - Red Giant, LLC)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Killer Hornet: Resurrection (HKLM-x32\...\Steam App 271860) (Version:  - Flump Studios)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version:  - SkyGoblin)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{2F50AD39-44F4-48CB-94E4-5C5AEFB0DAC6}) (Version: 12.1.4 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.4 - Red Giant) Hidden
Trapcode Suite v12.1.7 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.7 - Red Giant, LLC)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version:  - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{4202CAFA-F8F9-4311-8A13-19DB48AAF5F7}) (Version: 2.2.1502.1633 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
14-06-2015 11:02:56 Scheduled Checkpoint
18-06-2015 22:36:05 Installed DirectX
22-06-2015 10:56:50 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
22-06-2015 10:56:52 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
28-06-2015 10:51:14 Installed WS Launcher
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00ADCC5F-EF6B-46E0-BEF7-8F8555FAD857} - System32\Tasks\{9160FE5B-F82C-4BFC-9992-9169DEA38B81} => pcalua.exe -a C:\Users\Betrayed\Downloads\multibit-0.5.18-windows-setup.exe -d C:\Users\Betrayed\Downloads
Task: {1DDD6182-A270-407B-A314-2353FAB5C130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {3CB3DD9D-BF09-4518-B1FB-353C279E3F4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {3D387587-856C-4071-BD8D-655D666AAFAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49494390-E068-4843-8D57-F2F61906D7F3} - System32\Tasks\AdobeAAMUpdater-1.0-Betrayed-Betrayed => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {49E4CEDB-1ECD-49F9-9421-93FC1C2C3A52} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {6B2B5D71-4DB2-4520-AA0C-868F29624658} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {6BD7BBCD-A8C5-4D4D-83CE-FE61B7F73161} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {875FBDFE-A2E3-4D15-AF2C-923943EFE397} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-15] (Microsoft Corporation)
Task: {93827CB0-3478-4578-AFB2-A4F271F49610} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {A460C119-86DB-4844-AB35-3DBFBE889A0B} - System32\Tasks\Opera scheduled Autoupdate 1434475024 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {C63368DB-141C-4A27-8B15-A2DC758DA40A} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.exe [2015-04-28] ()
Task: {D7A48855-C268-4A01-B6A1-9947A3A408B5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-04-30] ()
Task: {D9BF4303-F390-4856-AF2A-75411CD17DA8} - System32\Tasks\Red Giant Link => E:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {EABDB1D2-FA83-413A-AFD6-2EFC04CB1F32} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {EEF6461A-AB78-4D91-9D44-EB2A7374F248} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {F3F6DAD2-E6BA-45CB-8A98-D91586D3E3E3} - System32\Tasks\update-S-1-5-21-2539508601-3164617073-3378887811-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2539508601-3164617073-3378887811-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-20 04:27 - 2015-04-20 04:27 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-05 00:24 - 2015-02-05 00:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-02-11 15:13 - 2015-02-11 15:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-04-10 14:43 - 2015-05-12 04:30 - 00116368 _____ () E:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-06 13:25 - 2015-04-06 13:25 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-04-06 13:25 - 2015-04-06 13:25 - 00777920 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-02-11 15:12 - 2015-02-11 15:12 - 05739680 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-04-11 10:55 - 2015-03-26 18:23 - 05678848 _____ () E:\Program Files\Sublime Text 3\sublime_text.exe
2015-04-11 10:55 - 2015-03-26 16:17 - 00645632 _____ () E:\Program Files\Sublime Text 3\plugin_host.exe
2015-04-11 10:55 - 2015-03-18 13:49 - 01065472 _____ () E:\Program Files\Sublime Text 3\_hashlib.pyd
2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () E:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () E:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () E:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00102344 _____ () E:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00108488 _____ () E:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () E:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () E:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2015-06-16 23:09 - 2015-06-16 23:09 - 00210944 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\ClownfishForTeamspeak_win64.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00563656 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00579016 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () E:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-04-25 12:11 - 2015-04-25 12:11 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-25 12:11 - 2015-04-25 12:11 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-30 21:28 - 2015-06-30 21:28 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15063001\algo.dll
2015-07-02 13:39 - 2015-07-02 13:39 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15070200\algo.dll
2014-09-03 11:03 - 2014-09-03 11:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-11 10:08 - 2015-06-24 12:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-10 23:49 - 2014-10-29 04:59 - 01029952 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-04-10 23:49 - 2014-10-29 01:46 - 00531456 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2014-11-23 18:34 - 2014-11-23 18:34 - 00036878 _____ () E:\Program Files (x86)\Pidgin\libssp-0.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00671031 _____ () E:\Program Files (x86)\Pidgin\exchndl.dll
2015-04-21 17:11 - 2015-04-21 17:11 - 00904525 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2015-04-21 17:11 - 2015-04-21 17:11 - 00100352 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2015-04-21 17:11 - 2015-04-21 17:11 - 00279059 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2015-04-21 17:11 - 2015-04-21 17:11 - 00553382 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2015-04-21 17:11 - 2015-04-21 17:11 - 00216992 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2014-11-23 18:33 - 2014-11-23 18:33 - 01274655 _____ () E:\Program Files (x86)\Pidgin\libxml2-2.dll
