Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC Infected, Very Slow and lots of problems. [Closed]

Started by Betrayed , Feb 07 2016 09:16 AM

This topic is locked

#1
Betrayed

Posted 07 February 2016 - 09:16 AM

Member

Member
119 posts

My PC has got very slow and freezes alot and when I launch my PC my keyboard doesn't work, programs are unpinned and just slow at times.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by Betrayed (administrator) on BETRAYED (07-02-2016 15:05:45)

Running from E:\Users\Betrayed\Desktop

Loaded Profiles: Betrayed (Available Profiles: Betrayed)

Platform: Windows 8.1 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Sandboxie Holdings, LLC) E:\Program Files\Sandboxie\SbieSvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Malwarebytes) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(Malwarebytes) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Bitdefender) E:\Program Files\Bitdefender Agent\ProductAgentService.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe

(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe

(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Bogdan Sharkov) E:\Program Files (x86)\Clownfish\Clownfish.exe

(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(The Pidgin developer community) E:\Program Files (x86)\Pidgin\pidgin.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe

(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe

(TeamSpeak Systems GmbH) E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

(ArmA Network) C:\Users\Betrayed\AppData\Local\Apps\2.0\BG60TL89.KOC\7GY1C07L.KZ3\arma..tion_5607ed5528cf4412_0000.0003_ad9361cc8e5ed46b\Arma Network Staff Tool.exe

() E:\Program Files\Sublime Text 3\sublime_text.exe

() E:\Program Files\Sublime Text 3\plugin_host.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) E:\Users\Betrayed\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)

HKLM\...\Run: [Bdagent] => E:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1643232 2016-02-04] (Bitdefender)

HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-07-22] (MSI)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)

HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe [113264 2015-04-28] ()

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)

HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13740864 2015-12-25] (Corsair Components, Inc.)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Spotify Web Helper] => C:\Users\Betrayed\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-30] (Spotify Ltd)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Spotify] => C:\Users\Betrayed\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-30] (Spotify Ltd)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [uTorrent] => C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Clownfish] => E:\Program Files (x86)\Clownfish\Clownfish.exe [1341192 2015-05-20] (Bogdan Sharkov)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3097912 2015-07-16] (Nota Inc.)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [SandboxieControl] => E:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Bitdefender Wallet Agent] => E:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1447328 2016-02-04] (Bitdefender)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [GoogleChromeAutoLaunch_C1BDF7A752CABCCEC37F2A5D7AA45B34] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2015-04-10]

ShortcutTarget: GIGABYTE OC_GURU.lnk -> E:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (No File)

Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk [2015-04-21]

ShortcutTarget: Pidgin.lnk -> E:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)

Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-04-10]

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

Tcpip\..\Interfaces\{9478278C-078A-470A-8F6E-61393289D336}: [DhcpNameServer] 10.211.254.254 8.8.8.8

Tcpip\..\Interfaces\{A0C7C18C-EAF9-4DB6-B1A5-46CFE9CB6313}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> E:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-02-04] (Bitdefender)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> E:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-02-04] (Bitdefender)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)

Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - E:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-02-04] (Bitdefender)

Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - E:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-02-04] (Bitdefender)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

FireFox:

========

FF ProfilePath: C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default

FF NetworkProxy: "socks", "127.0.0.1"

FF NetworkProxy: "socks_port", 9951

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()

FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> e:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)

FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File]

FF Plugin HKU\S-1-5-21-2539508601-3164617073-3378887811-1001: @hola.org/FlashPlayer -> C:\Users\Betrayed\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-12-27] ()

FF Plugin HKU\S-1-5-21-2539508601-3164617073-3378887811-1001: @hola.org/vlc -> C:\Users\Betrayed\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-12-27] (Hola)

FF user.js: detected! => C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js [2015-12-04]

FF Extension: Hola Better Internet - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-12-04] [not signed]

FF HKLM\...\Firefox\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff

FF Extension: Bitdefender Wallet - E:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]

FF HKLM\...\Thunderbird\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

FF Extension: Bitdefender Antispam Toolbar - E:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR Profile: C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Heartbeat) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aailiojlhjbichheofhdpcongebcgcgm [2016-02-06]

CHR Extension: (Google Drive) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]

CHR Extension: (uBlock Origin) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-12]

CHR Extension: (Steam inventory helper) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-02-01]

CHR Extension: (Tampermonkey) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-16]

CHR Extension: (Bitdefender Wallet) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-04]

CHR Extension: (LoungeDestroyer) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-01-31]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-12]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Opera:

=======

OPR Extension: (2048 AI - bitcoin) - C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-06-16]

StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1317920 2016-02-05] ()

R2 Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-10-03] (EasyAntiCheat Ltd)

R2 GfExperienceService; E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)

S3 iPod Service; E:\Program Files\iPod\bin\iPodService.exe [643880 2015-04-06] (Apple Inc.)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)

R2 MbaeSvc; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)

R2 MBAMScheduler; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)

R2 NvStreamSvc; E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)

S3 OpenVPNService; E:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)

S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-20] ()

R2 ProductAgentService; E:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-11-09] (Bitdefender)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()

R2 SbieSvc; E:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)

R2 UPDATESRV; E:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-02-04] (Bitdefender)

R2 VSSERV; E:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1695720 2016-02-04] (Bitdefender)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-02-04] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-02-04] (BitDefender)

S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC)

R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)

R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-07-06] (Corsair)

R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-07-06] (Corsair)

R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [459544 2013-08-22] (Intel Corporation)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R1 ESProtectionDriver; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()

S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-11] ()

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)

R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [271808 2015-10-22] (Bitdefender)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-07] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)

R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)

R3 NvStreamKms; E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)

R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-11-02] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)

R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)

R3 SbieDrv; E:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)

R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2014-05-29] (VIA Technologies, Inc.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [304128 2014-05-29] (VIA Technologies, Inc.)

R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]

S3 MSICDSetup; \??\D:\CDriver64.sys [X]

S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]

S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.sys [X]

S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 14:53 - 2016-02-07 14:53 - 00000000 ____D C:\ProgramData\bdch

2016-02-07 14:50 - 2016-02-07 14:50 - 00000000 ____D C:\Windows\LastGood.Tmp

2016-02-07 14:50 - 2015-12-18 06:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2016-02-07 14:50 - 2015-12-18 06:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2016-02-06 12:02 - 2016-02-06 12:02 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Matthew Cammack

2016-02-06 11:02 - 2016-02-06 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine

2016-02-05 23:01 - 2016-02-07 14:57 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Deployment

2016-02-05 23:01 - 2016-02-05 23:01 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Apps\2.0

2016-01-28 16:49 - 2016-01-28 16:49 - 00000000 ____D C:\Users\Betrayed\AppData\Local\arma3launcher

2016-01-23 18:41 - 2016-01-23 18:41 - 00417656 _____ C:\Windows\Minidump\012316-6125-01.dmp

2016-01-22 16:24 - 2016-01-22 16:24 - 00407696 _____ C:\Windows\Minidump\012216-8281-01.dmp

2016-01-15 17:55 - 2016-01-15 17:55 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\AnyDesk

2016-01-14 19:20 - 2016-01-14 19:20 - 00417704 _____ C:\Windows\Minidump\011416-7234-01.dmp

2016-01-12 18:33 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-01-12 18:33 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-01-12 18:33 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-01-12 18:33 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-01-12 18:33 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-01-12 18:33 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-01-12 18:33 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-01-12 18:33 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-01-12 18:33 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-01-12 18:33 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-01-12 18:33 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-01-12 18:33 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-01-12 18:33 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-01-12 18:33 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-01-12 18:33 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-01-12 18:33 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-01-12 18:33 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-01-12 18:33 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-01-12 18:33 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-01-12 18:33 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-01-12 18:33 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-01-12 18:32 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-01-12 18:32 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-01-12 18:32 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-01-12 18:32 - 2015-12-10 00:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-01-12 18:32 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-01-12 18:32 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL

2016-01-12 18:32 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2016-01-12 18:32 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll

2016-01-12 18:32 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-01-12 18:32 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-01-12 18:32 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2016-01-12 18:32 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-01-12 18:32 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2016-01-12 18:32 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-01-12 18:32 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2016-01-12 18:32 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-01-12 18:32 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2016-01-12 18:32 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-01-12 18:32 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-01-12 18:32 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-01-12 18:32 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-01-12 18:32 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2016-01-12 18:32 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2016-01-12 18:32 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2016-01-12 18:32 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-01-12 18:32 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-01-12 18:32 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-01-12 18:32 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2016-01-12 18:32 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-01-12 18:32 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2016-01-12 18:32 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL

2016-01-12 18:32 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL

2016-01-12 18:32 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL

2016-01-12 18:32 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-01-12 18:32 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-01-12 18:32 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-01-12 18:32 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-01-12 18:32 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL

2016-01-12 18:32 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-01-12 18:32 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-01-12 18:32 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-01-12 18:32 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2016-01-12 18:32 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2016-01-12 18:32 - 2015-11-17 21:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-01-12 18:32 - 2015-11-17 21:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-01-12 18:32 - 2015-11-17 21:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-01-12 18:32 - 2015-11-17 21:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-01-12 18:32 - 2015-11-17 21:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-01-12 18:32 - 2015-11-17 21:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-01-12 18:32 - 2015-11-17 21:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-01-12 18:31 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-01-10 19:45 - 2016-01-23 21:57 - 00000000 _____ C:\Windows\system32\symsrv.yes

2016-01-10 19:45 - 2010-02-01 12:26 - 00149264 _____ (Microsoft Corporation) C:\Windows\system32\symsrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 15:05 - 2015-07-02 15:44 - 00000000 ____D C:\FRST

2016-02-07 15:04 - 2015-04-21 16:12 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\.purple

2016-02-07 15:04 - 2015-04-10 22:15 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Skype

2016-02-07 15:00 - 2015-06-16 21:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-02-07 15:00 - 2015-04-12 15:52 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\TS3Client

2016-02-07 15:00 - 2014-03-18 15:26 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI

2016-02-07 15:00 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\Inf

2016-02-07 14:59 - 2015-04-10 03:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2539508601-3164617073-3378887811-1001

2016-02-07 14:55 - 2015-04-10 10:56 - 00000000 ____D E:\Program Files (x86)\Steam

2016-02-07 14:54 - 2016-01-04 13:30 - 00000000 ____D E:\Program Files\Bitdefender Agent

2016-02-07 14:54 - 2015-04-25 11:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-02-07 14:54 - 2015-04-10 03:47 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-02-07 14:54 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-02-07 14:53 - 2016-01-04 13:54 - 00005416 _____ C:\bdlog.txt

2016-02-07 14:53 - 2015-04-10 20:55 - 00000000 ____D C:\ProgramData\NVIDIA

2016-02-07 14:53 - 2013-08-22 14:44 - 05108320 _____ C:\Windows\system32\FNTCACHE.DAT

2016-02-07 14:52 - 2015-12-07 19:18 - 00000000 ____D E:\Program Files (x86)\ArmA3Sync

2016-02-07 14:50 - 2015-05-03 10:25 - 00001240 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2016-02-07 14:50 - 2015-04-10 20:56 - 00000000 ____D C:\Users\Betrayed\AppData\Local\NVIDIA

2016-02-07 14:49 - 2015-06-22 09:57 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Arma 3

2016-02-07 02:00 - 2015-04-10 12:44 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Adobe

2016-02-06 00:05 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

2016-02-04 18:00 - 2016-01-04 13:47 - 01622512 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2016-02-04 18:00 - 2016-01-04 13:47 - 00806344 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2016-02-03 21:30 - 2015-04-10 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2016-02-03 16:21 - 2015-04-10 03:47 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-02-03 16:21 - 2015-04-10 03:47 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-02-03 16:21 - 2015-04-10 03:47 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-02-02 17:50 - 2015-04-25 12:46 - 00000000 ____D E:\Program Files (x86)\Malwarebytes Anti-Exploit

2016-02-02 17:50 - 2015-04-25 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2016-02-02 16:08 - 2015-04-21 16:10 - 00000000 ____D E:\Program Files (x86)\TeamViewer

2016-01-31 18:00 - 2015-04-16 16:05 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\vlc

2016-01-31 00:38 - 2015-08-03 19:55 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Kodi

2016-01-30 16:48 - 2015-04-12 15:14 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\uTorrent

2016-01-30 01:09 - 2015-04-10 13:29 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Spotify

2016-01-30 00:01 - 2015-04-10 13:26 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Spotify

2016-01-25 22:08 - 2015-04-10 03:40 - 00000000 ____D C:\Users\Betrayed

2016-01-23 18:41 - 2016-01-06 18:06 - 985855717 _____ C:\Windows\MEMORY.DMP

2016-01-23 18:41 - 2016-01-06 18:06 - 00000000 ____D C:\Windows\Minidump

2016-01-22 15:06 - 2015-04-10 11:13 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\MultiBit

2016-01-22 07:34 - 2015-04-10 20:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-01-20 18:00 - 2015-06-16 21:56 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-18 16:11 - 2015-06-16 17:17 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1434475024

2016-01-17 14:44 - 2015-07-12 16:24 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Popcorn-Time

2016-01-16 22:40 - 2013-08-22 13:25 - 00524288 ___SH C:\Windows\system32\config\BBI

2016-01-16 14:43 - 2015-06-16 22:47 - 00001456 _____ C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs

2016-01-16 12:07 - 2015-04-10 22:36 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Steam

2016-01-16 10:46 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache

2016-01-14 17:06 - 2015-04-10 16:20 - 00000000 ____D C:\Users\Betrayed\AppData\Local\CrashDumps

2016-01-13 16:38 - 2015-04-10 22:54 - 00000000 ____D C:\Windows\system32\MRT

2016-01-13 16:38 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp

2016-01-13 16:35 - 2015-04-10 22:54 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-01-13 16:08 - 2015-04-10 23:40 - 00000000 ____D C:\Windows\system32\appraiser

2016-01-13 16:08 - 2015-04-10 23:39 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-01-12 20:52 - 2015-07-11 20:20 - 00000000 ____D E:\Program Files\Microsoft Silverlight

2016-01-12 20:52 - 2015-07-11 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-12 04:41 - 2015-04-10 20:56 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2016-01-12 04:41 - 2015-04-10 20:56 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2016-01-12 04:40 - 2015-12-12 16:10 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll

2016-01-12 04:40 - 2015-04-10 20:56 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2016-01-12 04:40 - 2015-04-10 20:56 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2016-01-10 10:49 - 2015-06-22 11:44 - 00001428 _____ C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Options.ini

2016-01-10 10:48 - 2015-06-22 11:42 - 00000299 _____ C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Login.ini

2016-01-09 22:31 - 2015-06-24 23:15 - 00000000 ____D E:\Program Files (x86)\A3Launcher

==================== Files in the root of some directories =======

2015-03-11 11:18 - 2015-03-11 11:18 - 5519128 _____ (Piriform Ltd) E:\Program Files\Speccy.exe

2015-03-11 11:18 - 2015-03-11 11:18 - 7088408 _____ (Piriform Ltd) E:\Program Files\Speccy64.exe

2015-03-11 11:20 - 2015-03-11 11:20 - 0132336 _____ (Piriform Ltd) E:\Program Files\uninst.exe

2015-08-01 18:15 - 2015-08-03 10:52 - 1305195 _____ () C:\Users\Betrayed\AppData\Roaming\betrayed_64

2015-06-22 11:42 - 2016-01-10 10:48 - 0000299 _____ () C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Login.ini

2015-06-22 11:44 - 2016-01-10 10:49 - 0001428 _____ () C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Options.ini

2015-06-16 22:47 - 2016-01-16 14:43 - 0001456 _____ () C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs

2015-04-10 22:24 - 2015-04-10 22:24 - 0000003 _____ () C:\Users\Betrayed\AppData\Local\updater.log