2015-04-21 17:11 - 2015-04-21 17:11 - 00177586 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00475580 _____ () E:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00021075 _____ () E:\Program Files (x86)\Pidgin\plugins\.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00020997 _____ () E:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00013253 _____ () E:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00024924 _____ () E:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00015702 _____ () E:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00014147 _____ () E:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00018882 _____ () E:\Program Files (x86)\Pidgin\plugins\history.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00012865 _____ () E:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00019043 _____ () E:\Program Files (x86)\Pidgin\plugins\idle.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00018555 _____ () E:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00015074 _____ () E:\Program Files (x86)\Pidgin\plugins\libaim.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00311021 _____ () E:\Program Files (x86)\Pidgin\liboscar.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00092398 _____ () E:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00328186 _____ () E:\Program Files (x86)\Pidgin\plugins\libgg.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00016005 _____ () E:\Program Files (x86)\Pidgin\plugins\libicq.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00107365 _____ () E:\Program Files (x86)\Pidgin\plugins\libirc.dll
2014-11-23 18:33 - 2014-11-23 18:33 - 00190464 _____ () E:\Program Files (x86)\Pidgin\libsasl.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00374169 _____ () E:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00150598 _____ () E:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00106671 _____ () E:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00123540 _____ () E:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00116071 _____ () E:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00152852 _____ () E:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00171123 _____ () E:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 02097721 _____ () E:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00818985 _____ () E:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00055880 _____ () E:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00021337 _____ () E:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00417758 _____ () E:\Program Files (x86)\Pidgin\libjabber.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00022832 _____ () E:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00236666 _____ () E:\Program Files (x86)\Pidgin\libymsg.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00019793 _____ () E:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00047934 _____ () E:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00021795 _____ () E:\Program Files (x86)\Pidgin\plugins\markerline.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00013456 _____ () E:\Program Files (x86)\Pidgin\plugins\newline.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00029225 _____ () E:\Program Files (x86)\Pidgin\plugins\notify.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00017023 _____ () E:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2014-10-21 10:07 - 2014-10-21 10:07 - 00750080 _____ () E:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00029256 _____ () E:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00015380 _____ () E:\Program Files (x86)\Pidgin\plugins\psychic.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00015429 _____ () E:\Program Files (x86)\Pidgin\plugins\relnot.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00015045 _____ () E:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00069625 _____ () E:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00031993 _____ () E:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00012004 _____ () E:\Program Files (x86)\Pidgin\plugins\ssl.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00015978 _____ () E:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00030353 _____ () E:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00032020 _____ () E:\Program Files (x86)\Pidgin\plugins\ticker.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00018399 _____ () E:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00023851 _____ () E:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00029791 _____ () E:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00030771 _____ () E:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00037191 _____ () E:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00044494 _____ () E:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2014-11-23 18:33 - 2014-11-23 18:33 - 00102400 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2014-11-23 18:33 - 2014-11-23 18:33 - 00115712 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2014-11-23 18:33 - 2014-11-23 18:33 - 00140288 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2014-11-23 18:33 - 2014-11-23 18:33 - 00102912 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2014-11-23 18:33 - 2014-11-23 18:33 - 00102912 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2014-11-23 18:34 - 2014-11-23 18:34 - 00486400 _____ () E:\Program Files (x86)\Pidgin\sqlite3.dll
2015-04-21 17:11 - 2015-04-21 17:11 - 00090496 _____ () E:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2015-02-05 10:20 - 2015-02-05 10:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-02-15 14:58 - 2015-02-15 14:58 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-04-25 12:11 - 2015-04-25 12:11 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-15 18:38 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-15 18:38 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-15 18:38 - 2015-04-13 22:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "CAM"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8E2E117-012A-42B0-B3CD-90287E834962}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{90E5C2DB-8DCF-459D-84A1-C51CDCA91ECC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D7B371AF-8C27-4173-B35D-2C4C8790E34F}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3263CCF0-F2A6-40B3-B32B-FF7476B29939}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D470E135-01D0-4638-999C-F4C27CDBD72D}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FDE2379B-0317-421C-A06C-A2C7166F13C6}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C494CD36-DE80-4970-A5E1-6DAA9F0BB69B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C06926B8-6248-40C2-9BDF-4B994E084663}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BC0E8B0C-54CD-4AF3-802D-B524A9234BAF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63ACB157-203E-475B-8EDC-ACEAF3724063}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{216A1EA1-E7ED-4750-95F2-FA4FE52686FD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{48F232BF-D935-4859-B712-95EC5689D9D0}] => (Allow) LPort=9143
FirewallRules: [{7D973E54-F2C5-47E1-8BB3-C82E06996E64}] => (Allow) LPort=2333
FirewallRules: [{6A311AA3-1784-4C4B-A095-82FD2C61E836}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CFE6AF09-3421-4AB0-A6A9-C6275F1C409A}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{9ED3E9AF-6145-480E-BDB4-C97766836860}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F60C3A6D-AC9D-4CD2-ABC7-08D56DB73683}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EE040732-93AF-4F5C-A9D7-660A4D5E9994}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B64E2052-A8AA-4B4D-8A47-F1E1CD5119B4}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{87326815-01AF-4728-956D-CEACB38B2437}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{FB24A730-07BD-45EA-84C7-762F6483AED0}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{72C45C05-15DD-4A10-8C97-D94FACA9A178}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{39E9A74D-236F-4D09-B28F-8F0B9953F7F7}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A8CB3AC4-B596-4098-8BDB-5FD93BF6D5A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{74739A6C-AC79-469C-97FD-34040FE31808}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{15EAA3CE-C3E8-4A90-B081-78C6B513FBBF}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{EF5042D6-89E6-4CFA-B0C3-A0119B79B8A8}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{42919134-769E-48DB-BACD-DFAA15148D20}E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{1A2B136D-01A7-4096-8F0E-6078DDCE655D}E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{8B3E43CC-D9F7-47FA-AAE4-E044C817614D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{32518FF4-C6AA-440B-B354-818B4B1698E1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B1055E01-D234-4795-8711-D8D0296810CD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKHR.exe
FirewallRules: [{029F3F9D-44CA-4975-81D7-C8FB7DE0E09B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKHR.exe
FirewallRules: [{60397ED4-2612-4839-B833-0A105AB2447C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKH\Hornet.exe
FirewallRules: [{ADE8AF1E-7397-456A-8CB5-307CDBDB11E6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKH\Hornet.exe
FirewallRules: [{4BEFA1C0-AE20-498A-8ABF-31EE07C1FE5E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{7D3F3AF0-51B5-4BA5-A0DF-64FE9C2D1E14}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{1EFEAD88-785A-40DF-BFB2-C5B3316751B3}] => (Allow) C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{89BE488C-3534-4E2D-ADCF-F3F8B3293FA1}] => (Allow) C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A599A173-7DE9-4AAB-B1CA-229AC4AC605D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{9628B48C-00D1-4F91-A8F0-39E613058563}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{C9243AF8-347B-4FF7-8D5F-5291E9A5129F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{7701BB00-74C0-47E9-AA8D-906FB994EE12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{E2997306-E4DE-42EB-8669-8874CAA52104}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{1038621A-22E6-4014-9CC2-686DD83D4093}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{B210C0FF-594F-4CB1-A528-5A18311F24A4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{D2AE4A9F-D898-43BC-9B0B-C4479A54AA6A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{84E41612-EF44-4752-9E6D-DCB8E356DA71}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{D47515D6-BD38-46C4-82FE-7ACBAC58A62D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{B32C2FBE-32C7-4F74-A153-049F08B1AB32}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E6311432-2759-44FE-9D7C-ED8098D6AD69}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{D546BA07-6474-49F8-A53C-E2E5A6D01905}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FF56884A-AA1F-45C2-A741-1C051C00AD03}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [TCP Query User{350776E7-60FA-4667-88FC-CABF7A0FEA04}E:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{AF5ABCA7-FA83-4976-B975-BF0DEC9B1E01}E:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{5B73CB3F-00AC-4709-AD9A-F8B85C08284F}C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{4BA3805E-C2D1-425C-9518-1D5674B43B1A}C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{490B896A-F97E-4C99-8B80-559602824ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3B75800F-3659-4DF8-818F-CACCBD6E45F8}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E6D90B3E-74A1-46FE-BFC6-6EC50339E1F8}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8C882019-120F-469B-A5B8-7F4E11E78A49}] => (Block) E:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{E69EC084-2680-4CEA-BC1A-EEB4D43E9A89}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2292FCFB-19D7-480E-A1EE-E484296C9E39}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6F13BD1-F10F-4880-BAFB-F76BDFC93A3B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0113E25D-77DF-4933-911C-5C71767BA8FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E645933F-5010-47F5-AE4E-F061B809E131}] => (Allow) E:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E76A02FE-5151-46AD-A92D-18A4EBB2CF91}E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [UDP Query