2015-04-10 22:24 - 2015-04-23 13:22 - 0000424 _____ () C:\Users\Betrayed\AppData\Local\UserProducts.xml

2016-01-04 13:50 - 2016-01-04 13:50 - 0446965 _____ () C:\ProgramData\1451915042.bdinstall.bin

2016-01-04 13:50 - 2016-01-04 13:50 - 0025195 _____ () C:\ProgramData\1451915433.bdinstall.bin

2015-04-10 03:46 - 2015-04-10 03:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\Betrayed\AppData\Local\Temp\jre-8u73-windows-au.exe

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-111245998542956962.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1253456626797902404.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1412846696644880414.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1440520569775886046.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1471686288845139108.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1683495992689326833.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1874918385351059390.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2100686014482540447.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2455322466488000003.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2705117525571670724.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2736496382671180839.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2848884564161006102.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2919936678550175579.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2961358643493967652.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-323658939420952436.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3268179402579937538.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-335683939568978591.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3497883224101723001.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3612746990006020070.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3671104878067891346.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3776525318055745051.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3961652157948308460.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4029853535959917301.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4107888132589466972.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4191168684766981478.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4235095613558760119.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4349427952035502245.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-43863652100297702.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-439374123962318816.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4436024373071105513.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4643628029364087025.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4720577687767026659.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4842291478356099424.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4952845521180315214.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5233545391045259365.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5304747888775046049.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5318653379476660814.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5370557034191717068.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5375369447946821270.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-553155765373614502.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5633581791584342253.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5723117086159797296.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5753741446567133124.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5780800118502889498.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5853367393452793077.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-587736537592633211.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6127282055530668689.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6165627990486352800.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6384744627394453180.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6428821434767350881.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6505315900421450335.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6537435473818368567.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-666861999459753198.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6726239095431869857.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6806107569156539777.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-723761713537886480.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7420921371556387581.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7497610747493954646.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-771110601147902386.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7954572179843792757.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7967742817074473271.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8211813947032956812.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8248720257651137789.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8309649802491550016.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8350975344954888887.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8430256544267640912.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-873994053633238838.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8856434969892993820.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-887026986167416624.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8894832034718400289.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-9216618400899385411.dll

C:\Users\Betrayed\AppData\Local\Temp\jshortcut-931187581747927075.dll

C:\Users\Betrayed\AppData\Local\Temp\ntddk.dll

C:\Users\Betrayed\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-07 13:43

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Betrayed (2016-02-07 15:06:05)

Running from E:\Users\Betrayed\Desktop

Windows 8.1 (X64) (2015-04-10 10:49:59)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2539508601-3164617073-3378887811-500 - Administrator - Disabled)

Guest (S-1-5-21-2539508601-3164617073-3378887811-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2539508601-3164617073-3378887811-1003 - Limited - Enabled)

Betrayed (S-1-5-21-2539508601-3164617073-3378887811-1001 - Administrator - Enabled) => C:\Users\Betrayed

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}

AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)

7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)

Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)

AIDA64 Extreme v5.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.60 - FinalWire Ltd.)

Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)

Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)

Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)

Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)

ArmA Network Staff Tool (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\919eb8f7efa297be) (Version: 0.3.0.2 - Matthew Cammack)

ArmA3Sync 1.5.72 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.72 - The [S.o.E] team)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version: - Ubisoft)

Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.0.0.2 - Electronic Arts)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )

BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)

Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)

Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)

Breaking Point (x32 Version: 5.0.2.9 - The Zombie Infection) Hidden

CAM (HKLM-x32\...\{8E86129E-48D3-4814-8D2D-66221881F370}) (Version: 2.0.16 - NZXT)

CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)

Chains (HKLM-x32\...\Steam App 11360) (Version: - 2DEngine.com)

Chronicles of a Dark Lord: Episode II War of The Abyss (HKLM-x32\...\Steam App 341780) (Version: - Kisareth Studios)

Corsair Utility Engine (HKLM-x32\...\{D826C227-7E74-415A-8B12-CAA2E26E2A31}) (Version: 1.14.43 - Corsair)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)

Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)

Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - 800 North and Digital Ranch)

Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)

Dropbox (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)

Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland)

FileSeek 4.3 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 4.3.0.0 - Binary Fortress Software)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)

GIGABYTE OC_GURU II (x32 Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)

Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)

Gyazo 3.1.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)

H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Daybreak Games)

H1Z1 Test Server (HKLM-x32\...\Steam App 362300) (Version: - )

HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )

Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)

Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)

Intel® Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)

Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)

iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Kodi (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Kodi) (Version: - XBMC-Foundation)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)

Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)

Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Memories of a Vagabond (HKLM-x32\...\Steam App 307070) (Version: - DarkElite)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 43.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-GB)) (Version: 43.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)

MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)

MultiBit Classic 0.5.19 (HKLM-x32\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)

MultiBit HD 0.1.3 (HKLM\...\6925-4794-5772-4956) (Version: 0.1.3 - Bitcoin Solutions Ltd)

Nether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)

NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 358.87 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )

Opera Stable 34.0.2036.25 (HKLM-x32\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)

Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)

Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )

pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)

Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden

Popcorn Time (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Popcorn Time) (Version: - Popcorn Official)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2402 - )

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)

Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.2.19 - Red Giant, LLC)

Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)

Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)

Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)

SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden

Skyperious 3.5 (HKLM-x32\...\Skyperious) (Version: 3.5 - Erki Suurjaak)

Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)

Spotify (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games)

Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)

Super Killer Hornet: Resurrection (HKLM-x32\...\Steam App 271860) (Version: - Flump Studios)

TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)

The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version: - SkyGoblin)

The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )

Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{2F50AD39-44F4-48CB-94E4-5C5AEFB0DAC6}) (Version: 12.1.4 - Red Giant)

Trapcode Suite 64-bit (Version: 12.1.4 - Red Giant) Hidden

Trapcode Suite v12.1.7 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.7 - Red Giant, LLC)

Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - )

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

WS Launcher (HKLM-x32\...\WS Launcher 30.0.4.3) (Version: 30.0.4.3 - WS.ARMA.SU)

WS Launcher (x32 Version: 30.0.4.3 - WS.ARMA.SU) Hidden

XSplit Broadcaster (HKLM-x32\...\{4202CAFA-F8F9-4311-8A13-19DB48AAF5F7}) (Version: 2.2.1502.1633 - SplitmediaLabs)

XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00ADCC5F-EF6B-46E0-BEF7-8F8555FAD857} - System32\Tasks\{9160FE5B-F82C-4BFC-9992-9169DEA38B81} => pcalua.exe -a C:\Users\Betrayed\Downloads\multibit-0.5.18-windows-setup.exe -d C:\Users\Betrayed\Downloads

Task: {18EB8C59-74CF-418C-BABA-B2174449CC1A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

Task: {1DDD6182-A270-407B-A314-2353FAB5C130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {292B3B60-5A4A-4DBB-8046-6C1350DD5EA3} - System32\Tasks\Opera scheduled Autoupdate 1434475024 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)

Task: {2E95C61A-764B-4264-A96D-FD984FAEF385} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)

Task: {32A6098A-5ABB-480F-84BC-CEA6A40053E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)

Task: {3CB3DD9D-BF09-4518-B1FB-353C279E3F4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)

Task: {3D387587-856C-4071-BD8D-655D666AAFAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {49494390-E068-4843-8D57-F2F61906D7F3} - System32\Tasks\AdobeAAMUpdater-1.0-Betrayed-Betrayed => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)

Task: {93827CB0-3478-4578-AFB2-A4F271F49610} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)

Task: {A37A0E27-879D-4C63-922C-1C637F19B785} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {C63368DB-141C-4A27-8B15-A2DC758DA40A} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.exe [2015-04-28] ()

Task: {D7A48855-C268-4A01-B6A1-9947A3A408B5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()

Task: {D9BF4303-F390-4856-AF2A-75411CD17DA8} - System32\Tasks\Red Giant Link => E:\Program Files (x86)\Red Giant Link\Red Giant Link.exe

Task: {DFDF0456-94F5-4F79-9AD5-0A31AF173669} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => E:\Program Files\Bitdefender Agent\WatchDog.exe [2015-11-09] (Bitdefender)

Task: {E1635A22-3455-4217-9870-3361FFEE44B8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2539508601-3164617073-3378887811-1001 => C:\Users\Betrayed\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-14] (Microsoft Corporation)

Task: {EEF6461A-AB78-4D91-9D44-EB2A7374F248} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {F8D1AD39-2D82-4FBE-9816-10268D8A5D9A} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()

Task: {F97457CA-7D59-4262-851E-E1FAE84A3582} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {FFD5F675-58E7-48C6-9127-7A163E413E9A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-04 13:47 - 2013-09-03 13:29 - 00101328 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll

2016-01-25 21:02 - 2016-01-25 21:02 - 01119064 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttpbr.mdl

2016-01-25 21:02 - 2016-01-25 21:02 - 00794832 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttpdsp.mdl

2016-01-25 21:02 - 2016-01-25 21:02 - 03038112 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttpph.mdl

2016-01-25 21:02 - 2016-01-25 21:02 - 01648408 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttprbl.mdl

2015-04-10 13:43 - 2015-11-02 13:22 - 00116528 _____ () E:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-02-11 14:13 - 2015-02-11 14:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-02-07 14:50 - 2016-01-12 04:43 - 00291264 _____ () E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2015-04-20 03:27 - 2015-04-20 03:27 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2015-11-05 00:11 - 2015-11-05 00:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2015-04-06 12:25 - 2015-04-06 12:25 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe

2015-04-06 12:25 - 2015-04-06 12:25 - 00777920 _____ () C:\Program Files\Rainmeter\Rainmeter.dll

2015-02-11 14:12 - 2015-02-11 14:12 - 05739680 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2014-02-28 09:14 - 2015-10-22 16:21 - 00175080 _____ () E:\Program Files\TeamSpeak 3 Client\quazip.dll

2014-08-04 13:43 - 2015-10-22 16:21 - 00103400 _____ () E:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll

2014-08-04 13:43 - 2015-10-22 16:21 - 00108008 _____ () E:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll

2015-12-07 19:32 - 2015-06-16 22:09 - 00210944 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\ClownfishForTeamspeak_win64.dll

2015-12-07 19:32 - 2015-10-22 16:21 - 00312296 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll

2015-12-07 19:32 - 2015-12-05 20:04 - 00025600 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\last_channel_win64.dll

2016-01-04 14:54 - 2016-01-04 14:54 - 00486912 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\soundboard.dll

2015-12-07 19:32 - 2015-06-10 11:28 - 04018176 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\task_force_radio_win64.dll

2015-12-07 19:32 - 2015-10-22 16:21 - 00483816 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll

2014-06-05 13:48 - 2015-09-24 17:21 - 00317440 _____ () E:\Program Files\TeamSpeak 3 Client\ssleay32.dll

2014-06-05 13:48 - 2015-09-24 17:21 - 01709056 _____ () E:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll

2015-04-11 09:55 - 2015-03-26 17:23 - 05678848 _____ () E:\Program Files\Sublime Text 3\sublime_text.exe

2015-04-11 09:55 - 2015-03-26 15:17 - 00645632 _____ () E:\Program Files\Sublime Text 3\plugin_host.exe

2015-04-11 09:55 - 2015-03-18 12:49 - 01065472 _____ () E:\Program Files\Sublime Text 3\_hashlib.pyd

2015-04-11 09:08 - 2016-01-12 04:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-04-10 22:49 - 2014-10-29 03:59 - 01029952 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll

2015-04-10 22:49 - 2014-10-29 00:46 - 00531456 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL

2014-11-23 17:34 - 2014-11-23 17:34 - 00036878 _____ () E:\Program Files (x86)\Pidgin\libssp-0.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00671031 _____ () E:\Program Files (x86)\Pidgin\exchndl.dll

2015-04-21 16:11 - 2015-04-21 16:11 - 00904525 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll

2015-04-21 16:11 - 2015-04-21 16:11 - 00100352 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll

2015-04-21 16:11 - 2015-04-21 16:11 - 00279059 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll

2015-04-21 16:11 - 2015-04-21 16:11 - 00553382 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll

2015-04-21 16:11 - 2015-04-21 16:11 - 00216992 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll

2014-11-23 17:33 - 2014-11-23 17:33 - 01274655 _____ () E:\Program Files (x86)\Pidgin\libxml2-2.dll

2015-04-21 16:11 - 2015-04-21 16:11 - 00177586 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00475580 _____ () E:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00021075 _____ () E:\Program Files (x86)\Pidgin\plugins\.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00020997 _____ () E:\Program Files (x86)\Pidgin\plugins\autoaccept.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00013253 _____ () E:\Program Files (x86)\Pidgin\plugins\buddynote.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00024924 _____ () E:\Program Files (x86)\Pidgin\plugins\convcolors.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00015702 _____ () E:\Program Files (x86)\Pidgin\plugins\extplacement.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00014147 _____ () E:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00018882 _____ () E:\Program Files (x86)\Pidgin\plugins\history.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00012865 _____ () E:\Program Files (x86)\Pidgin\plugins\iconaway.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00019043 _____ () E:\Program Files (x86)\Pidgin\plugins\idle.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00018555 _____ () E:\Program Files (x86)\Pidgin\plugins\joinpart.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00015074 _____ () E:\Program Files (x86)\Pidgin\plugins\libaim.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00311021 _____ () E:\Program Files (x86)\Pidgin\liboscar.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00092398 _____ () E:\Program Files (x86)\Pidgin\plugins\libbonjour.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00328186 _____ () E:\Program Files (x86)\Pidgin\plugins\libgg.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00016005 _____ () E:\Program Files (x86)\Pidgin\plugins\libicq.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00107365 _____ () E:\Program Files (x86)\Pidgin\plugins\libirc.dll

2014-11-23 17:33 - 2014-11-23 17:33 - 00190464 _____ () E:\Program Files (x86)\Pidgin\libsasl.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00374169 _____ () E:\Program Files (x86)\Pidgin\plugins\libmsn.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00150598 _____ () E:\Program Files (x86)\Pidgin\plugins\libmxit.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00106671 _____ () E:\Program Files (x86)\Pidgin\plugins\libmyspace.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00123540 _____ () E:\Program Files (x86)\Pidgin\plugins\libnovell.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00116071 _____ () E:\Program Files (x86)\Pidgin\plugins\libsametime.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00152852 _____ () E:\Program Files (x86)\Pidgin\libmeanwhile-1.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00171123 _____ () E:\Program Files (x86)\Pidgin\plugins\libsilc.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 02097721 _____ () E:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00818985 _____ () E:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00055880 _____ () E:\Program Files (x86)\Pidgin\plugins\libsimple.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00021337 _____ () E:\Program Files (x86)\Pidgin\plugins\libxmpp.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00417758 _____ () E:\Program Files (x86)\Pidgin\libjabber.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00022832 _____ () E:\Program Files (x86)\Pidgin\plugins\libyahoo.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00236666 _____ () E:\Program Files (x86)\Pidgin\libymsg.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00019793 _____ () E:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00047934 _____ () E:\Program Files (x86)\Pidgin\plugins\log_reader.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00021795 _____ () E:\Program Files (x86)\Pidgin\plugins\markerline.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00013456 _____ () E:\Program Files (x86)\Pidgin\plugins\newline.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00029225 _____ () E:\Program Files (x86)\Pidgin\plugins\notify.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00017023 _____ () E:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll

2014-10-21 09:07 - 2014-10-21 09:07 - 00750080 _____ () E:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00029256 _____ () E:\Program Files (x86)\Pidgin\plugins\pidginrc.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00015380 _____ () E:\Program Files (x86)\Pidgin\plugins\psychic.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00015429 _____ () E:\Program Files (x86)\Pidgin\plugins\relnot.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00015045 _____ () E:\Program Files (x86)\Pidgin\plugins\sendbutton.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00069625 _____ () E:\Program Files (x86)\Pidgin\plugins\spellchk.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00031993 _____ () E:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00012004 _____ () E:\Program Files (x86)\Pidgin\plugins\ssl.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00015978 _____ () E:\Program Files (x86)\Pidgin\plugins\statenotify.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00030353 _____ () E:\Program Files (x86)\Pidgin\plugins\themeedit.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00032020 _____ () E:\Program Files (x86)\Pidgin\plugins\ticker.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00018399 _____ () E:\Program Files (x86)\Pidgin\plugins\timestamp.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00023851 _____ () E:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00029791 _____ () E:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00030771 _____ () E:\Program Files (x86)\Pidgin\plugins\winprefs.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00037191 _____ () E:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00044494 _____ () E:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll

2014-11-23 17:33 - 2014-11-23 17:33 - 00102400 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll

2014-11-23 17:33 - 2014-11-23 17:33 - 00115712 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll

2014-11-23 17:33 - 2014-11-23 17:33 - 00140288 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll

2014-11-23 17:33 - 2014-11-23 17:33 - 00102912 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll

2014-11-23 17:33 - 2014-11-23 17:33 - 00102912 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll

2014-11-23 17:34 - 2014-11-23 17:34 - 00486400 _____ () E:\Program Files (x86)\Pidgin\sqlite3.dll

2015-04-21 16:11 - 2015-04-21 16:11 - 00090496 _____ () E:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll

2015-04-15 17:38 - 2015-04-13 21:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll

2015-04-15 17:38 - 2015-04-13 21:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll

2015-10-01 06:28 - 2015-10-01 06:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

2015-02-15 13:58 - 2015-02-15 13:58 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll

2015-12-25 15:22 - 2015-12-25 15:22 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll

2015-12-25 15:20 - 2015-12-25 15:20 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll

2015-12-25 15:19 - 2015-12-25 15:19 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll

2015-02-15 13:58 - 2015-02-15 13:58 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll

2015-02-15 13:58 - 2015-02-15 13:58 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll

2016-02-03 16:29 - 2015-12-15 05:54 - 00782336 _____ () E:\Program Files (x86)\Steam\SDL2.dll

2016-02-03 16:29 - 2015-07-03 16:12 - 04962816 _____ () E:\Program Files (x86)\Steam\v8.dll

2016-02-05 23:45 - 2016-02-04 21:02 - 02546768 _____ () E:\Program Files (x86)\Steam\video.dll

2016-02-03 16:29 - 2015-07-03 16:12 - 01556992 _____ () E:\Program Files (x86)\Steam\icui18n.dll

2016-02-03 16:29 - 2015-07-03 16:12 - 01187840 _____ () E:\Program Files (x86)\Steam\icuuc.dll

2016-02-03 16:29 - 2015-09-24 00:33 - 02549248 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll

2016-02-03 16:29 - 2015-09-24 00:33 - 00491008 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll

2016-02-03 16:29 - 2015-09-24 00:33 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll

2016-02-03 16:29 - 2015-09-24 00:33 - 00442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll

2016-02-03 16:29 - 2015-09-24 00:33 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll

2016-02-05 23:45 - 2016-02-04 21:01 - 00802896 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL

2016-02-03 16:29 - 2015-12-30 01:51 - 00208896 _____ () E:\Program Files (x86)\Steam\bin\openvr_api.dll

2016-02-03 16:29 - 2016-01-06 01:52 - 48387872 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll

2016-02-03 16:29 - 2015-09-24 23:56 - 00119208 _____ () E:\Program Files (x86)\Steam\winh264.dll

2014-09-03 10:03 - 2014-09-03 10:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com

IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com

IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com

IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com

IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\hola.org -> hxxp://hola.org

IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2016-02-07 14:54 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "CAM"

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "EADM"

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Spotify Web Helper"

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "SandboxieControl"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{E8E2E117-012A-42B0-B3CD-90287E834962}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{90E5C2DB-8DCF-459D-84A1-C51CDCA91ECC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [TCP Query User{C494CD36-DE80-4970-A5E1-6DAA9F0BB69B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{C06926B8-6248-40C2-9BDF-4B994E084663}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{BC0E8B0C-54CD-4AF3-802D-B524A9234BAF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{63ACB157-203E-475B-8EDC-ACEAF3724063}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{216A1EA1-E7ED-4750-95F2-FA4FE52686FD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{48F232BF-D935-4859-B712-95EC5689D9D0}] => (Allow) LPort=9143

FirewallRules: [{7D973E54-F2C5-47E1-8BB3-C82E06996E64}] => (Allow) LPort=2333

FirewallRules: [{6A311AA3-1784-4C4B-A095-82FD2C61E836}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{CFE6AF09-3421-4AB0-A6A9-C6275F1C409A}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [TCP Query User{9ED3E9AF-6145-480E-BDB4-C97766836860}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{F60C3A6D-AC9D-4CD2-ABC7-08D56DB73683}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{EE040732-93AF-4F5C-A9D7-660A4D5E9994}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{B64E2052-A8AA-4B4D-8A47-F1E1CD5119B4}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{87326815-01AF-4728-956D-CEACB38B2437}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [{FB24A730-07BD-45EA-84C7-762F6483AED0}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [TCP Query User{72C45C05-15DD-4A10-8C97-D94FACA9A178}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{39E9A74D-236F-4D09-B28F-8F0B9953F7F7}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe

FirewallRules: [{A8CB3AC4-B596-4098-8BDB-5FD93BF6D5A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [{74739A6C-AC79-469C-97FD-34040FE31808}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe

FirewallRules: [TCP Query User{15EAA3CE-C3E8-4A90-B081-78C6B513FBBF}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{EF5042D6-89E6-4CFA-B0C3-A0119B79B8A8}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [TCP Query User{42919134-769E-48DB-BACD-DFAA15148D20}E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe

FirewallRules: [UDP Query User{1A2B136D-01A7-4096-8F0E-6078DDCE655D}E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe

FirewallRules: [{8B3E43CC-D9F7-47FA-AAE4-E044C817614D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{32518FF4-C6AA-440B-B354-818B4B1698E1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{B1055E01-D234-4795-8711-D8D0296810CD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKHR.exe

FirewallRules: [{029F3F9D-44CA-4975-81D7-C8FB7DE0E09B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKHR.exe

FirewallRules: [{60397ED4-2612-4839-B833-0A105AB2447C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKH\Hornet.exe

FirewallRules: [{ADE8AF1E-7397-456A-8CB5-307CDBDB11E6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKH\Hornet.exe

FirewallRules: [{4BEFA1C0-AE20-498A-8ABF-31EE07C1FE5E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe

FirewallRules: [{7D3F3AF0-51B5-4BA5-A0DF-64FE9C2D1E14}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe

FirewallRules: [{1EFEAD88-785A-40DF-BFB2-C5B3316751B3}] => (Allow) C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{89BE488C-3534-4E2D-ADCF-F3F8B3293FA1}] => (Allow) C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A599A173-7DE9-4AAB-B1CA-229AC4AC605D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe

FirewallRules: [{9628B48C-00D1-4F91-A8F0-39E613058563}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe

FirewallRules: [{C9243AF8-347B-4FF7-8D5F-5291E9A5129F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{7701BB00-74C0-47E9-AA8D-906FB994EE12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{E2997306-E4DE-42EB-8669-8874CAA52104}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe

FirewallRules: [{1038621A-22E6-4014-9CC2-686DD83D4093}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe

FirewallRules: [{B210C0FF-594F-4CB1-A528-5A18311F24A4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe

FirewallRules: [{D2AE4A9F-D898-43BC-9B0B-C4479A54AA6A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe

FirewallRules: [{84E41612-EF44-4752-9E6D-DCB8E356DA71}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe

FirewallRules: [{D47515D6-BD38-46C4-82FE-7ACBAC58A62D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe

FirewallRules: [{B32C2FBE-32C7-4F74-A153-049F08B1AB32}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{E6311432-2759-44FE-9D7C-ED8098D6AD69}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{D546BA07-6474-49F8-A53C-E2E5A6D01905}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe

FirewallRules: [{FF56884A-AA1F-45C2-A741-1C051C00AD03}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe

FirewallRules: [TCP Query User{350776E7-60FA-4667-88FC-CABF7A0FEA04}E:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\program files\rockstar games\grand theft auto v\gta5.exe

FirewallRules: [UDP Query User{AF5ABCA7-FA83-4976-B975-BF0DEC9B1E01}E:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\program files\rockstar games\grand theft auto v\gta5.exe

FirewallRules: [TCP Query User{5B73CB3F-00AC-4709-AD9A-F8B85C08284F}C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [UDP Query User{4BA3805E-C2D1-425C-9518-1D5674B43B1A}C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [{490B896A-F97E-4C99-8B80-559602824ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{3B75800F-3659-4DF8-818F-CACCBD6E45F8}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{E6D90B3E-74A1-46FE-BFC6-6EC50339E1F8}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe

FirewallRules: [{8C882019-120F-469B-A5B8-7F4E11E78A49}] => (Block) E:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe

FirewallRules: [{E69EC084-2680-4CEA-BC1A-EEB4D43E9A89}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{2292FCFB-19D7-480E-A1EE-E484296C9E39}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D6F13BD1-F10F-4880-BAFB-F76BDFC93A3B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0113E25D-77DF-4933-911C-5C71767BA8FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E645933F-5010-47F5-AE4E-F061B809E131}] => (Allow) E:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{E76A02FE-5151-46AD-A92D-18A4EBB2CF91}E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe

FirewallRules: [UDP Query User{EB638B5E-1CAE-4804-A0D8-353DD81B1C47}E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe

FirewallRules: [{183CC695-4E22-4653-82CC-C86502AA340D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{C4363A8E-AEBC-41B4-A86B-64A832E2EF5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{41E363D5-4782-4DCA-B534-A285F3309F55}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{02365D05-0638-4E43-AFA7-10E29A92E1AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{525590DB-153E-4E70-B00D-1B9F1063ACC6}] => (Allow) C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{8FA5D15F-43AE-4D5F-825E-4A6F9A4B8452}] => (Allow) C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{2A138DB1-7430-4100-9ECB-220837C83D0F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe

FirewallRules: [{F835258A-5B2A-4358-A9D6-15F960AC4DF3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe

FirewallRules: [{BC60B902-6923-49BA-9755-ED665D634766}] => (Allow) E:\Program Files (x86)\Origin Games\BFH\bfh.exe

FirewallRules: [{FF668B07-461E-4351-B96B-578423CBB206}] => (Allow) E:\Program Files (x86)\Origin Games\BFH\bfh.exe

FirewallRules: [TCP Query User{F7C1A733-E3DE-4E47-8B88-F5D5564CFF70}E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{42F50269-658D-42A5-8B5D-12D11A1382B7}E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{213C4C2A-D817-410F-A19C-D7382F3CAE8B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{EE6B2B7B-04C5-435C-BF69-F1E925890765}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{D9C0BB87-6631-451E-A49D-A1153ACE2E4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe

FirewallRules: [{6269ABB2-D946-4C13-B1CA-9D73232AE368}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe

FirewallRules: [{CB024652-B050-4B8C-984C-2975E9E8A14B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chains\Chains.exe

FirewallRules: [{81C7B5D4-820A-4D25-8EA0-2185E9FD5E8D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chains\Chains.exe

FirewallRules: [{81F90EFC-7603-49F0-9337-2CF6E7D92B2D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{7D3E28FA-EFB0-4038-B5AC-8BB3C7E91BAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{BED1FADD-8497-4C3C-9D59-4F73AB791823}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe

FirewallRules: [{92C430FE-DF5A-407A-989C-A41F29AD72F3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe

FirewallRules: [TCP Query User{47C025E6-F3B7-441D-BD93-EFCBD3F6AE2C}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe

FirewallRules: [UDP Query User{69C1A81F-DE95-4FE3-A015-BB63F818C866}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe

FirewallRules: [{1ACC1901-8CC1-4DED-BA8E-045E6FF9C9A8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{FED9749B-1042-4CBC-B872-B140A1A5E3CB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{7542DFE5-693F-4C8A-AE86-65BDA22F83F6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Journey Down\JourneyDown1.exe

FirewallRules: [{DA85D291-F488-40A8-87FA-A5A485A0C7FC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Journey Down\JourneyDown1.exe

FirewallRules: [{3302FAEB-8BCE-4574-BC3F-91A6A4BF797C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Memories of a Vagabond\GAME.exe

FirewallRules: [{1CE4B90D-6F47-4B13-B408-1F17FB7C5AFF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Memories of a Vagabond\GAME.exe

FirewallRules: [{1B5E7032-767C-4372-8C78-79DD9E13C53E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chronicles of a Dark Lord Episode II War of The Abyss\Game.exe

FirewallRules: [{CD2A081D-74A1-485B-9C8F-BD7E0C4D37A0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chronicles of a Dark Lord Episode II War of The Abyss\Game.exe

FirewallRules: [{C19D7B2E-78C4-494A-9545-7F00BF7257D9}] => (Allow) F:\S3KLoader.exe

FirewallRules: [{45547BDD-25F9-4A84-9F53-12B2F22557A1}] => (Allow) F:\S3KLoader.exe

FirewallRules: [{723BB638-6C0B-4A27-9D96-78556081DFFF}] => (Allow) F:\S3KLoader.exe

FirewallRules: [{976B044B-066A-406E-8710-48BA51A19C36}] => (Allow) F:\S3KLoader.exe

FirewallRules: [{5BDE6AD9-CA9B-402C-81BA-9CACA6BA0907}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe

FirewallRules: [{6B82759C-375F-4D79-B954-93BF6341647D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe

FirewallRules: [{D2E03C58-5D7A-43FF-A2BB-1B746B519755}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe

FirewallRules: [{CE84E952-9F07-46E5-BF15-59F61DCD93BD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe

FirewallRules: [{29BB4F5F-548D-4519-BB51-A8CE58A72161}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe

FirewallRules: [{0ECFF12C-BF1D-4513-AC2A-4E2EE52E1851}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe

FirewallRules: [TCP Query User{DCD92225-9E3D-4658-92E5-F8D1B062C8BA}E:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) E:\program files (x86)\dayzlauncher\dayzlauncher.exe

FirewallRules: [UDP Query User{F993DA4A-7726-4557-8942-F517E757734D}E:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) E:\program files (x86)\dayzlauncher\dayzlauncher.exe

FirewallRules: [{48A9C57C-0D47-41EF-AA7E-F9C5E8D9C9D9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{F78A5E94-CB41-4F6E-8D92-575391541530}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{A8FF5192-8964-4BF5-8DC7-71AE9D777B7C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe

FirewallRules: [{62A36456-1D38-4D59-B7A7-E3FD102BEC3A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe

FirewallRules: [TCP Query User{24E2C22E-93DB-49C7-8F6A-DD3F1231C9E2}E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe

FirewallRules: [UDP Query User{91011715-B20D-402A-9075-F2B667E91710}E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe

FirewallRules: [TCP Query User{17F9878B-01A6-4E55-B381-FCCF83680E77}E:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) E:\program files (x86)\a3launcher\a3launcher.exe

FirewallRules: [UDP Query User{214B746B-249A-481C-AE9C-41723DD1D328}E:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) E:\program files (x86)\a3launcher\a3launcher.exe

FirewallRules: [{251542A1-516B-4471-8DE2-2078B2A5EDD8}] => (Allow) E:\Program Files\Hola\app\hola_updater.exe

FirewallRules: [{F3D80361-135A-4F9A-B37D-E90FB5452AD4}] => (Allow) E:\Program Files\Hola\app\hola_updater.exe

FirewallRules: [{19E1188B-5B7C-4348-A6B7-734941D01C3C}] => (Allow) C:\Users\Betrayed\AppData\Local\Hola\firefox\app\hola_plugin.exe