User{EB638B5E-1CAE-4804-A0D8-353DD81B1C47}E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [{183CC695-4E22-4653-82CC-C86502AA340D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C4363A8E-AEBC-41B4-A86B-64A832E2EF5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{41E363D5-4782-4DCA-B534-A285F3309F55}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{02365D05-0638-4E43-AFA7-10E29A92E1AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{90DCE75B-392F-4835-A4D9-2CFCC737CD25}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{547B3DD3-6EAF-48FE-BEB0-2F227BCC8EA7}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BBB49219-7417-46C2-B123-45E1A52A737C}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{06F794AB-FB08-45A6-8E8D-180D99FF8439}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12F67BFA-4818-4E32-A40C-F14D5FCC5216}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F67DB850-3B48-4CE4-A8EB-23870529F948}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{525590DB-153E-4E70-B00D-1B9F1063ACC6}] => (Allow) C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8FA5D15F-43AE-4D5F-825E-4A6F9A4B8452}] => (Allow) C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2A138DB1-7430-4100-9ECB-220837C83D0F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{F835258A-5B2A-4358-A9D6-15F960AC4DF3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{BC60B902-6923-49BA-9755-ED665D634766}] => (Allow) E:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [{FF668B07-461E-4351-B96B-578423CBB206}] => (Allow) E:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [TCP Query User{F7C1A733-E3DE-4E47-8B88-F5D5564CFF70}E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{42F50269-658D-42A5-8B5D-12D11A1382B7}E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{213C4C2A-D817-410F-A19C-D7382F3CAE8B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EE6B2B7B-04C5-435C-BF69-F1E925890765}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D9C0BB87-6631-451E-A49D-A1153ACE2E4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{6269ABB2-D946-4C13-B1CA-9D73232AE368}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{CB024652-B050-4B8C-984C-2975E9E8A14B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chains\Chains.exe
FirewallRules: [{81C7B5D4-820A-4D25-8EA0-2185E9FD5E8D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chains\Chains.exe
FirewallRules: [{81F90EFC-7603-49F0-9337-2CF6E7D92B2D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7D3E28FA-EFB0-4038-B5AC-8BB3C7E91BAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BED1FADD-8497-4C3C-9D59-4F73AB791823}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{92C430FE-DF5A-407A-989C-A41F29AD72F3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [TCP Query User{47C025E6-F3B7-441D-BD93-EFCBD3F6AE2C}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [UDP Query User{69C1A81F-DE95-4FE3-A015-BB63F818C866}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [{1ACC1901-8CC1-4DED-BA8E-045E6FF9C9A8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{FED9749B-1042-4CBC-B872-B140A1A5E3CB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7542DFE5-693F-4C8A-AE86-65BDA22F83F6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Journey Down\JourneyDown1.exe
FirewallRules: [{DA85D291-F488-40A8-87FA-A5A485A0C7FC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Journey Down\JourneyDown1.exe
FirewallRules: [{3302FAEB-8BCE-4574-BC3F-91A6A4BF797C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Memories of a Vagabond\GAME.exe
FirewallRules: [{1CE4B90D-6F47-4B13-B408-1F17FB7C5AFF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Memories of a Vagabond\GAME.exe
FirewallRules: [{1B5E7032-767C-4372-8C78-79DD9E13C53E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chronicles of a Dark Lord Episode II War of The Abyss\Game.exe
FirewallRules: [{CD2A081D-74A1-485B-9C8F-BD7E0C4D37A0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chronicles of a Dark Lord Episode II War of The Abyss\Game.exe
FirewallRules: [{C19D7B2E-78C4-494A-9545-7F00BF7257D9}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{45547BDD-25F9-4A84-9F53-12B2F22557A1}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{723BB638-6C0B-4A27-9D96-78556081DFFF}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{976B044B-066A-406E-8710-48BA51A19C36}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{CD535354-137A-494D-B29D-58923B75003B}] => (Allow) E:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{28A7E261-CD5E-47B2-9D34-2960218CC10C}] => (Allow) E:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{CADAA19D-3A24-426B-A0BB-C37F8C083FE7}] => (Allow) C:\Users\Betrayed\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{181D3AF4-DB2C-4BDA-92B1-4B6E1B11CB65}] => (Allow) C:\Users\Betrayed\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{5BDE6AD9-CA9B-402C-81BA-9CACA6BA0907}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{6B82759C-375F-4D79-B954-93BF6341647D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{D2E03C58-5D7A-43FF-A2BB-1B746B519755}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{CE84E952-9F07-46E5-BF15-59F61DCD93BD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{29BB4F5F-548D-4519-BB51-A8CE58A72161}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{0ECFF12C-BF1D-4513-AC2A-4E2EE52E1851}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [TCP Query User{DCD92225-9E3D-4658-92E5-F8D1B062C8BA}E:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) E:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [UDP Query User{F993DA4A-7726-4557-8942-F517E757734D}E:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) E:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [{48A9C57C-0D47-41EF-AA7E-F9C5E8D9C9D9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{F78A5E94-CB41-4F6E-8D92-575391541530}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{A8FF5192-8964-4BF5-8DC7-71AE9D777B7C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{62A36456-1D38-4D59-B7A7-E3FD102BEC3A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{24E2C22E-93DB-49C7-8F6A-DD3F1231C9E2}E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{91011715-B20D-402A-9075-F2B667E91710}E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{17F9878B-01A6-4E55-B381-FCCF83680E77}E:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) E:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [UDP Query User{214B746B-249A-481C-AE9C-41723DD1D328}E:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) E:\program files (x86)\a3launcher\a3launcher.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/29/2015 11:25:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program arma3.exe version 1.46.131.175 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a9cc
 
Start Time: 01d0b2ba518ab2fa
 
Termination Time: 4294967295
 
Application Path: E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe
 
Report Id: ca5f31ac-1ead-11e5-826f-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/29/2015 11:24:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program arma3.exe version 1.46.131.175 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a648
 
Start Time: 01d0b2ba4b122c30
 
Termination Time: 2
 
Application Path: E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe
 
Report Id: 9085335e-1ead-11e5-826f-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/29/2015 11:30:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (06/28/2015 01:23:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (06/28/2015 10:51:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable).
 
Error: (06/28/2015 10:51:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable).
 
Error: (06/27/2015 04:19:57 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (06/27/2015 00:24:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 42.0.2311.90 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 118b4
 
Start Time: 01d0b02bede3bdfe
 
Termination Time: 5
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 718e9722-1c5a-11e5-826f-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/27/2015 00:18:00 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (Failed continue stopping. [6]).
 
Error: (06/26/2015 07:51:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program arma3.exe version 1.46.131.175 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14e88
 
Start Time: 01d0b03c6d4327d0
 
Termination Time: 4294967295
 
Application Path: E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe
 
Report Id: 4a961121-1c34-11e5-826f-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/02/2015 02:07:44 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/02/2015 02:07:14 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/02/2015 00:43:47 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/02/2015 00:43:17 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/01/2015 01:05:13 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/01/2015 01:04:43 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/01/2015 11:46:00 AM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/01/2015 11:45:30 AM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/01/2015 10:52:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:03:06 on ‎01/‎07/‎2015 was unexpected.
 