FirewallRules: [{50EB8B45-0829-49CC-B84A-950AA5D618C8}] => (Allow) C:\Users\Betrayed\AppData\Local\Hola\firefox\app\hola_plugin.exe

FirewallRules: [TCP Query User{FD0C32DF-C4E7-471B-B18F-342DDF7452FD}E:\users\Betrayed\appdata\local\popcorn time\nw.exe] => (Allow) E:\users\Betrayed\appdata\local\popcorn time\nw.exe

FirewallRules: [UDP Query User{6A233C4A-6000-4ECF-9FF0-A94F23E9CFF2}E:\users\Betrayed\appdata\local\popcorn time\nw.exe] => (Allow) E:\users\Betrayed\appdata\local\popcorn time\nw.exe

FirewallRules: [{B00441B6-0855-4E01-B556-5FCD2F06928C}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{EE0A3081-EA1C-45C1-9B77-EA6EDB2F6356}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{C119053F-EDAF-4809-A3AA-A5FC79CD63FF}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{1BD8AA89-0815-4358-8EE3-99354657D5C5}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{C30F52C1-5866-41E3-A4D5-41307465AC90}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [TCP Query User{7856FE51-8EB2-4A3A-8B17-85B201994C18}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{0796D3C5-1348-4624-8E03-FC36FE2705A7}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe

FirewallRules: [{A613385E-B8C1-4FC5-9E2F-E8825E8DAAC5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe

FirewallRules: [{71DA221B-1F2D-4FF7-8FB4-56D503441A26}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe

FirewallRules: [{2C6740B2-6073-4977-ACF2-E46E23F8C3AD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [{64308333-5821-4CB6-B6E0-A161DC8CB05D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [{CE46178F-18AD-4406-B51F-EB0EE5000586}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe

FirewallRules: [{E46CE599-CF6D-4E48-95B6-2612A1D8E476}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe

FirewallRules: [{05FE6087-5B19-45DD-9291-922673FCE88B}] => (Allow) C:\Users\Betrayed\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{256C02C3-4873-46A6-9E27-BDF3915E5887}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{FCA9C43B-727D-41DB-A819-5BF329CA2A07}] => (Allow) LPort=2869

FirewallRules: [{672A0318-DBA6-41C6-82C8-9BE9C2EDA8BE}] => (Allow) LPort=1900

FirewallRules: [{62EB95A0-3BEE-4EA9-8025-4C5E5BFBAC93}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{D5E06514-BBD1-4941-9E18-27348E68BD1E}] => (Allow) LPort=27016

FirewallRules: [{AF85B44C-4663-4523-8FD8-2D31E11D3061}] => (Allow) LPort=27016

FirewallRules: [{4CF0C985-06CC-4583-8812-23E6EDD44FAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [{4FF5646C-CC6F-4BD5-BB44-3DAFCCA6C04A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [{4D7FB2C0-40A3-4C35-A727-6A4E5C914F13}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe

FirewallRules: [{0E3FAA91-25A0-4D45-BD09-023284E7CE46}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe

FirewallRules: [{3806ADDA-DB3C-469E-8296-3606E4C12D18}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe

FirewallRules: [{C7105973-6A01-4A36-91EB-84FCF2C6C1A7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe

FirewallRules: [{16D42176-D35C-4DCB-A97D-CA8108F38746}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{8BCE8E35-40A5-4EB9-A0EC-1C4C85CF74E5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{36FF49E3-CB53-4132-B133-05F5B0702395}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe

FirewallRules: [{632995C4-CA89-48EA-87C6-AF3A13AAFC3D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe

FirewallRules: [{929FFDE2-54C6-4C85-BA75-48363B66F81E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe

FirewallRules: [{1A9053C3-3814-4D22-9AA3-B256DBBEC34B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe

FirewallRules: [{607F6133-56BA-4F40-BBD7-B2E4E5F34D3C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe

FirewallRules: [{068C319C-79E1-4429-BD9A-6289093A99FE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe

FirewallRules: [{574A5FBB-2831-4695-94B1-39E93ECEF0D4}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{60B5F74D-28E0-4003-BC87-132C1F79DF3A}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{7546EB80-B4EF-44FF-959E-09E51C484CD1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{2CB3E631-2238-43AD-8E09-71EB93BEA73D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{9C0BDA21-57E0-45BD-B407-0C9CA9473CF8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [{F725EAE0-8C96-475B-8C20-230527EB55E3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [{2D68345F-B912-4F97-83EE-A2B54C4739C7}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{4FA4ACE0-E4E3-4135-9B3B-4976A4E534DD}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{A44DD786-7858-45D8-A0E2-84BAB504CBD7}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{7E62355D-4A49-4995-8B66-024214A17333}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{46D19AD9-A79B-4FB8-AAD2-094DC27A8BE9}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0B614996-5824-407C-A3CC-99B17AF5606B}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

21-01-2016 17:03:20 Scheduled Checkpoint

29-01-2016 23:50:45 Scheduled Checkpoint

06-02-2016 10:59:42 Removed Corsair Utility Engine

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/07/2016 02:52:43 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program ts3client_win64.exe version 3.0.18.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b90

Start Time: 01d161b396217078

Termination Time: 3

Application Path: E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

Report Id: 6fc8b3f9-cdaa-11e5-82b2-d8cb8a318c74

Faulting package full name:

Faulting package-relative application ID:

Error: (02/07/2016 02:46:10 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d04

Start Time: 01d161b329417dc0

Termination Time: 425

Application Path: UNKNOWN

Report Id: 845e963b-cda9-11e5-82b2-d8cb8a318c74

Faulting package full name:

Faulting package-relative application ID:

Error: (02/07/2016 02:26:49 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 3fb8

Start Time: 01d16196addf93a9

Termination Time: 6

Application Path: E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

Report Id: d1d39408-cda6-11e5-82b2-d8cb8a318c74

Faulting package full name:

Faulting package-relative application ID:

Error: (02/07/2016 02:23:37 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: ab8

Start Time: 01d161b28ad57a14

Termination Time: 175

Application Path: UNKNOWN

Report Id: 5818576e-cda6-11e5-82b2-d8cb8a318c74

Faulting package full name:

Faulting package-relative application ID:

Error: (02/07/2016 01:47:36 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (02/06/2016 03:11:20 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (02/06/2016 03:11:20 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/06/2016 10:59:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:

0xC0000039 (unresolvable).

Error: (02/06/2016 10:59:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:

0xC0000039 (unresolvable).

Error: (02/04/2016 09:10:30 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program arma3launcher.exe version 1.3.133.746 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c68

Start Time: 01d15f9047dd06a4

Termination Time: 4294967295

Application Path: E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe

Report Id: b77a7a77-cb83-11e5-82b2-d8cb8a318c74

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (02/07/2016 01:44:39 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/07/2016 01:44:09 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/07/2016 02:04:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/06/2016 05:14:52 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/06/2016 03:11:43 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/06/2016 02:02:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/05/2016 11:45:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error:

%%1053

Error: (02/05/2016 11:45:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (02/04/2016 10:33:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/04/2016 04:31:49 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

==================== Memory info ===========================

Processor: Intel® Core™ i7-5820K CPU @ 3.30GHz

Percentage of memory in use: 22%

Total physical RAM: 16279.26 MB

Available physical RAM: 12584.09 MB

Total Virtual: 32663.26 MB

Available Virtual: 28370.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.37 GB) (Free:112.45 GB) NTFS

Drive e: (Data) (Fixed) (Total:931.39 GB) (Free:320.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#2
Essexboy

Posted 07 February 2016 - 11:27 AM

GeekU Moderator

Retired Staff
69,964 posts

This may be a hardware problem in part with the keyboard not working

Is F drive a USB that you use ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File]
FF user.js: detected! => C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js [2015-12-04]
FF Extension: Hola Better Internet - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-12-04] [not signed]
S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]
S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]
S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]
S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]
2016-02-07 14:53 - 2016-02-07 14:53 - 00000000 ____D C:\ProgramData\bdch
Task: {32A6098A-5ABB-480F-84BC-CEA6A40053E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
F:\wTnEgyJXCow.sys
F:\nvZqRK643hnvZq.sys
F:\MvriXS68f.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.
Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

Right-click on icon and select Run as Administrator to start the tool
It will ask you for an extraction place - make sure you will unpack it to your desktop
After the extraction, the tool should start itself (no action required)
On the Introduction screen click Next
On the Update screen click Update
When prompted about the succesful update, click Next
On the Scan System screen, make sure that all three options
- Drivers
- Sectors
- System
are checked for scanning and press Scan.

Wait patiently and don't do anything on your machine while MBAR goes through your system!

If no infection is found, just close the tool.
If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.

When finished (either with or without cleanup), please navigate to the MBAR directory.
Search there for these two files:
> mbar-log-date(time).txt
> system-log.txt
Please include the content of both files in your reply.

#3
Betrayed

Posted 07 February 2016 - 01:08 PM

Member

Topic Starter
Member
119 posts

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Betrayed (2016-02-07 18:44:23) Run:1

Running from E:\Users\Betrayed\Desktop

Loaded Profiles: Betrayed (Available Profiles: Betrayed)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [AdobeBridge] => [X]

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File]

FF user.js: detected! => C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js [2015-12-04]

FF Extension: Hola Better Internet - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-12-04] [not signed]

S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]

S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]

S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]

S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]

2016-02-07 14:53 - 2016-02-07 14:53 - 00000000 ____D C:\ProgramData\bdch

Task: {32A6098A-5ABB-480F-84BC-CEA6A40053E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)

F:\wTnEgyJXCow.sys

F:\nvZqRK643hnvZq.sys

F:\MvriXS68f.sys

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully

HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.

"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc,version=1.8.747" => key removed successfully

FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File] => not found.

C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js => not found.

C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack => not found.

3ouuJHBhq => service removed successfully

MvriXS68f => service removed successfully

nvZqRK643hnvZq => service removed successfully

wTnEgyJXCow => service removed successfully

C:\ProgramData\bdch => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{32A6098A-5ABB-480F-84BC-CEA6A40053E0}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A6098A-5ABB-480F-84BC-CEA6A40053E0}" => key removed successfully

C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully

"F:\wTnEgyJXCow.sys" => not found.

"F:\nvZqRK643hnvZq.sys" => not found.

"F:\MvriXS68f.sys" => not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {12D28C8C-6A44-4C94-AD63-F2E1E797B17E}.

{206D3A9A-3BE5-4104-86AB-277368DFBB75} canceled.

1 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 12 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 18:44:51 ====

Mbar log #1:

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org

Database version:

main: v2016.02.07.04

rootkit: v2016.01.20.01

Windows 8.1 x64 NTFS

Internet Explorer 11.0.9600.18161

Betrayed :: BETRAYED [administrator]

07/02/2016 18:49:17

mbar-log-2016-02-07 (18-49-17).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 372666

Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\ProgramData\Nimoru\LicenseSE (Backdoor.Bot) -> Delete on reboot. [8060114cd5c456e00e5953d68c76db25]

E:\Users\Jamie\Desktop\RAT\NanoCore\client.bin (Backdoor.NanoCore) -> Delete on reboot. [31af2b32b9e0c86ec86ceaca8081629e]

E:\Users\Jamie\Desktop\RAT\NanoCore\ClientPlugin.dll (Trojan.Agent.MSIL) -> Delete on reboot. [7d6364f93960a6904adcd01705fb16ea]

E:\Users\Jamie\Desktop\RAT\NanoCore\NanoCore.exe (Backdoor.NanoCore) -> Delete on reboot. [4799d18c1b7e9d998f05338ed92811ef]

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Mbar log #2:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.3.1001

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18161

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 3.300000 GHz

Memory total: 17070043136, free: 13562175488

Downloaded database version: v2016.02.07.04

Downloaded database version: v2016.01.20.01

Downloaded database version: v2016.02.05.02

=======================================

Initializing...

------------ Kernel report ------------

02/07/2016 18:49:11

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\werkernel.sys

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\trufos.sys

\SystemRoot\system32\DRIVERS\FLTMGR.SYS

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\storahci.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Wof.sys

\SystemRoot\system32\DRIVERS\avc3.sys

\SystemRoot\system32\DRIVERS\gzflt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\intelpep.sys

\SystemRoot\system32\DRIVERS\ignis.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\??\E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\bdvedisk.sys

\SystemRoot\system32\DRIVERS\ahcache.sys

\SystemRoot\system32\DRIVERS\tap0901.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\system32\DRIVERS\TeeDriverx64.sys

\SystemRoot\system32\DRIVERS\e1d64x64.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\drivers\xhcdrv.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\asmtxhci.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\drivers\UEFI.sys

\SystemRoot\system32\drivers\nvvad64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\drivers\NdisVirtualBus.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\CorsairVBusDriver.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\system32\drivers\xspltspk.sys

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\System32\drivers\ViaHub3.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\asmthub3.sys

\SystemRoot\system32\drivers\SiUSBXp.sys

\SystemRoot\system32\drivers\SiLib.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_storahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\system32\drivers\nvvadarm.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\drivers\rzendpt.sys

\SystemRoot\System32\drivers\rzudd.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\??\E:\Program Files\Sandboxie\SbieDrv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\avckf.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\??\C:\Windows\system32\drivers\rzpmgrk.sys

\??\C:\Windows\system32\drivers\rzpnk.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\Drivers\iqvw64e.sys

\??\C:\Windows\system32\drivers\mwac.sys

\??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\??\E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys

\SystemRoot\System32\drivers\CorsairVHidDriver.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

----------- End -----------

Done!

Scan started

Database versions:

main: v2016.02.07.04

rootkit: v2016.01.20.01

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffe0015c003470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffe0015c1c2040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe0015c003470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffe0015bdf7060, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 0

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 4260247079

GPT Header CurrentLba = 1 BackupLba 488397167

GPT Header FirstUsableLba 34 LastUsableLba 488397134

GPT Header Guid ec13ece9-ceba-4a53-8f69-f414f8eafca2

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 4260247079

Backup GPT header CurrentLba = 488397167 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 488397134

Backup GPT header Guid ec13ece9-ceba-4a53-8f69-f414f8eafca2

Backup GPT header Contains 128 partition entries starting at LBA 488397135

Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

Partition ID 3fad585b-9665-4141-80f4-c6d4b5b1ed84

FirstLBA 2048 Last LBA 616447

Attributes 1

Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

Partition ID e163f737-29e0-4e84-8422-2aca866c19

FirstLBA 616448 Last LBA 819199

Attributes 0

Partition Name EFI system partition

GPT Partition 1 is bootable

Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID b21d8ddc-7537-46f1-86f5-54e0709850d6

FirstLBA 819200 Last LBA 1081343

Attributes 0

Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID 57fbfa4-ea0f-42cb-a956-b2b22dbabbd2

FirstLBA 1081344 Last LBA 488396799

Attributes 0

Partition Name Basic data partition

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffe0015c1c2770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffe0015c1c1040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe0015c1c2770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xffffe0015bdf64b0, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 0

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 1086525638

GPT Header CurrentLba = 1 BackupLba 1953525167

GPT Header FirstUsableLba 34 LastUsableLba 1953525134

GPT Header Guid af1226bd-d72f-453c-a0cd-271cefd7444

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 1086525638

Backup GPT header CurrentLba = 1953525167 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134

Backup GPT header Guid af1226bd-d72f-453c-a0cd-271cefd7444

Backup GPT header Contains 128 partition entries starting at LBA 1953525135

Backup GPT header Partition entry size = 128

Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID 7eef73b4-c9a1-450d-95d0-468e867cf0d5

FirstLBA 34 Last LBA 262177

Attributes 0

Partition Name Microsoft reserved partition

Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID dddfec41-fd32-4a67-bb7d-74132ded367f

FirstLBA 264192 Last LBA 1953523711

Attributes 0

Partition Name Basic data partition

Disk Size: 1000204886016 bytes