Error: (06/30/2015 02:23:48 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office:
=========================
Error: (06/29/2015 11:25:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: arma3.exe1.46.131.1751a9cc01d0b2ba518ab2fa4294967295E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.execa5f31ac-1ead-11e5-826f-d8cb8a318c74
 
Error: (06/29/2015 11:24:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: arma3.exe1.46.131.1751a64801d0b2ba4b122c302E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe9085335e-1ead-11e5-826f-d8cb8a318c74
 
Error: (06/29/2015 11:30:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: RecoveryThe parameter is incorrect. (0x80070057)
 
Error: (06/28/2015 01:23:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: RecoveryThe parameter is incorrect. (0x80070057)
 
Error: (06/28/2015 10:51:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable)
 
Error: (06/28/2015 10:51:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable)
 
Error: (06/27/2015 04:19:57 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (06/27/2015 00:24:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe42.0.2311.90118b401d0b02bede3bdfe5C:\Program Files (x86)\Google\Chrome\Application\chrome.exe718e9722-1c5a-11e5-826f-d8cb8a318c74
 
Error: (06/27/2015 00:18:00 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/26/2015 07:51:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: arma3.exe1.46.131.17514e8801d0b03c6d4327d04294967295E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe4a961121-1c34-11e5-826f-d8cb8a318c74
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 24%
Total physical RAM: 16279.26 MB
Available physical RAM: 12324.68 MB
Total Pagefile: 18711.26 MB
Available Pagefile: 13671.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.37 GB) (Free:150.82 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.39 GB) (Free:611.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 

 


  • 0

Advertisements


#2
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

Can I get this looked about please...


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -


  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-



All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-


 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'm reviewing your topic now.


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Your logs look fairly clean but I do have some cautions and questions for you before we continue.

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent

 

Registry Cleaners

I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good. More info follows.
http://www.bleepingc...s/#entry2853053
http://miekiemoes.bl...weaking_13.html

 

 

Step#2 - Questions

1. It appears that a program named S3KLoader.exe ran from your F:\ drive at some point (possibly a USB drive that was plugged in). Are you familiar with this program? I also see some other things that could have been the result of an infected USB drive

 

S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]
S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]
S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]
S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]
 
2. Do you use a bitcoin program? I see that there is an Opera extension that is utilizing one. Just need to make sure.
OPR Extension: (2048 AI - bitcoin) - C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-06-16]
 
 

  • 0

#5
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

 

Your logs look fairly clean but I do have some cautions and questions for you before we continue.

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent

 

Registry Cleaners

I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good. More info follows.
http://www.bleepingc...s/#entry2853053
http://miekiemoes.bl...weaking_13.html

 

 

Step#2 - Questions

1. It appears that a program named S3KLoader.exe ran from your F:\ drive at some point (possibly a USB drive that was plugged in). Are you familiar with this program? I also see some other things that could have been the result of an infected USB drive

 

S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]
S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]
S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]
S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]
 
2. Do you use a bitcoin program? I see that there is an Opera extension that is utilizing one. Just need to make sure.
OPR Extension: (2048 AI - bitcoin) - C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-06-16]
 
 

 

Yes I used that program awhile ago and that plugin also are they harmful?


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

The Opera extension is fine as long as you were aware of it.

 

S3KLoader.exe is very questionable. We would have to submit this file to get scanned to be sure but if you no longer use I wouldn't worry about it. It does appear that your USB drive was infected however so if you still have that USB drive you probably should scan it.

 

OK, please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

 

Step#3 - Malwarebytes Scan


  • Open Malwarebytes as I see you already have it installed.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#4 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

 

Items for your next post

1. Adwcleaner log

2. Junkware log

3. Malwarebytes log 

 


  • 0

#7
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

Adwcleaner Log:

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 12:46:13
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Betrayed - BETRAYED
# Running from : E:\Users\Betrayed\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Betrayed\AppData\Local\Hola
Folder Deleted : C:\Users\Betrayed\AppData\Roaming\Hola
 
***** [ Scheduled tasks ] *****
 
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-2539508601-3164617073-3378887811-1001
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
-\\ Opera v30.0.1835.88
 
 
*************************
 
AdwCleaner[R0].txt - [1619 bytes] - [08/07/2015 12:45:26]
AdwCleaner[S0].txt - [1440 bytes] - [08/07/2015 12:46:13]
 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1499  bytes] ##########
 
 
 
 
Junkware Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.6 (07.08.2015:1)
OS: Windows 8.1 x64
Ran by Betrayed on 08/07/2015 at 12:49:55.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Betrayed\appdata\local\google\chrome\user data\default\local storage\hxxp_www.allthelyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\Betrayed\appdata\local\google\chrome\user data\default\local storage\hxxp_www.allthelyrics.com_0.localstorage-journal
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
~~~ Chrome
 
 
[C:\Users\Betrayed\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Betrayed\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Betrayed\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Betrayed\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/07/2015 at 12:53:21.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Log:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/07/2015
Scan Time: 12:57
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.08.03
Rootkit Database: v2015.07.07.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Betrayed
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376344
Time Elapsed: 8 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
Trojan.Agent, C:\ProgramData\Nimoru\GizmoSE, Quarantined, [d77c637c0783c47225b98dd79171857b], 
Backdoor.Bot, C:\ProgramData\Nimoru\LicenseSE, Quarantined, [2a29df00296148eed04dc5a51ce7c23e], 
Trojan.Agent.MSIL, E:\Users\Betrayed\Desktop\NanoCore.zip, Quarantined, [91c2954a8a00a591172e001fbd45af51], 
Backdoor.NanoCore, E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\NanoCore.zip, Quarantined, [ef64db04d5b586b0588083b3b056a060], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, a couple final scans please.

 

Step#1 - Security Check
 1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Step#2 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. Security Check log
2. Contents of the ESET log file

 


  • 0

#9
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

Security Check log:

 Results of screen317's Security Check version 1.005  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 18.0.0.203  
 Google Chrome 31.0.1650.59 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
ESET log:

C:\Users\Betrayed\AppData\Roaming\Skype\My Skype Received Files\New WinRAR ZIP archive.zip a variant of MSIL/Packed.Confuser.N suspicious application
C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Betrayed\AppData\Roaming\uTorrent\updates\3.4.3_39944.exe a variant of Win32/OpenCandy.C potentially unsafe application
E:\Downloads\Download Arrow S03E20 x264 Torrent - KickassTorrents.exe a variant of Win32/Adware.MultiPlug.JI application
E:\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Exploits\CVE 2014-4114-6352\Builder\dump Win32/Exploit.CVE-2014-4114.A trojan
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Exploits\CVE 2014-4114-6352\Server-Side\hihihi.png VBS/TrojanDownloader.Agent.NLT trojan
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\sjdb.zip multiple threats
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Adroid RAT\androrat-master.zip a variant of Android/Spy.AndroRAT.D trojan
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Stubs\Crypted.exe a variant of Win32/Injector.Autoit.BFG trojan
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Stubs\Cubex-Software.exe MSIL/NanoCore.B trojan
E:\Users\Betrayed\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Users\Betrayed\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

The following files have adware or malware within them. You should delete these unless you are keeping these for a reason.

 

E:\Downloads\Download Arrow S03E20 x264 Torrent - KickassTorrents.exe

E:\Users\Betrayed\Desktop\All Folders\Blackhat\Exploits\CVE 2014-4114-6352\Builder\dump
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Exploits\CVE 2014-4114-6352\Server-Side\hihihi.png
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\sjdb.zip
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Adroid RAT\androrat-master.zip
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Stubs\Crypted.exe
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Stubs\Cubex-Software
 
 
Is your computer still freezing?

  • 0

Advertisements


#11
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

 

The following files have adware or malware within them. You should delete these unless you are keeping these for a reason.

 

E:\Downloads\Download Arrow S03E20 x264 Torrent - KickassTorrents.exe

E:\Users\Betrayed\Desktop\All Folders\Blackhat\Exploits\CVE 2014-4114-6352\Builder\dump
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Exploits\CVE 2014-4114-6352\Server-Side\hihihi.png
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\sjdb.zip
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Adroid RAT\androrat-master.zip
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Stubs\Crypted.exe
E:\Users\Betrayed\Desktop\All Folders\Blackhat\Stuff\Stubs\Cubex-Software
 
 
Is your computer still freezing?

 

Yes it is but it has been freezing ever since I built it.


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK. Please do a Clean Boot and let me know if you have the same issues. This will at least narrow down your issue.


  • 0

#13
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

OK. Please do a Clean Boot and let me know if you have the same issues. This will at least narrow down your issue.

I think it has stopped but I am not too sure as it doesn't do it that often.


  • 0

#14
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

Also would you know why I can't type the EUR sign and other symbols when i used to be able to?


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

When you are in a Clean Boot state, all third party services/applications are disabled so we can determine if the issue you are having is Microsoft related or 3rd party related. It's usually the later. Or are you saying that you can no longer type them in Normal mode either?

 

My approach was to determine if things work in Clean Mode. If we can establish that then we can start other programs in batches to see which one is causing your issue.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP